Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Isolate DNS role from all domain controllers

Posted on 2014-02-18
4
Medium Priority
?
630 Views
Last Modified: 2014-02-18
Experts,

I have a question on separating out DNS, and I don't want to miss any steps.  We currently have 3 locations, and we want to add 2 DNS servers to each location as stand alone servers.  Right now, DNS is handled by the DC pairs at each site respectively.  The goal is to have 2 separate DC's and 2 separate DNS servers (total of 4) at each site location.  I am aware of the process to spin up the machines, join them to the domain as member servers, and ten add the DNS roles to them, but what else needs to be done to ensure they take over, and the DC DNS roles can be safely suspended to prevent any disruption?

Thanks all!
0
Comment
Question by:cocosyseng
4 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 668 total points
ID: 39867566
Can I ask why you want to separate DNS in this way. AD Integrated DNS is much for secure and efficient
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 668 total points
ID: 39867577
You can allow zone transfers from the AD integrated production DC to the stand alone DNS server hosting a secondary zone of the AD integrated zone.

That zone could be made primary.   All clients (static and DHCP) need to point to the new boxes for DNS.

Make sure to note any forwarders/stub zones/etc on the current box.

Out of curiosity why do you want to go from AD Integrated to stand alone.   Are you having issues with AD Integrated DNS?

Thanks

Mike
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 664 total points
ID: 39867620
I have the same general advice and questions as the others, with one last caveat. While you cancelable zone transfers and make the standalone DNS servers primary, the blast part of your question... about suspending the DNS role on the DCs...would still be problematic. There is a reason ADDS configures DNS and has that dependency. There are things ADDS does with the AD zones that will not work properly if the DNS services on the DC are suspended. You don't have to make the zones AD integrated. You don't even need to have other machines look at them beyond your visible DCs properly transferring. But they need to exist and they do need to have changes reflect out onto your visible DCs. You can't simply suspend the services.
0
 

Author Comment

by:cocosyseng
ID: 39867639
You are correct, my apologies, we are going to leave DNS as is.  DHCP is the one that we actually now need to move.  Sorry guys!
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question