wmhooper
asked on
dual redundant DCs no longer update reverse lookup zone info from secondary DHCP
Configuration:
primary site:
- two (2) DCs (2008 R2 domain controllers) configured for redundancy on 172.16.10 subnet
- DNS integrated with AD (Active Directory)
- SOA (Start of Authority) here for entire domain
two (2) remote sites:
- two (2) remote locations 172.16.20 & 172.16.30
- single 2008 R2 server at each site with mainly IP devices
- both remote locations have secondary DNS servers and local DHCP
- DHCP configured to point to primary site DCs as DNS
Functionality we had:
- when we had one (1) DC at primary site (172.16.10) - DHCP updates at secondary sites (172.16.20 & 172.16.30) would show up in "reverse lookup zones" in the DNS of the primary site (172.16.10) ... this allowed primary site to know dynamic IP addresses of secondary sites remote devices
This functionality was lost when we added second (2) DC to the primary site. Changes by remote secondary sites' DHCP (172.16.20 & 172.16.30) are no longer seen in primary site (172.16.10) DNS "reverse lookup zones"
How do we configure so we have the desired functionality with redundant primary DCs?
Thanks in advance for your help
primary site:
- two (2) DCs (2008 R2 domain controllers) configured for redundancy on 172.16.10 subnet
- DNS integrated with AD (Active Directory)
- SOA (Start of Authority) here for entire domain
two (2) remote sites:
- two (2) remote locations 172.16.20 & 172.16.30
- single 2008 R2 server at each site with mainly IP devices
- both remote locations have secondary DNS servers and local DHCP
- DHCP configured to point to primary site DCs as DNS
Functionality we had:
- when we had one (1) DC at primary site (172.16.10) - DHCP updates at secondary sites (172.16.20 & 172.16.30) would show up in "reverse lookup zones" in the DNS of the primary site (172.16.10) ... this allowed primary site to know dynamic IP addresses of secondary sites remote devices
This functionality was lost when we added second (2) DC to the primary site. Changes by remote secondary sites' DHCP (172.16.20 & 172.16.30) are no longer seen in primary site (172.16.10) DNS "reverse lookup zones"
How do we configure so we have the desired functionality with redundant primary DCs?
Thanks in advance for your help
ASKER
The remote sites are warehouses, with RF devices and single servers - insecure sites from an IT perspective.
The company only wants domain controllers in the central location, plus the disaster recovery location (the reason for the two (2) primary DCs)
Further research on this problem seems to point to the need to have one DC as read / write and the second DC be ReadOnly and not have both DCs as read/write
We may try this option in few months if we can not get the current configuration working as required.
The company only wants domain controllers in the central location, plus the disaster recovery location (the reason for the two (2) primary DCs)
Further research on this problem seems to point to the need to have one DC as read / write and the second DC be ReadOnly and not have both DCs as read/write
We may try this option in few months if we can not get the current configuration working as required.
ASKER
From footech:
Q1: How are the reverse zones configured? Are they AD-integrated? If so, are they configured to allow only secure dynamic updates, or what?
A1:The two DCs with reverse zones are AD-integrated. They were configured for secure updates but we also tried to allow for un-secure updates as a test.
Q2: For secure zones, since it is the DHCP server that registers the PTR records for dynamic clients, I would check the credentials that you are using.
A2: The dynamic updates from remote DHCP to the reverse zones on the DCs worked when we only had a single DC.
The introduction of a second redundant DC (at disaster backup site) broke this functionality.
Q1: How are the reverse zones configured? Are they AD-integrated? If so, are they configured to allow only secure dynamic updates, or what?
A1:The two DCs with reverse zones are AD-integrated. They were configured for secure updates but we also tried to allow for un-secure updates as a test.
Q2: For secure zones, since it is the DHCP server that registers the PTR records for dynamic clients, I would check the credentials that you are using.
A2: The dynamic updates from remote DHCP to the reverse zones on the DCs worked when we only had a single DC.
The introduction of a second redundant DC (at disaster backup site) broke this functionality.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How are the reverse zones configured? Are they AD-integrated? If so, are they configured to allow only secure dynamic updates, or what? For secure zones, since it is the DHCP server that registers the PTR records for dynamic clients, I would check the credentials that you are using.