DNS Replacement in migration to 2008R2

I have two DCs as the forest root with one the primary DNS for the
domain and the other the secondary DNS. All the servers and DCs point
to these two for primary and secondary DNS entries. I want to replace
both with 2008R2 (they are 2003R2 now) and use the same IP addresses for
them. Is the best way to achieve this something like this procedure
(assuming the forest is prepped and ready).

1. Turn off the secondary DNS
2. Create a new 2008R2 server and assign it the secondary DNS address
3. Promote the new server into the domain and make it a secondary DNS
server
4. See how things run
5. Turn off the primary DNS server and repeat the above steps


Thanks.

Hello Brett,

In a domain i would install DNS on the DCs and use AD integrated zones, that
way all DNS servers replicate with AD also the DNS zone information and the
biggest advantage, all DNS servers are writable, a secondary DNS is a read-only
copy and you cannot create new records if the primary is down.

So in your case i would configure the secondary DC/DNS to use the primary
as preferred on the NIC only, remove the secondary zone from it and change
on the primary the zone to AD integrated. Then i would reboot the former
secondary DC/DNS machine and wait until replication for DNS has occured.

Now to keep the ip address from one of the DNS servers, change on the first
DC the ip address to another free one and run ipconfig /flushdns and ipconfig
/registerdns and restart the netlogon service or reboot. Control in the DNS
zones that the change is registered and replicated to the other DNS server
also. Now you can use the free ip address and change the first new installed
server to it. Make the same way with the second server.

After each step check that DNS zones show the new correct records before
going on. Also i would use the support tools to make sure all is healthy:
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported
with Windows server 2008 and higher]
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more then
one DC exists)
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)

You have to find some time for it with less users working or better at weekend
time or COB, this prevents you from doing all in the hurry and in case of
problems you have time to solve them.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have two DCs as the forest root with one the primary DNS for the
> domain and the other the secondary DNS. All the servers and DCs point
> to these two for primary and secondary DNS entries. I want to replace
> both with 2008R2 (they are 2003R2 now) and use the same IP addresses
> for them. Is the best way to achieve this something like this
> procedure (assuming the forest is prepped and ready).
>
> 1. Turn off the secondary DNS
> 2. Create a new 2008R2 server and assign it the secondary DNS address
> 3. Promote the new server into the domain and make it a secondary DNS
> server
> 4. See how things run
> 5. Turn off the primary DNS server and repeat the above steps
> Thanks.
>

Thanks. I'll spend some time digesting this and will be back with more
questions.

What is COB?
On 6/14/2010 15:04, Meinolf Weber [MVP-DS] wrote:
> Hello Brett,
>
> In a domain i would install DNS on the DCs and use AD integrated zones,
> that way all DNS servers replicate with AD also the DNS zone information
> and the biggest advantage, all DNS servers are writable, a secondary DNS
> is a read-only copy and you cannot create new records if the primary is
> down.
>
> So in your case i would configure the secondary DC/DNS to use the
> primary as preferred on the NIC only, remove the secondary zone from it
> and change on the primary the zone to AD integrated. Then i would reboot
> the former secondary DC/DNS machine and wait until replication for DNS
> has occured.
>
> Now to keep the ip address from one of the DNS servers, change on the
> first DC the ip address to another free one and run ipconfig /flushdns
> and ipconfig /registerdns and restart the netlogon service or reboot.
> Control in the DNS zones that the change is registered and replicated to
> the other DNS server also. Now you can use the free ip address and
> change the first new installed server to it. Make the same way with the
> second server.
>
> After each step check that DNS zones show the new correct records before
> going on. Also i would use the support tools to make sure all is healthy:
> dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
> netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't
> supported with Windows server 2008 and higher] repadmin /showrepl dc*
> /verbose /all /intersite >c:\repl.txt (if more then one DC exists)
> dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
>
> You have to find some time for it with less users working or better at
> weekend time or COB, this prevents you from doing all in the hurry and
> in case of problems you have time to solve them.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I have two DCs as the forest root with one the primary DNS for the
>> domain and the other the secondary DNS. All the servers and DCs point
>> to these two for primary and secondary DNS entries. I want to replace
>> both with 2008R2 (they are 2003R2 now) and use the same IP addresses
>> for them. Is the best way to achieve this something like this
>> procedure (assuming the forest is prepped and ready).
>>
>> 1. Turn off the secondary DNS
>> 2. Create a new 2008R2 server and assign it the secondary DNS address
>> 3. Promote the new server into the domain and make it a secondary DNS
>> server
>> 4. See how things run
>> 5. Turn off the primary DNS server and repeat the above steps
>> Thanks.
>>
>
>

It appears we are set to use integrated zones as Propertie->Advanced
shows Load Zone data on startup from AD and registry


On 6/14/2010 15:04, Meinolf Weber [MVP-DS] wrote:
> Hello Brett,
>
> In a domain i would install DNS on the DCs and use AD integrated zones,
> that way all DNS servers replicate with AD also the DNS zone information
> and the biggest advantage, all DNS servers are writable, a secondary DNS
> is a read-only copy and you cannot create new records if the primary is
> down.
>
> So in your case i would configure the secondary DC/DNS to use the
> primary as preferred on the NIC only, remove the secondary zone from it
> and change on the primary the zone to AD integrated. Then i would reboot
> the former secondary DC/DNS machine and wait until replication for DNS
> has occured.
>
> Now to keep the ip address from one of the DNS servers, change on the
> first DC the ip address to another free one and run ipconfig /flushdns
> and ipconfig /registerdns and restart the netlogon service or reboot.
> Control in the DNS zones that the change is registered and replicated to
> the other DNS server also. Now you can use the free ip address and
> change the first new installed server to it. Make the same way with the
> second server.
>
> After each step check that DNS zones show the new correct records before
> going on. Also i would use the support tools to make sure all is healthy:
> dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
> netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't
> supported with Windows server 2008 and higher] repadmin /showrepl dc*
> /verbose /all /intersite >c:\repl.txt (if more then one DC exists)
> dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
>
> You have to find some time for it with less users working or better at
> weekend time or COB, this prevents you from doing all in the hurry and
> in case of problems you have time to solve them.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I have two DCs as the forest root with one the primary DNS for the
>> domain and the other the secondary DNS. All the servers and DCs point
>> to these two for primary and secondary DNS entries. I want to replace
>> both with 2008R2 (they are 2003R2 now) and use the same IP addresses
>> for them. Is the best way to achieve this something like this
>> procedure (assuming the forest is prepped and ready).
>>
>> 1. Turn off the secondary DNS
>> 2. Create a new 2008R2 server and assign it the secondary DNS address
>> 3. Promote the new server into the domain and make it a secondary DNS
>> server
>> 4. See how things run
>> 5. Turn off the primary DNS server and repeat the above steps
>> Thanks.
>>
>
>