High Availability DNS solution for AD

Considering HA for company's DNS infrastructure.  We have hybrid on-prem and cloud Azure setup.  Thinking off having a primary DNS on-prem Domain Controller and secondary on Azure as a failover.  Anyone has a similar setup and can suggest something.
 Please do.
LVL 17
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mal OsborneAlpha GeekCommented:
DNS was designed from the beginning with high availability in mind. Just set the two up to do zone transfers for replication, use DHCP to configure clients to use the internal DNS as a primary, with the Azure hosted one as a secondary.

If you want you can configure domain registration to point to both DNS server as well.

This stuff has not changed much in the last few decades.
Just put DNS where your domain controllers are.
Put dc in Azure if you have any server infrastructure or applications deployed in Azure which need ad authentication
Consider it as DR dc and you can use it to rebuild ad services when disaster happens
If you put it as secondary on devices, when disaster happens you will loss connectivity to azure dc as well as internet and vpn both are required to connect to that dc and disaster means you loss everything incliding onpremise setup, internet and so on.

You already must be having multiple dc/dns servers on premise which is already highly available, the condition never comes under normal circumstances that *all* onpremise dcs are down / failed and you need to contact cloud dc, further if ad gets currupted, you need to undergo forest recovery where you need to rely on last good AD system state backup before corruption and in that case your azure dc can't help you as it also needs to be decommissioned and redeployed

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

nociSoftware EngineerCommented:
DNS is setup for HA, create a master zone somewhere and some slaves on other DNS servers.
Then any update will be propagated BY DNS servers if a zone gets updated on the master.
DHCP servers should point to the master DNS server for updating.

If a Master is irretrievably lost then a slave can be promoted to master to continue the work.
This is a part of DNS that exists since it's inception.
Shaun VermaakTechnical SpecialistCommented:
Thinking off having a primary DNS on-prem Domain Controller and secondary on Azure as a failover.
This is a very common design, although usually two on-prem. Setup DNS as Active Directory Integrated
DrDave242Principal Support EngineerCommented:
I second the advice to use AD-integrated DNS zones. Then you don't have to worry about all of the primary/secondary zone transfer setup, as DNS replication will be handled by AD.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IT Administration

From novice to tech pro — start learning today.