Solved

Windows 2003 Server - Secondary DNS on secondary DC

Posted on 2012-04-01
7
617 Views
Last Modified: 2012-04-02
When creating a secondary DC in a 2003 server domain, does a secondary DNS get created by default for redundancy purposes or does that have to be done explicitly?  

In either case, is there  any way to make the DNS server on the secondary DC the primary DNS server with the first DC's being the 'backup' DNS and if there is would there be any reason for doing that?  

How redundant is DNS failure in the above environments when the primary DNS goes down?
0
Comment
Question by:lineonecorp
7 Comments
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 30 total points
ID: 37794096
The DNS roles are AD integrated. If you lose DC1, DC2 will be able to service your DNS resolver clients.
0
 

Author Comment

by:lineonecorp
ID: 37794210
Thanks for the quick response. I'm still not clear - do I have to create a secondary DNS when I create the second DC or does it automatically get created? When both DC1 and DC2 are both up and running I am assuming it does the DNS by default - can I change that - can I have DC2 do the DNS even though DC1 is doing the AD with failback to DC1 DNS?  Also when we are talking about redundancy is it DNS redundancy outside of DC redundancy or is DNS redundancy part of DC redundancy?
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 60 total points
ID: 37794260
DNS is automatically created for the first domain controller; it isn't automatically installed on subsequent servers.  You will need to install DNS service separately after it is promoted.  Then you can use both for name resolution.  Otherwise, only the first one is usable for DNS which is your single point of failure.  It is AD integrated as mentioned above so if DC1 goes down, your clients can still resolve assuming they are configured to also use DC2 (either manually or through your dhcp scope).  Essentially, DC1 and DC2 will both be doing name resolution and computer/account authentication.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 10

Accepted Solution

by:
Prashant Girennavar earned 90 total points
ID: 37794755
When you Make your DNS as AD-Integrated Zone, Then no need to configuring Any secondary zone on another DNS server.

For Eg - you have enabled your DNS zone as AD Integrated zone , Now, You have deployed one more DNS server , On newly deployed DNS server no need to configuring anythings , you just need to wait for some time. The Zone will automatically pop up on the new DNS server.

Note- AD Integrated zones are part of AD Replication.

Active Directory-integrated zones are authoritative primary zones.. So there is no need of configuring secondary zones also.



If one the DC holding AD Integrated zone goes down , other DC will serve all DNS queries.

Refer below links to understand this better

http://wiki.answers.com/Q/Name_3_benefits_of_using_AD-integrated_zones

http://technet.microsoft.com/en-us/library/cc772746(v=ws.10).aspx

http://wiki.answers.com/Q/What_are_several_of_the_largest_advantages_of_using_active_directory_integrated_zones_as_a_type_for_a_larger_organization

Regards,

_Prashant_
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 60 total points
ID: 37794828
To answer your questions:
When creating a secondary DC in a 2003 server domain, does a secondary DNS get created by default for redundancy purposes or does that have to be done explicitly?  
When you promote a DC, the DNS role is not automatically created.
You need to install the DNS role and if you're running AD-integrated DNS then the Zones will be transfered to the new DC.

In either case, is there  any way to make the DNS server on the secondary DC the primary DNS server with the first DC's being the 'backup' DNS and if there is would there be any reason for doing that?
It's actually quite easy, once the DNS role is configured, you need to either update your DHCP scopes or the network cards, depending if you're running DHCP or static addresses.
Reasons for doing that...see the answer to the question "What is Microsoft's best practice for where and how many DNS servers exist? What about for configuring DNS client settings on DC’s and members?"
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx

How redundant is DNS failure in the above environments when the primary DNS goes down?
I can explain it, but I'd be repeating alot of information that you can find in the following posts.
http://technet.microsoft.com/en-us/library/cc772774(v=ws.10).aspx
http://social.technet.microsoft.com/Forums/en/winservergen/thread/659b2d9c-9f3e-4644-9081-db5d06d25d79
0
 
LVL 26

Assisted Solution

by:DrDave242
DrDave242 earned 60 total points
ID: 37797362
BTW, when dvt_localboy refers to updating the network cards above, he's referring to configuring the DNS server settings on the client machines if they don't get these settings from DHCP.  Clients have to be told which DNS servers to use, and in which order; they won't automatically start using a second DNS server when one is created.
0
 

Author Comment

by:lineonecorp
ID: 37798042
Awesome. Great answers. Makes everything very clear.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2012 R2 CA Migrating to SHA256 7 37
Domain trust created by PDC name 6 31
check which file take most of the disk space 16 34
Powershell query 1 17
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question