2008 DNS - Switching to AD stored zones

Posted on 2011-09-08
Last Modified: 2012-06-27
Our school district has 40 sites, originally utilizing a seperate NT4 domain in each site.  We then upgraded to Windows 2000, and converted to a parent domain and 39 child domains.  (we are working on a plan to finally go to a single flat domain, but that will take time..)  
In the present model, each domain including the parent has its own DNS zone, integrated into AD, but only replicated to DCs in that domain via AD.  Each child domain has a secondary zone (file-based) for the parent domain, replicated from the parent domain DNS servers. Delegation records in the parent DNS zone for each child zone finish the picture.  DNS resolution is complete, and works well, BUT it's a pain to maintain!

Now that we have finally eliminated the last Windows 2000 DC, (and all but two of the 2003 DCs) I am interested in switching to a DNS structure entirely stored and replicated by DNS.  Nothing I've read, so far, answers two questions I have:
1. Currently, when we install a new child-domain DC, DNS is autmatically configured with the domain's DNS zone.  Then we have to manually add and configure the secondary zone for the parent domain.  If the parent domain was set to replicate to all DCs in the forest, would that secondary zone also be automatically created?
2. How would I manage the switchover?  After I set the parent DNS zone to replicate to all servers in the forest, what changes would I have to make to the child domain DNS servers?  (There are a lot of them...)

Dann Cox,
Infrastructure Administrator,
School Distruict 68
Question by:danncox
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 10

Expert Comment

ID: 36507185
before I answer anything, are any of your DNS zones AD integrated?

Author Comment

ID: 36524636
As stated,  each domain's own zone is AD-integrated, but only for that domain - none are set to replicate to the entire forest.
LVL 10

Expert Comment

ID: 36525328
You could try creating stub zones for each sub-domain in every other domain.
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!


Author Comment

ID: 36526532
I am not sure how this would work - Reading the MS info on Stub zones, they only mention stub zone in the parent for the child zones, not the other way around.  If so that would not help much?
I'd better go do some more reading on stub zones.


Accepted Solution

danncox earned 0 total points
ID: 37779785
I wasn't really getting much information, here or elsewhere, so created a test child-domain and did some testing.  At least in our forest, setting the parent domain DNS to publish to all DNS servers in the forest worked.  We did have to go to each child-domain DNS server, and remove the (file-based) secondary zone for the parent domain.  After re-starting DNS, replication quickly replaced the zone from AD.
We have left the delegation records in place for the child domains, as we are moving fairly quickly to get rid of child domains.

Author Closing Comment

ID: 37795216
worked it out myself - Stub zones may have been the answer, but I never really figured them out.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS CNAME records visibility on a web server 2 42
How to rollback Windows updates with SCCM? 6 83
DCOM was unable to communicate with the computer 8 33
BgInfo help 5 65
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question