Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Installing DNS on the additional DC???

Posted on 2009-05-06
6
247 Views
Last Modified: 2012-05-06
Dears,

I need to have a redundancy to my DNS. I have 2 DC's as follow:

One act as the main DC and DNS configured on it and the another DC act as its additional but without DNS.
Dears,

I need to have a redundancy to my DNS. I have 2 DC's as follow:

One act as the main DC and DNS configured on it and the another DC act as its additional but without DNS.

I need to configure a secondary DNS on the additional DC. Is it recommended to create
I need to configure a secondary DNS on the additional DC. Is it recommended to create it as an active directory integrated or secondary zone pointing to the primary one only?

Please recommend a solution for me?
0
Comment
Question by:bateg
6 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 300 total points
ID: 24312563
No need to get boggged don in "Primary" and "Secondary". If you are using AD Integrated DNS (the default), then all you have to do is add the DNS server service on the second DC, DNS will rplicate along with AD and tou will in essence have multiple primary DNS servers.

You will of course need to configure the clients to use on DNS server as the preferred DNS server and the other as the alternate DNS server. - The DCs should use themselves as their own preferred DNS server and each other as alternate.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24314294
In addition to install DNS service on your second DC, you need to create the exact same zone name(s) on your secondary DNS and configure them as Active Directory-Integrated zone(s). Before you even do the configuration, you should double check and make sure your current DNZ zone is configured as Active Directory-Integrated zone first.
Since you have only two DCs, one other thing you may want to do is make your second DC also a GC, if it is currently not a GC.
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 200 total points
ID: 24314307
As KCTS has said, just install DNS and either initiate replication, or wait for it to occur. You will see the DNS zones drop into the console of the new DNS server. Once replication has occurred you can change the new DC's primary and secondary DNS servers.

While setting a DC to use itself as primary DNS I think is the generally accepted rule, there are arguments for and against this. For example, if you do get each DC to look at itself for DNS primarily, and for some reason you change one of the DCs IP address, that change will never replicate, causing a 'DNS Island' - a catch 22 where the other DC needs the other's IP to replicate, but it won't know it until it replicates.

This is just an example really, and probably unlikely. I personally configure my DCs as KCTS has said. Have a look at this for the MS best practices for DNS : http://support.microsoft.com/kb/825036
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 27

Expert Comment

by:bluntTony
ID: 24315709
Americom - I have to respectfully disagree. Providing that the DC is in the replication scope of the ADI DNS zone (being in the same domain it should be, whether it's the domain NC or DomainDNSZones), the zone will replicate and drop into the console automatically. It'll take a few minutes but it does come in by itself. At least in does in my W2K3 test environment.
I can't help thinking that manually creating a duplicate zone in the directory might cause some problems.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24316620

> I can't help thinking that manually creating a duplicate zone in the directory might
> cause some problems.

You'd be right.

If it's in the same partition it can overwrite an existing copy (sometimes, not always, depends which has the "latest" version). If it's in a different partition it can cause the DNS server to become rather upset about finding multiple copies of the same zone.

Install the DNS service, wait for replication. The data is there, nothing needs to be created, it just needs time to think about loading it.

Chris
0
 
LVL 18

Expert Comment

by:Americom
ID: 24317546
I totally agree that install the dns services and wait for replication or just force replicaiton manually would get the data, afterall, this is active directory-integrated zone and I have personally done it many times. What was I thinking or writing, primary/secondary zone??....no excuse! Thanks for pointing out the mistake, wish I can grant some point to you :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question