A new DNS Zone for a different subnet and IP Scheme

Pkafkas
Pkafkas used Ask the Experts™
on
Hello:

I am beginning to get ready for deploying 2 new IP schme's on my corporate Network.  Currently we use a 192.168.1.X /24 IP scheme; however, we are running out of IP addresses and it has been decided to create 2 new VLan's.  Each VLan will hold specific devices.

1.  192.168.1.X /24 (For miscellaneous Devices ie electrical panels).
2.  10.220.21.X /24 (For Servers/Routers/Switches/Proxy's).
3.  10.220.22.X /24 (For Workstations).

I created a Question a short while ago regarding how I can create my DNS Servers to work for another IP scheme.  That is while having it still work with the original 192168.1.X /24 settings.  Please read http://www.experts-exchange.com/Networking/Misc/Q_24524634.html

However, I am afraid I was not complete enough in my previous question.  My new question is... "How do I have the current DNS Servers run on 192.168.1.X /24 VLAN and have it recognize the new VLan IP addresses as well?  That is do I need to create 2 new Zones with Froward Lookup and Reverse Lookup information (zones)?  I know that static routes will need to be made to our main router; but, my question right now is specifically tied to making my DNS Servers work for the new VLan's.  Lets assume the Static routes are in place for the main router.

Will I only need to create new Zones and follow the DNS Configuration wizard to create the new Zones?  Is there anything else that I need to do for the new zones (VLna's) to have the DNS server recognize PC's and servers in the other new VLan's and their new IP Scheme?

This will be done on a Microsoft Windows 2003 Server Std. Edition.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
PkafkasNetwork Engineer

Author

Commented:
Would it be safe if I create another Forward and Reverse lookup Zone for the same Domain, even if I do not have an IP address available for it?

Would I have to have another Server with a different IP address be the temporary DNS Server until I can change over the current DNS Servers?

I would like to change over the network Devices (Workstations, Servers and Switches) at a slow rate.  that is not to plan a turn-key operation over night.
Commented:
Why not simplify things A LOT and just change the subnet mask so you have more IP's?  You could use 255.255.254.0  (/23) and have twice as many addresses (roughly) or .253 (/22) and have > 4x as many.

I have not done a lot with VLANs yet but I think this would be SO much easier to implement and maintain.
Most Valuable Expert 2018
Distinguished Expert 2018

Commented:
Forward lookup zones have absolutely nothing to do with the IP addresses your server or your clients use (provided that your clients can reach the server). They'll register the IP they're using, and that can be in any subnet.
You only need to create the new reverse lookup zones for your new networks (and reverse lookup zones aren't relevant for AD).
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

PkafkasNetwork Engineer

Author

Commented:
So oBda:

All I need to do is create a new reverse lookup zone, on teh already existing DNS Server?

Then pretty much follow the instructions on how to setup the new Reverse Lookup zone that I found on this document?  http://support.microsoft.com/kb/323445

Is taht pretty much it.
PkafkasNetwork Engineer

Author

Commented:
For reasons why I am planning to use 3 different VLan's it is becasue I think it is better network design for the future.  

More detailed reasons can be provided by reading the follwing article.  http://www.experts-exchange.com/Networking/Misc/Q_24507673.html  

Thanks for the question, it was worth considering.

Commented:
Once more, why bother with creating three IP subnets?  Why not just expand your current one?  Simple...
Most Valuable Expert 2018
Distinguished Expert 2018

Commented:
Yes; as long as your routing is correct, and the clients can reach the DNS server, then that's all you need.

Commented:
Sorry crossed messages.  :)  But I really really think you're overcomplicating things for a network that size.
PkafkasNetwork Engineer

Author

Commented:
Well, I am not open-minded.  

Yes, just having 1 extra VLan for workstations only and keeping the VLan-1 for the Servers and switches and everything else that needs a static IP would simplify the change over tremendously.  Our network is not that big and having 2 VLan's for the private network instead of 3 might be a happy medium for this project.

I will think about that some more, Datedman.  

Thanks,
PkafkasNetwork Engineer

Author

Commented:
I should have stated in the above comment that "I am open-minded" :-)

For the above comment ... geeesh...
PkafkasNetwork Engineer

Author

Commented:
I think I will have only 2 Vlan's.  That will simplyfy things alot for this change over.
PkafkasNetwork Engineer

Author

Commented:
Oh, one of the things that I forgot to mention is that we have some IP confilcts with other companies that conenct to our corporate network.  These other companies user a 192.168.0.x Scheme and a 192.168..3.X scheme.  I actually tried teh /23 before but if I ping 192.168.3.X I get a reply back from an internal IP address that is assigned to one of those companies destination host unreachable.  If I try pinging 192.168.0.X I get the same result.  Hence, we are pretty isolated with 192.168.1.X /24 .My predecessor did not plan the network for future growth.   Anyway...

I will end keeping the VLan-1 (192.168.1.X /24) for Servers and routers/Switches/Proxy devices.

I will make 1 new VLan (Vlan-21 for workstations 10.220.21.X /24).
PkafkasNetwork Engineer

Author

Commented:
I have a strong feeling that I am missing someting.  Please keep in mind that we are currenlty using the DNS servers in an active production environment.  Should I create a new Primary reverse lookup zone on one/both of the DNS Servers?  Will that hose up the current reverse lookup zone?

1.  Start the DNS snap-in.

2.  Click the DNS Server object for your server in the left pane of the console, and then expand the server object to expand the tree.

3.  Expand Reverse Lookup Zones.

4.  Right-click Reverse Lookup Zones, and then click New Zone. The New Zone Wizard starts. Click Next to continue.

5.  Click Primary zone, and then click Next.

6.  In the Network ID box, type the network ID. For example, type 10.220.21 and then click Next.

7.  On the Zone File page, click Next

8.  Click Next.
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
You can have as many reverse lookup zones as you can eat^H^H^H manage. As I said, they're not even essential for AD, and just like forward lookup zones, you can have several of them.
If your DNS servers are DCs, then simply create the revers lookup zone on one of them, make sure it's set to "AD integrated"; after the next AD replication cycle, the new zone will appear on the other DC(s)/DNS(s) as well.
PkafkasNetwork Engineer

Author

Commented:
What the DNS Servers look like in the current setup.
dns1-dns2.doc
Most Valuable Expert 2018
Distinguished Expert 2018

Commented:
Yes; just go ahead and create the zones.
PkafkasNetwork Engineer

Author

Commented:
Ok, I did it.  Its on there.  It replicated to the other AD server/DNS Server.

I will close this call.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial