Solved

Isolate DNS role from all domain controllers

Posted on 2014-02-18
4
580 Views
Last Modified: 2014-02-18
Experts,

I have a question on separating out DNS, and I don't want to miss any steps.  We currently have 3 locations, and we want to add 2 DNS servers to each location as stand alone servers.  Right now, DNS is handled by the DC pairs at each site respectively.  The goal is to have 2 separate DC's and 2 separate DNS servers (total of 4) at each site location.  I am aware of the process to spin up the machines, join them to the domain as member servers, and ten add the DNS roles to them, but what else needs to be done to ensure they take over, and the DC DNS roles can be safely suspended to prevent any disruption?

Thanks all!
0
Comment
Question by:cocosyseng
4 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 167 total points
Comment Utility
Can I ask why you want to separate DNS in this way. AD Integrated DNS is much for secure and efficient
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 167 total points
Comment Utility
You can allow zone transfers from the AD integrated production DC to the stand alone DNS server hosting a secondary zone of the AD integrated zone.

That zone could be made primary.   All clients (static and DHCP) need to point to the new boxes for DNS.

Make sure to note any forwarders/stub zones/etc on the current box.

Out of curiosity why do you want to go from AD Integrated to stand alone.   Are you having issues with AD Integrated DNS?

Thanks

Mike
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 166 total points
Comment Utility
I have the same general advice and questions as the others, with one last caveat. While you cancelable zone transfers and make the standalone DNS servers primary, the blast part of your question... about suspending the DNS role on the DCs...would still be problematic. There is a reason ADDS configures DNS and has that dependency. There are things ADDS does with the AD zones that will not work properly if the DNS services on the DC are suspended. You don't have to make the zones AD integrated. You don't even need to have other machines look at them beyond your visible DCs properly transferring. But they need to exist and they do need to have changes reflect out onto your visible DCs. You can't simply suspend the services.
0
 

Author Comment

by:cocosyseng
Comment Utility
You are correct, my apologies, we are going to leave DNS as is.  DHCP is the one that we actually now need to move.  Sorry guys!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now