?
Solved

DNS Settings on a Domain controllers

Posted on 2009-12-18
9
Medium Priority
?
301 Views
Last Modified: 2012-05-08
Hi,

I have just added two child DC's in my test domain.

On my parent DC, when I open DNS in the forward lookup zones I can see
msdcs.parentdomain.local and parent.local

On my child DC's when I open DNS I can only see msdcs.parentdomain.local and not childdomain.local - is this normal?

I do not have any errors in DNS. I am running windows 2003.
0
Comment
Question by:Dan560
  • 3
  • 3
  • 3
9 Comments
 
LVL 24

Expert Comment

by:Awinish
ID: 26079073
Child domain contains its own dns records & it should see zone childdomain.local  & msdcs.childdomain.local to resolve the dns names.
Did you install DNS server on any child domain controller,if not install.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 26079077
You can create the zone in child domain if its not there,create AD integrated zone in child domain,because it will have different namespace then parent domain.
0
 
LVL 2

Author Comment

by:Dan560
ID: 26079101
Ok so here are the steps I did...

I installed DNS on both child DC's
I set their primary DNS ip address to the parent DC's and the second to point to itself
I then ran DCPROMO
Rebooted both DC's
swapped the primary DNS settings so that the primary pointed to itelf (Child DC) secondary to the parent DC

I am curious to why both of them didn't have dns configure properly? Instead of manually doing it I would rather re-configure both machines and do it properly...since they are only test machines.(vm's)

0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 16

Expert Comment

by:Bruno PACI
ID: 26079535
Hi,

Well.... something is not clear for me. When you say "child DC" you mean a DC in a child domain ?

If that's it, so the step you described for your installation surely head you to the current situation.

At the moment of the DCPROMO, your child DCs were configured to use DNS server in the parent domain. So they registered thereselves in the DNS zone of the parent domain. They probably have created a sub DNS domain in your DNS parent zone. As an example, you'll probably find a "mychild" DNS subdomain in the "myparent.local" DNS zone of your DNS server in the parent domain (assuming the parent domain is "myparent.local" and the child domain is "mychild.myparent.local")...

In the step you described, you never have created the "mychild.myparent.local" DNS zone on your DNS server in your child domain. So this zone won't be created by some magic... The only way to automatically create the DNS zone is to use DCPROMO, but at this moment you were using DNS server that were already hosting a "myparent.local" DNS zone so the DCPROMO process have not create a new zone, it juast had used the existing one...
As it's about two different domains, there is no replication of domain level DNS zones.... the only zone that is replicated is the forest level DNS zone "_msdcs.myparent.local".

What you have to do :

1) on a DNS server in the child domain, create a new forward DNS zone named "mychild.myparent.local", and make it AD integrated.
2) On each DNS server of the child domain, configure a forwarder that transmit DNS request for unknown zones to the parent DNS servers.
3) Verify that the child DC use the DNS in the child domain as the primary DNS server.
4) on each child DC, use the following commands to force them to re-register in DNS :
    IPCONFIG /REGISTERDNS
    NET STOP NETLOGON
    NET START NETLOGON
5) in the parent DNS server, if there is some trace of a subzone "mychild" in the zone "myparent.local" remove it and replace it by a DNS delegation for "mychild" that points to the child DNS servers.

Have a good day
0
 
LVL 2

Author Comment

by:Dan560
ID: 26079592
Ok, that is starting to make more sense,

Actually I have just reverted to previous plain a image of all my servers. So after I have created the parent domain controller..what are the  proper steps for configuring the two childs DC's?

Do I have to manually create the zones? Or if I do things properly will they be created automatically?

I'm really just looking for proper steps, as this is only a test environment.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 26079688
Forward & reverse lookup zones are created automatically,installing dns from add/remove programms,but zones you have to created manually in forward lookup zone & subnet has to be created in manually.
You can create the zone under parents zone & subnet under reverse lookup zone.
AD-Integrated zone are best & recommended practice.
 
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 26079695
Hi,

In my opinion, the better way to reach your goal is to prepare the child DNS zone manually:

1) Install DNS server components on your first child DC (before the DCPROMO). Go in the DNS console and create a new forward primary DNS zone with the full DNS name of the child domain (mychild.myparent.local).
2) in the DNS console, edit properties of the DNS server. There is a tab named "forwarders". Add a forwarder that points to IP adresses of the DNS servers in the parent domain. Doing that, DNS requests that are not for the zone "mychild.myparent.local" will be transmitted to the parent DNS servers.
3) in the "myparent.local" DNS zone on the DNS servers of the parent domain, add a DNS delegation for the subzone "mychild" and give IP addresses of the child DNS servers. Doing that, you explain to your parent DNS server how to transmit DNS requests for the DNS child zone.
4) configure your first child DC to interrogate itself as primary DNS server. configure the second child DC to interrogate the first child DC as primary DNS server.
5) make DCpromo on the first child DC to create the new child domain. Complete the DCPROMO process by rebooting the DC and wait it to fully restart.
6) in the DNS console on the first child DC, edit the "mychild.myparent.local" DNS zone properties and change the zone type from "primary" to "AD intergrated".
7) make the DCPROMO on the second child DC.

Hope this help.

Have a good day
0
 
LVL 2

Author Comment

by:Dan560
ID: 26079707
So just to confirm.

When I create a child dc I have to manually create the childdomain.local zones in DNS?
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 2000 total points
ID: 26079780
Hi,

Well, as far as I remember, DCPROMO propose you to automatically install DNS service and automatically create DNS zone only if there is no reachable DNS server and no DNS zone already present. To install new DCs for a new child domain you must ensure DNS resolution of the parent zone is working, so you cannot be in the situation where no DNS server is reachable, and then DCPROMO won't create the good DNS configuration automatically.

This is not 100% sure... may be there is a way to force DCPROMO to create DNS zones by itself when you install child domain.

For my part I prefer prepare things on my own and test DNS resolution BEFORE promoting DCs, because this is the only way to be sure everything will work immediatly.

So... maybe there is a way to force DCPROMO to make DNS things in your situation, but it might be more complicated than prepare the zones manually.

0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question