my secondary DNS didn't kick in...

Have 2 servers on my network (server 2008 std), one is DC the other one is also part of the domain and keeps a copy of all the AD stuff. It also runs a secondary DNS set to forward to the first AD.

I restarted the main AD DC this morning and tried continue to surf hoping that the secondary DNS would take over (as it has the second dns set in DHCP as secondary DNS). but it didn't. It was as if there was no DNS at all on the network.

why did this not work?

somewhereinafricaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Krzysztof PytkoSenior Active Directory EngineerCommented:
Because your first DC with DNS service has configured forwarders (external DNS which has information about public DNS domains) and your second DC with DNS has not.

You can configure it on the second one and the Internet DNS query will work. Set up forwarders to your ISP DNS server or to one of publicly available (i.e. Google 8.8.4.4)

Regards,
Krzysztof
Krzysztof PytkoSenior Active Directory EngineerCommented:
and how your internal DNS query worked? Were you able to access any internal resources using DNS names? How did you configure your second DNS server (Primary ActiveDirectory Integrated zone, Primary zone, Secondary zone or Stub Zone) ?

Krzysztof
somewhereinafricaAuthor Commented:
Hi Kryaztof,

I followed the instructions of the web. It basically instructed me to run the wizard, tell the wizard that the DNS i was installing was supposed to send questions to the main DNS, as so i did.

I am not sure what definition of configuration that makes it?
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Krzysztof PytkoSenior Active Directory EngineerCommented:
OK, that's the problem (looks like you have Stub zone configured) :) because your DNS server was down and the second one sent requests but there were no reply.

For more secure DNS redundant solution, I would suggest setting up AD-I (Primary ActiveDirectory-Integrated zone). It maintains full read/write copy of your DNS and when one of your DNS server would go down, it still resolves DNS queries. So, on that second DNS server (which doesn't works) remove DNS zone and follow these instructions:

1) Open DNS console on your server where you want to set up DNS
2) Select "Forward Lookup Zone" node and click right mouse button
3) Choose "New Zone"
4) Now, you see new DNS zone wizard, click "Next:
5) Use "Primary zone" and ensure that "Store the zone in AD" checkbox is enabled (if not, tick it), click "Next"
6) Leave default settings for DNS replication scope (all DNS servers in this domain: your FQDN domain), "Next"
7) Type FQDN domain
8) Leave default settings with "Allow only secure dynamic updates" or change if you have Linux clients which do not support DDNS (dynamic DNS updates)
9) "Finish"

Now, your ADC (additional DC) has full DNS copy and should avoid problems in the future :]
Now, configure in DHCP scope's options, option no. 006 and add there IP address of your new DNS server (this server's IP, where you have configured DNS service)

reboot your DHCP clients or run on them

ipconfig /release
ipconfig /renew

to obtain fresh DHCP configuration with new DNS server, and If it is possible, test this new configuration, if it works :)

Let me know results :]

Krzysztof

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
somewhereinafricaAuthor Commented:
Krzysztof, wow, what an awesome write up.

Just to be sure, the steps that you have lined up are to be executed on the main domain controller or the secondary one?
Krzysztof PytkoSenior Active Directory EngineerCommented:
On the secondary one :) but you have to be sure that Primary is up and running during setting up secondary server

Krzysztof
Darius GhassemCommented:
somewhereinafricaAuthor Commented:
Always awesome when someone takes the time to hash the steps out instead of just linking to online articles.

class A job
Krzysztof PytkoSenior Active Directory EngineerCommented:
Thank you for points and nice comment :)
somewhereinafricaAuthor Commented:
ok, something went bad :-(

I did as you said, and it says that it can't create the zone , because it already exists...

what now
Krzysztof PytkoSenior Active Directory EngineerCommented:
OK, we will check what went wrong :) but I'm sorry I had no time today to prepare a step-by-step guide for you.
I prepared test environment and tomorrow morning I will prepare a guide and post here to check from that list, what went wrong.

Hope you understand.

Krzysztof
somewhereinafricaAuthor Commented:
awesome
Krzysztof PytkoSenior Active Directory EngineerCommented:
OK, here is promised guide :)
If you need further assistance, just let me know.

Krzysztof
DNS-ADI.pdf
somewhereinafricaAuthor Commented:
Awesome guide, so nice of you to take the time, works like a charm!
Krzysztof PytkoSenior Active Directory EngineerCommented:
Great! I'm glad I could help :)

Krzysztof
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.