Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Installing DNS in a Workgroup Environment

Posted on 2011-09-08
8
Medium Priority
?
610 Views
Last Modified: 2012-05-12
We have a workgroup environment and want to use Windows DNS for various reasons.

How do I add a second DNS server and make it authoritative in the sense that you can make changes on it and it will replicate to others and vice versa?
0
Comment
Question by:MrVault
  • 3
  • 3
  • 2
8 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 1332 total points
ID: 36502686
You would have to setup a Secondary zone on the server if the server is not part of a Domain and is going to replicate data from another server.

If this server is going to be the first server that holds this DNS zone then you would need to create a primary DNS zone then create secondary zones on other servers you want to replicate this data with
0
 

Author Comment

by:MrVault
ID: 36502752
Thanks. There is already a primary zone. So without AD you can't make updates on every server?

And if the primary goes down, the secondary's can respond but need to be marked as primary before you can make changes?

Lastly, is there a way to automatically transfer all zones, or do you have to run the wizard for each one on the new secondary?

Thanks!
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 668 total points
ID: 36502756
In addition:

Darius wrote you everything what you should know about role installation.
I would like to add that using Primary/Secondary standard DNS zone, requires some security settings :) ActiveDirectory-Integrated zones are more secure, but if it's not an option then you need to do few more steps to secure your DNS.

If you have 2008R2 then you can use DNSSEC for securing transfer to Unix/Linux BIND
Some info about it at
http://www.isc.org/software/bind/dnssec

How to configure it in BIND
http://blog.dustintrammell.com/2008/08/01/configuring-dnssec-in-bind/

and of course, it's good to modify default DNS settings to allow DNS zone transfer only to specified servers. To change that, use DNS management console and choose zone. On a "Properties" tab you will find "Zone transfers" tab. Configure only IPs of servers to which you want to allow zone transfer. Do not use "Any server", it's not secure.

From my side, that's all :)

@darius: Hi, again :)
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 1332 total points
ID: 36502762
If you aren't running AD then you can only have Secondary Zones which aren't editable.

If primary goes down Secondary can be made into Primary to make changes

You must setup Zone Transfers for each DNS server there is no automatic option
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36502767
Hi iSiek!
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36502773
Yes it is, you have to specify zone transfer servers to which zones can be replicated (but there would be only secondaries).
Each zone can only have one standard Primary zone. When Primary would go down, you need to manually modify one of secondaries to primary.

Krzysztof
0
 

Author Comment

by:MrVault
ID: 36502827
Thanks all. yes unfortunately we're not using AD. I also did set up only transfer to certain IPs (not even automatically to each in Nameservers tab). We're not pointing this to a linux or BIND install either.

Thanks everyone!
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36502836
You're welcome :)
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question