Need advice: Replicating DNS databases on Windows 2012 R2

Dear Experts,

I have a simple setup with three sites, each with a Windows 2012 R2 and linked by VPN to the other sites. No domains are involved, the servers are set up using Workgroups and generally work independent of each other. Now I'd like users to be able to access PCs on the other sites by hostname. For this I'd like to setup the DNS server role on the servers. So far, that's easy and I've done that for single sites before.

The question is how do I set up the separate DNS installations so that I don't have to register the individual A-records manually on each of the three servers? As I don't trust that the VPN is always up, I'd like to keep a copy on each of the servers that is somehow replicated to the others. That "somehow" is the question. (Please note again that there are and will be no domain controllers.)

Thanks for your support,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If they are not domain controllers, or if the first one is and the second server is not, then you can create a Secondary zone on the new server, which will use zone transfers from the first DNS server, which is the "Master" for the zones, whichi holds the Primary copy of the zone.
Zone transfers allow you to put a read only copy (Secondary zone) elsewhere from a read/write copy (Primary zone). Primary and Secondary zones store their data as text files. On a Windows machine, the files can be found in the \system32\dns folder with a file name such as "". You can have numerous read only copies, but there can only be one read/write of that zone.
If they were domain contrrollers, you can use AD integrated zones, which work as and are similar to Primary zones, however their data is stored as binary data in the actual AD database and not as a text file. The specific place in the AD database depends on the type of operating system and replication scope which is AD based.
Create a secondary zone: Domain Name System (DNS);
Add a secondary server for an existing zone: Domain Name System
Here's a background:
Also discussed in:
Technet forum question; "Secondary Zones?"
The basics:
•A Secondary is a read-only copy
•A Secondary zone stores it's data in a text file (by default in the system32\dns folder)
•A Seondary gets a copy of the zone data from the Primary
•A Primary is the writeable copy
•A Primary stores it's zone data in a text file (by default in the system32\dns folder)
•There can only be one Primary, but as many Secondaries as you want.
•You must allow zone transfer capabilities from the Primary zone if you want to create a Secondary.
Active directory Integrated Zones changes this a bit:
•The "only one Primary Zone" rule is changed by introducing the Multi-Master Primary feature. This is because the data is not stored as a text file, rather it is stored in the actual, physical AD database (in one of 3 differenc logical locations or what we call the Replication Scope), and any DC that has DNS installed (based on the replication scope) will be a writeable copy.
•The zone data is replicated to other DCs in the replication scope where the data is stored (based on one of the 3 logical locations)
•Each DC in the replication scope that has DNS installed, will automatically make available the zone data in DNS
•Each DC that hosts the zone can "write" to the zone, and the changes get replicated to other DCs in the replication scope of the zone/
•The DC that makes a change becomes the SOA at that point in time, until another DC makes a change to the zone, then it becomes the SOA
•An AD Integrated zone can be configured to allow zone transfers to a Secondary, but the Secondary CANNOT be a DC in the same replication scope as the zone you are trying to create as a Secondary, otherwise the DC you are attempting to create the Seconary on will automatically change it to AD integrated, since it "sees" it in the AD database. IN some cases, if this is forced or done incorrectly, it can lead to duplicate zones in the AD database, which is problematic until fixed.

Think over if you want to establish a domain in this scenario. Maybe its the next step you should do?!?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StaudteAuthor Commented:
Perfect! Thank you very much for the quick and precise explanation. I set up a secondary zone and it works like a charm :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.