Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 615
  • Last Modified:

Installing DNS in a Workgroup Environment

We have a workgroup environment and want to use Windows DNS for various reasons.

How do I add a second DNS server and make it authoritative in the sense that you can make changes on it and it will replicate to others and vice versa?
0
MrVault
Asked:
MrVault
  • 3
  • 3
  • 2
3 Solutions
 
Darius GhassemCommented:
You would have to setup a Secondary zone on the server if the server is not part of a Domain and is going to replicate data from another server.

If this server is going to be the first server that holds this DNS zone then you would need to create a primary DNS zone then create secondary zones on other servers you want to replicate this data with
0
 
MrVaultAuthor Commented:
Thanks. There is already a primary zone. So without AD you can't make updates on every server?

And if the primary goes down, the secondary's can respond but need to be marked as primary before you can make changes?

Lastly, is there a way to automatically transfer all zones, or do you have to run the wizard for each one on the new secondary?

Thanks!
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
In addition:

Darius wrote you everything what you should know about role installation.
I would like to add that using Primary/Secondary standard DNS zone, requires some security settings :) ActiveDirectory-Integrated zones are more secure, but if it's not an option then you need to do few more steps to secure your DNS.

If you have 2008R2 then you can use DNSSEC for securing transfer to Unix/Linux BIND
Some info about it at
http://www.isc.org/software/bind/dnssec

How to configure it in BIND
http://blog.dustintrammell.com/2008/08/01/configuring-dnssec-in-bind/

and of course, it's good to modify default DNS settings to allow DNS zone transfer only to specified servers. To change that, use DNS management console and choose zone. On a "Properties" tab you will find "Zone transfers" tab. Configure only IPs of servers to which you want to allow zone transfer. Do not use "Any server", it's not secure.

From my side, that's all :)

@darius: Hi, again :)
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
Darius GhassemCommented:
If you aren't running AD then you can only have Secondary Zones which aren't editable.

If primary goes down Secondary can be made into Primary to make changes

You must setup Zone Transfers for each DNS server there is no automatic option
0
 
Darius GhassemCommented:
Hi iSiek!
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Yes it is, you have to specify zone transfer servers to which zones can be replicated (but there would be only secondaries).
Each zone can only have one standard Primary zone. When Primary would go down, you need to manually modify one of secondaries to primary.

Krzysztof
0
 
MrVaultAuthor Commented:
Thanks all. yes unfortunately we're not using AD. I also did set up only transfer to certain IPs (not even automatically to each in Nameservers tab). We're not pointing this to a linux or BIND install either.

Thanks everyone!
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
You're welcome :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now