• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

Can I use Server 2008 DNS without it being a DC?

Currently all of our organizations DNS servers are Windows 2003 domain controllers using AD.  I am attempting to configure our first Windows 2008 Server but only want to use it as a file server and DNS server for a remote location.  

Is it possible to have DNS working on this server without making it a DC?  Can AD integrated zones work without it being a DC?

Any help would be appreciated.
0
ATSOL
Asked:
ATSOL
  • 3
  • 2
  • 2
2 Solutions
 
AdoBeeboCommented:
AD Integrated DNS Zones require the host server to be a DC, because the DNS zone is stored and replicated using the AD.
You can still setup Primary, Secondary and Stub zones on a non-DC 2008 Server
In your situation you could consider using a read only domain controller for the remote site (RODC) and cache the required passwords on that server. This will lower WAN link traffic as local user authentication can be handled locally, and it is a more secure compromise which will allow you to keep AD IZ like DNS functionality while not exposing unrequired portions of your AD in a non-secure location
0
 
ATSOLAuthor Commented:
So if I manually setup zones on my non-DC 2008 server that are identical to the existing zones in the other DNS servers, will it automatically populate the records for those zones?  I don't want it to overwrite my existing dns zones with an empty zone from this new server.
0
 
DatedmanCommented:
You can make a secondary DNS server for an AD zone.  You may need to add it to the SOA tab on one of the AD servers so that it'll be allowed to replicate.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
AdoBeeboCommented:
A secondary zone is like a read-only DNS zone, so if you're not sure stick to secondary. You'll also need to add the server to the Replication tab, under Allowed to Replicate, or similar (from memory)
 
0
 
DatedmanCommented:
btw if it is read-only DNS, keep in mind that machine using it as their DNS server will not be able to register their DNS records...so may be a problem with say, sharing a printer between machines at the remote location?  hmmm do you use WINS?  
0
 
ATSOLAuthor Commented:
If I understand it correctly, an RODC would just forward the request onto a writeable DC.  The writeable DC would then update DNS in the RODC.  We are not using WINS.  At this point I'm just trying to decide whether to use one of three methods for my new server > DC, RODC or non-DC secondary zone.
0
 
DatedmanCommented:
I'd just make it a DC.  Why bother with RODC?  Not sure why you didn't want to make it a DC...

BTW should make a new site in AD Sites and Services with the remote subnet/new server.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now