Solved

Installing DNS in a Workgroup Environment

Posted on 2011-09-08
8
595 Views
Last Modified: 2012-05-12
We have a workgroup environment and want to use Windows DNS for various reasons.

How do I add a second DNS server and make it authoritative in the sense that you can make changes on it and it will replicate to others and vice versa?
0
Comment
Question by:MrVault
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 333 total points
ID: 36502686
You would have to setup a Secondary zone on the server if the server is not part of a Domain and is going to replicate data from another server.

If this server is going to be the first server that holds this DNS zone then you would need to create a primary DNS zone then create secondary zones on other servers you want to replicate this data with
0
 

Author Comment

by:MrVault
ID: 36502752
Thanks. There is already a primary zone. So without AD you can't make updates on every server?

And if the primary goes down, the secondary's can respond but need to be marked as primary before you can make changes?

Lastly, is there a way to automatically transfer all zones, or do you have to run the wizard for each one on the new secondary?

Thanks!
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 167 total points
ID: 36502756
In addition:

Darius wrote you everything what you should know about role installation.
I would like to add that using Primary/Secondary standard DNS zone, requires some security settings :) ActiveDirectory-Integrated zones are more secure, but if it's not an option then you need to do few more steps to secure your DNS.

If you have 2008R2 then you can use DNSSEC for securing transfer to Unix/Linux BIND
Some info about it at
http://www.isc.org/software/bind/dnssec

How to configure it in BIND
http://blog.dustintrammell.com/2008/08/01/configuring-dnssec-in-bind/

and of course, it's good to modify default DNS settings to allow DNS zone transfer only to specified servers. To change that, use DNS management console and choose zone. On a "Properties" tab you will find "Zone transfers" tab. Configure only IPs of servers to which you want to allow zone transfer. Do not use "Any server", it's not secure.

From my side, that's all :)

@darius: Hi, again :)
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 333 total points
ID: 36502762
If you aren't running AD then you can only have Secondary Zones which aren't editable.

If primary goes down Secondary can be made into Primary to make changes

You must setup Zone Transfers for each DNS server there is no automatic option
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36502767
Hi iSiek!
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36502773
Yes it is, you have to specify zone transfer servers to which zones can be replicated (but there would be only secondaries).
Each zone can only have one standard Primary zone. When Primary would go down, you need to manually modify one of secondaries to primary.

Krzysztof
0
 

Author Comment

by:MrVault
ID: 36502827
Thanks all. yes unfortunately we're not using AD. I also did set up only transfer to certain IPs (not even automatically to each in Nameservers tab). We're not pointing this to a linux or BIND install either.

Thanks everyone!
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36502836
You're welcome :)
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question