Setting up secondary DNS

lefty431
lefty431 used Ask the Experts™
on
I have a 2 windows 2000 servers.  1 is an exchang 2003 and DC and DNS.  the other is a data server that is also a DC.

We have a new 2003 server that is setup as a DC.

How can I either transfer all dns services to the new 2003 server or add it as a secondary DNS server?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Go the new server control panel windows componeents and install DNS makre sure that you chose the option Active diretory integrated.
Also on the new server NIC->TCP/IP properties.Point the DNS server to the server IP address.
Add the new server in the DHCP scope options.
http://support.microsoft.com/kb/323417 

Author

Commented:
can I leave both functioning as a primary and a secondary?  just add the new server to the secondary on the clients?

on the clients, in addition to having the active Dir DNS servers in the list, should I also have the ISP dns server in the list?

the problem we are having is if the active directory dns server goes off line for whatever reason, no one can get to the internet.  
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Yeah you can have both the DNS servers running.
No don't add the ISP dns servers.
On the 2nd DNS server add your ISP dns servers as forwarders and it should fix the problem.I guess the Old DNS server has already got ISP dns servers as forwarders.

Author

Commented:
it doesn not have any ISP dns servers as forwarders.  

we have had an issue though when this server needs to be rebooted and all of the clients are stuck.  they can't do a thing on the internet.  Just looking for a way to shore that up a bit.
It seems we are awaiting response.

Author

Commented:
a response for what?
On you primary DNS server check the network properties.Does it have a 2nd DNS server as ISP?I am not sure how you are getting to internet with this DNS server
Can you add ISP dns server as a forwarder in the 2nd dns server and you should be fine with only this DNS server on the network.

Author

Commented:
I am not sure on the first dns server either.  I would think from the gateway?  I think the router has some dns server information in it form the ISP.  

I will do it on the 2nd dns server as you suggested in the morning and see if I can get it to work.
Well, so many recommendations - wer u able to impliment any ?? did you get your solution ?
Commented:
I think there are going to be hidden problem we are going to come across on this post. So, I am going to assist when needed. Let me know if I can help.

Author

Commented:
In a normal active directory.  can some one walk me through the routing?

clients look at PDC as DNS.  DNS looks at Gateway, gateway has ISP DNS listed?

Clients look at DNS server for DNS Query (this could be your PDC / BDC / stand along box)
For gateway - ideally it should point to your router / switch.

DC would look at forwarding packets to Gateway (same as above).
For DNS Query using DNS Forwarding query in DNS Console ISP DNS is added.

Router would forward the network traffic to your firewall or outside world as per your settings.

Author

Commented:
if I put the ISP dns in the client boxes then none of them work with Active Directory very well..  should the DC still be the primary dns?

my overall goal is to configure things so if I loose a DC, the clients can still get to the internet...
if I put the ISP dns in the client boxes then none of them work with Active Directory very well..  should the DC still be the primary dns

Using ISP DNS is never recommended on client machines for reasons.
1) ISP DNS will not help you client box with your internal Active Directory day-2-day query.
2) If your Primary DNS fails - Client will start sending query for every task related to AD and you would end up with hundreds of account lockouts soon.

What is the point for client to go to the internet if their AD authentication does not succeed, I would suggest have one more AD server as a secondary DNS box and work towards adding it as secondary DNS server rather than depending on ISP Boxes.


Author

Commented:
So if the first DNS server fails, the second would continue to work correct/

so in my configuration I need to take one of the AD servers, add DNS and sync it up.  then on the clients add the IP of the second dns server to the clients.

if the first server goes out, internet will continue to work?

the problem now is that the first dns server is a little flaky.  sometimes it freezes and when this happens no client can get to the internet.  I would just like to safe guard against that.
"So if the first DNS server fails, the second would continue to work correct/

so in my configuration I need to take one of the AD servers, add DNS and sync it up.  then on the clients add the IP of the second dns server to the clients.

if the first server goes out, internet will continue to work?"

Answer: YES

Commented:
@ Exchange Geek:

He is adding a 2003 domain server to a 2000 server environment. Maybe we need to back up a little and Domain prep/Forest prep this domain for mixed mode and then add the 2003 server as a domain controller. Then, replicate the data across.

I think the problem with replicating the data is you have a mixed mode environment that was not prepped. This was the hidden problem I was anticipating.
Top Expert 2012

Commented:
Also, I would recommend updating the Foreset level to native to place a 2003 DC on a 2000 domain. I have seen multiple problems with a mixed mode forest and 2003 DCs.

Here is a good link to DNS forwarding. You should never have external DNS servers within your internal domains clients' and servers' TCP\IP properties.

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

Commented:
I agree with you dariusq:

I usually don't Forest/domain prep. Instead I usually build a new domain and move my NAS over. That starts us off fresh with new AD, DNS and DHCP databases. My mail servers are separate entities, not even on the domain.

If we were to prep this domain for the 2003 server, then replicate the data, I agree in thinking we should make it a 2003 server native mode domain. But we need to get the data off the 2000 domain that is currently active. Since I don't prep the domains when updating, what do you recommend? (example: these steps?)

1) forest prep/domain prep the 2000 server
2) DCPromo the 2003 server
3) transfer roles to the 2003 server
4) replicate the Data to the 2003 server
5) demote the 2000 servers
6) Forest prep back to native mode on the 2003 servers.  
Top Expert 2012

Commented:
Everything seems good except I would put number one as raise 2000 mix mode forest level to 2000 native mode before doing any adprep on the domain.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial