Solved

Installing DNS in a Workgroup Environment

Posted on 2011-09-08
8
594 Views
Last Modified: 2012-05-12
We have a workgroup environment and want to use Windows DNS for various reasons.

How do I add a second DNS server and make it authoritative in the sense that you can make changes on it and it will replicate to others and vice versa?
0
Comment
Question by:MrVault
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 333 total points
ID: 36502686
You would have to setup a Secondary zone on the server if the server is not part of a Domain and is going to replicate data from another server.

If this server is going to be the first server that holds this DNS zone then you would need to create a primary DNS zone then create secondary zones on other servers you want to replicate this data with
0
 

Author Comment

by:MrVault
ID: 36502752
Thanks. There is already a primary zone. So without AD you can't make updates on every server?

And if the primary goes down, the secondary's can respond but need to be marked as primary before you can make changes?

Lastly, is there a way to automatically transfer all zones, or do you have to run the wizard for each one on the new secondary?

Thanks!
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 167 total points
ID: 36502756
In addition:

Darius wrote you everything what you should know about role installation.
I would like to add that using Primary/Secondary standard DNS zone, requires some security settings :) ActiveDirectory-Integrated zones are more secure, but if it's not an option then you need to do few more steps to secure your DNS.

If you have 2008R2 then you can use DNSSEC for securing transfer to Unix/Linux BIND
Some info about it at
http://www.isc.org/software/bind/dnssec

How to configure it in BIND
http://blog.dustintrammell.com/2008/08/01/configuring-dnssec-in-bind/

and of course, it's good to modify default DNS settings to allow DNS zone transfer only to specified servers. To change that, use DNS management console and choose zone. On a "Properties" tab you will find "Zone transfers" tab. Configure only IPs of servers to which you want to allow zone transfer. Do not use "Any server", it's not secure.

From my side, that's all :)

@darius: Hi, again :)
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 333 total points
ID: 36502762
If you aren't running AD then you can only have Secondary Zones which aren't editable.

If primary goes down Secondary can be made into Primary to make changes

You must setup Zone Transfers for each DNS server there is no automatic option
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36502767
Hi iSiek!
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36502773
Yes it is, you have to specify zone transfer servers to which zones can be replicated (but there would be only secondaries).
Each zone can only have one standard Primary zone. When Primary would go down, you need to manually modify one of secondaries to primary.

Krzysztof
0
 

Author Comment

by:MrVault
ID: 36502827
Thanks all. yes unfortunately we're not using AD. I also did set up only transfer to certain IPs (not even automatically to each in Nameservers tab). We're not pointing this to a linux or BIND install either.

Thanks everyone!
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36502836
You're welcome :)
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question