• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 486
  • Last Modified:

Can you have both AD Integrated and Standard Primary servers for the same domain?

I know it isn't the ideal configuration but is it possible to have a couple Active Directory DNS servers on DCs and a member server hosting Standard Primary zones? Does the member server have to host secondary zones only?
0
stevegoldman
Asked:
stevegoldman
  • 5
  • 3
  • 2
2 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
The key is that the Windows clients (and servers) must be configured to use a DNS server that supports dynamic updates.  You can configure any number of other DNS servers on the network and replicate the DNS information, PROVIDED the clients and servers don't use them for name resolution (and assuming they are not updating dynamicallly with AD's services).
0
 
stevegoldmanAuthor Commented:
My clients are using dynamic updates. So does that mean I have to allow insecure dynamic updates on the member server hosting DNS if clients use it as their primary server? Would this then allow me to set it as a Standard Primary server?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Lets step back... WHY are you wanting to do this?  Perhaps there's a better way...
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
stevegoldmanAuthor Commented:
Why is not important. Let's just say for argument sake that I am going to end up with one DNS server that's running on a member server and two running on DC's. The DC's already host AD integrated zones. The only thing I'm trying to figure out is if it's safe to, or if I'm even able to, configure the forward lookup zones on the member server as Standard Primary zones or if they need to be Secondary zones.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I see... so you're not interested in helping me out, you just want to take advice and leave.  If you told me WHY I might be able to offer a better solution but since I'm now going to have to GUESS at your motives, I'm not willing to keep playing a game since I feel I'm blind to your needs.

Bottom line DNS MUST be able to update for all systems.  A Dynamically updating DNS system is required.  That's MOST commonly (by far) done using DNS services on an Active Directory domain controller... however, strictly speaking you don't need AD to run DNS - you could use third party DNS servers provided they support Service Records and dynamic updates.  The zone that is used MUST be updated for ALL clients.  Replicating between each other.

If you're willing to explain why and help me and anyone else who comes along so we can know you're not trying to do something because you don't know any better, I might be able to offer further, more detailed suggestions.  If not, best of luck with whatever your trying to do.
0
 
stevegoldmanAuthor Commented:
The network I'm working on is fairly complex. There are systems in place that are hard coded to look to the server currently being decommissioned as a DC. The server is currently on old hardware. It is going to be virtualized and converted to member server only to run it's essential duties. Once of which, unfortunately, is a DNS server. The systems hard coded to use this server do not necessarily have secondary DNS servers configured in some cases. They need to be able to connect to this server for name resolution. This is one of the reasons this server is being virtualized. We have VMware environment with HA which will provide the stability it needs.

All other clients on the network use dynamically assigned IP addresses and dynamically update DNS.

I did not mean to be short with you, nor do I mean to be dismissive of the help you're offering. I just didn't want to waste your time or mine with needless "what if" scenarios. I appreciate any help you can offer.
0
 
Sigurdur HaraldssonSystem AdministratorCommented:
If the zone on the member server is the same as the one in the AD integrated DNS, then you can't have it as a primary zone. They need to be secondary.
0
 
stevegoldmanAuthor Commented:
@sighar: So the AD integrated DNS servers won't recognize updates to DNS from the member server?
0
 
Sigurdur HaraldssonSystem AdministratorCommented:
If you've got a standard (non AD integrated) primary zone, it is the only zone writeable. All others must be secondary or slave zones.

Only with a AD integrated primary DNZ zone is it possible to have a zone that is a) primary and b) also writeable on other DNS servers.
0
 
stevegoldmanAuthor Commented:
Thank you for your assistance.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now