Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Isolate DNS role from all domain controllers

Posted on 2014-02-18
4
Medium Priority
?
611 Views
Last Modified: 2014-02-18
Experts,

I have a question on separating out DNS, and I don't want to miss any steps.  We currently have 3 locations, and we want to add 2 DNS servers to each location as stand alone servers.  Right now, DNS is handled by the DC pairs at each site respectively.  The goal is to have 2 separate DC's and 2 separate DNS servers (total of 4) at each site location.  I am aware of the process to spin up the machines, join them to the domain as member servers, and ten add the DNS roles to them, but what else needs to be done to ensure they take over, and the DC DNS roles can be safely suspended to prevent any disruption?

Thanks all!
0
Comment
Question by:cocosyseng
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 668 total points
ID: 39867566
Can I ask why you want to separate DNS in this way. AD Integrated DNS is much for secure and efficient
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 668 total points
ID: 39867577
You can allow zone transfers from the AD integrated production DC to the stand alone DNS server hosting a secondary zone of the AD integrated zone.

That zone could be made primary.   All clients (static and DHCP) need to point to the new boxes for DNS.

Make sure to note any forwarders/stub zones/etc on the current box.

Out of curiosity why do you want to go from AD Integrated to stand alone.   Are you having issues with AD Integrated DNS?

Thanks

Mike
0
 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 664 total points
ID: 39867620
I have the same general advice and questions as the others, with one last caveat. While you cancelable zone transfers and make the standalone DNS servers primary, the blast part of your question... about suspending the DNS role on the DCs...would still be problematic. There is a reason ADDS configures DNS and has that dependency. There are things ADDS does with the AD zones that will not work properly if the DNS services on the DC are suspended. You don't have to make the zones AD integrated. You don't even need to have other machines look at them beyond your visible DCs properly transferring. But they need to exist and they do need to have changes reflect out onto your visible DCs. You can't simply suspend the services.
0
 

Author Comment

by:cocosyseng
ID: 39867639
You are correct, my apologies, we are going to leave DNS as is.  DHCP is the one that we actually now need to move.  Sorry guys!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question