Multiple DNS Serves in Single Zone

Have a Win 2K AD network of about 1,000 xp clients. AD network was
configured with 2 DC's. Each DC has a Primary zone configured and no
secondary zone. The clients register their DNS settings with one or the
other DNS server as each DC uses the same name for Primary Zone
(company.local).

Each of the DC's is authoritative for the same zone name (company.local).
The only issue we're having is that a client registers DNS is one of the DC.

Is this a suitable configuration?
Shouldn't there by only one server authoritative for a single zone?
How does one enable failover with 2 DC's if only one can be authoritative?

Michael

Hello Michael,

It sounds that you have configured on each server the same primary zone manual?
That's the problem, you should have one primary zone and when not using AD
integrated zones a secondary zone on the other one, which stores a copy from
the primary DNS server.

So both DC's belong to the same domain and have no problems in the event
viewer with replication in between?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Have a Win 2K AD network of about 1,000 xp clients. AD network was
> configured with 2 DC's. Each DC has a Primary zone configured and no
> secondary zone. The clients register their DNS settings with one or
> the other DNS server as each DC uses the same name for Primary Zone
> (company.local).
>
> Each of the DC's is authoritative for the same zone name
> (company.local). The only issue we're having is that a client
> registers DNS is one of the DC.
>
> Is this a suitable configuration?
> Shouldn't there by only one server authoritative for a single zone?
> How does one enable failover with 2 DC's if only one can be
> authoritative?
> Michael
>

"Michael Mach" <> wrote in message news:%23xaiJL0$...
> Have a Win 2K AD network of about 1,000 xp clients. AD network was
> configured with 2 DC's. Each DC has a Primary zone configured and no
> secondary zone. The clients register their DNS settings with one or the
> other DNS server as each DC uses the same name for Primary Zone
> (company.local).
>
> Each of the DC's is authoritative for the same zone name (company.local).
> The only issue we're having is that a client registers DNS is one of the DC.
>
> Is this a suitable configuration?
> Shouldn't there by only one server authoritative for a single zone?
> How does one enable failover with 2 DC's if only one can be authoritative?
>
> Michael
>
>


What you have are two separate and unrelated zones that each think they are masters and will never share data between them. I've honestly never heard of anyone doing it this way. It sounds like a complex solution with no advantages. I honestly wouldn't do this, for there's no fault tolerance to the zone, nor is there anyway a registration from one will appear on the other.

My recommendations are to delete the zone on one of the DCs. Then go to the other DC, and change it to AD Integrated (store zone in AD database). It will automatically appear on the other DC within 15 minutes if in one site, or 3 hours, depending on the replication schedule set on the site link. Any changes made on one, will replicate to the other as part of the default background AD replication process.

Remember one thing please, once created, never delete the zone on any of the DCs or AD will think it is a broad deletion out of the AD database and will replicate the change, and it will disappear. If you want to remove the zone from one DC, simply uninstall DNS on that DC, but never delete the zone itself.

With AD integrated zones, all zones are multi-master, and get replicated between DCs with changes, updates, registrations, etc.

The following should help to better understand AD integrated zones.

Active Directory-Integrated Zones: Domain Name System (DNS ...Mar 28, 2003 ... DNS servers running on domain controllers can store their zones in Active Directory. In this way, it is not necessary to configure a ...
http://technet.microsoft.com/en-us/l...46(WS.10).aspx

Active Directory-Integrated DNSTo use DNS integration within Active Directory, assign the zone type Active Directory-integrated when you create the zone. (For more information about how ...
http://technet.microsoft.com/en-us/l.../cc978010.aspx

DNS Primer: Tips for understanding Active Directory integrated ...Note that in Windows 2000 there was simply the option to create an Active Directory integrated zone. In Windows Server 2003, in addition ...
http://searchwindowsserver.techtarge...342779,00.html

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup/forum to benefit from collaboration among responding engineers, as well as to help others benefit from your resolution.

Ace Fekay, MCT, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

Great advice! Thank you very, very much. I was pretty sure the original
configuration was flawed, so your post helped confirm that. I plan to remove
the one primary zone from the one DC, then make the remaining one Zone on the
other DC an Active Directory Integrated Zone. Should I then go back and add
AD Integrated Zone on the second DC (that had its primary zone removed)?
--
Regards,

Michael M


"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Michael Mach" <> wrote in message news:%23xaiJL0$...
> > Have a Win 2K AD network of about 1,000 xp clients. AD network was
> > configured with 2 DC's. Each DC has a Primary zone configured and no
> > secondary zone. The clients register their DNS settings with one or the
> > other DNS server as each DC uses the same name for Primary Zone
> > (company.local).
> >
> > Each of the DC's is authoritative for the same zone name (company.local).
> > The only issue we're having is that a client registers DNS is one of the DC.
> >
> > Is this a suitable configuration?
> > Shouldn't there by only one server authoritative for a single zone?
> > How does one enable failover with 2 DC's if only one can be authoritative?
> >
> > Michael
> >
> >
>
>
> What you have are two separate and unrelated zones that each think they are masters and will never share data between them. I've honestly never heard of anyone doing it this way. It sounds like a complex solution with no advantages. I honestly wouldn't do this, for there's no fault tolerance to the zone, nor is there anyway a registration from one will appear on the other.
>
> My recommendations are to delete the zone on one of the DCs. Then go to the other DC, and change it to AD Integrated (store zone in AD database). It will automatically appear on the other DC within 15 minutes if in one site, or 3 hours, depending on the replication schedule set on the site link. Any changes made on one, will replicate to the other as part of the default background AD replication process.
>
> Remember one thing please, once created, never delete the zone on any of the DCs or AD will think it is a broad deletion out of the AD database and will replicate the change, and it will disappear. If you want to remove the zone from one DC, simply uninstall DNS on that DC, but never delete the zone itself.
>
> With AD integrated zones, all zones are multi-master, and get replicated between DCs with changes, updates, registrations, etc.
>
> The following should help to better understand AD integrated zones.
>
> Active Directory-Integrated Zones: Domain Name System (DNS ...Mar 28, 2003 ... DNS servers running on domain controllers can store their zones in Active Directory. In this way, it is not necessary to configure a ...
> http://technet.microsoft.com/en-us/l...46(WS.10).aspx
>
> Active Directory-Integrated DNSTo use DNS integration within Active Directory, assign the zone type Active Directory-integrated when you create the zone. (For more information about how ...
> http://technet.microsoft.com/en-us/l.../cc978010.aspx
>
> DNS Primer: Tips for understanding Active Directory integrated ...Note that in Windows 2000 there was simply the option to create an Active Directory integrated zone. In Windows Server 2003, in addition ...
> http://searchwindowsserver.techtarge...342779,00.html
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
>
> Please reply back to the newsgroup/forum to benefit from collaboration among responding engineers, as well as to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging
> Microsoft Certified Trainer
>
> http://twitter.com/acefekay
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
>

Hello Michael,

No, you have to wait for AD replication, additional i would reboot the server.
Nothing has to be configured on the now "empty" DNS server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Great advice! Thank you very, very much. I was pretty sure the
> original configuration was flawed, so your post helped confirm that.
> I plan to remove the one primary zone from the one DC, then make the
> remaining one Zone on the other DC an Active Directory Integrated
> Zone. Should I then go back and add AD Integrated Zone on the second
> DC (that had its primary zone removed)?
>
> Michael M
>
> "Ace Fekay [Microsoft Certified Trainer]" wrote:
>
>> "Michael Mach" <> wrote in message
>> news:%23xaiJL0$...
>>
>>> Have a Win 2K AD network of about 1,000 xp clients. AD network was
>>> configured with 2 DC's. Each DC has a Primary zone configured and
>>> no secondary zone. The clients register their DNS settings with one
>>> or the other DNS server as each DC uses the same name for Primary
>>> Zone (company.local).
>>>
>>> Each of the DC's is authoritative for the same zone name
>>> (company.local). The only issue we're having is that a client
>>> registers DNS is one of the DC.
>>>
>>> Is this a suitable configuration?
>>> Shouldn't there by only one server authoritative for a single zone?
>>> How does one enable failover with 2 DC's if only one can be
>>> authoritative?
>>> Michael
>>>
>> What you have are two separate and unrelated zones that each think
>> they are masters and will never share data between them. I've
>> honestly never heard of anyone doing it this way. It sounds like a
>> complex solution with no advantages. I honestly wouldn't do this, for
>> there's no fault tolerance to the zone, nor is there anyway a
>> registration from one will appear on the other.
>>
>> My recommendations are to delete the zone on one of the DCs. Then go
>> to the other DC, and change it to AD Integrated (store zone in AD
>> database). It will automatically appear on the other DC within 15
>> minutes if in one site, or 3 hours, depending on the replication
>> schedule set on the site link. Any changes made on one, will
>> replicate to the other as part of the default background AD
>> replication process.
>>
>> Remember one thing please, once created, never delete the zone on any
>> of the DCs or AD will think it is a broad deletion out of the AD
>> database and will replicate the change, and it will disappear. If you
>> want to remove the zone from one DC, simply uninstall DNS on that DC,
>> but never delete the zone itself.
>>
>> With AD integrated zones, all zones are multi-master, and get
>> replicated between DCs with changes, updates, registrations, etc.
>>
>> The following should help to better understand AD integrated zones.
>>
>> Active Directory-Integrated Zones: Domain Name System (DNS ...Mar 28,
>> 2003 ... DNS servers running on domain controllers can store their
>> zones in Active Directory. In this way, it is not necessary to
>> configure a ...
>>
>> http://technet.microsoft.com/en-us/l...46(WS.10).aspx
>>
>> Active Directory-Integrated DNSTo use DNS integration within Active
>> Directory, assign the zone type Active Directory-integrated when you
>> create the zone. (For more information about how ...
>>
>> http://technet.microsoft.com/en-us/l.../cc978010.aspx
>>
>> DNS Primer: Tips for understanding Active Directory integrated
>> ...Note that in Windows 2000 there was simply the option to create an
>> Active Directory integrated zone. In Windows Server 2003, in addition
>> ...
>>
>> http://searchwindowsserver.techtarge...sid68_gci13427
>> 79,00.html
>>
>> -- Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Please reply back to the newsgroup/forum to benefit from
>> collaboration among responding engineers, as well as to help others
>> benefit from your resolution.
>>
>> Ace Fekay, MCT, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging
>> Microsoft Certified Trainer
>>
>> http://twitter.com/acefekay
>> For urgent issues, you may want to contact Microsoft PSS directly.
>> Please check http://support.microsoft.com for regional support phone
>> numbers.
>>

No need. The zone will appear on the other DC after replication
completes (and after you've switched it to AD Integrated, of course ).

Chris

Thanks! Sounds too easy.
--
Regards,

Michael M


"Chris Dent" wrote:

>
> No need. The zone will appear on the other DC after replication
> completes (and after you've switched it to AD Integrated, of course ).
>
> Chris
>

Hello Michael,

Make sure that the server points with it's preferred DNS only to the other
DC/DNS for replication then change it to itself as preferred.

Also see this article to make sure you are safe:
http://support.microsoft.com/default...b;en-us;275278

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks! Sounds too easy.
>
> Michael M
>
> "Chris Dent" wrote:
>
>> No need. The zone will appear on the other DC after replication
>> completes (and after you've switched it to AD Integrated, of course
>> ).
>>
>> Chris
>>

I'm assuming you mean on the DC that we will delete the primary zone from.
For this DC, when should I change it to itself?
--
Regards,

Michael M


"Meinolf Weber [MVP-DS]" wrote:

> Hello Michael,
>
> Make sure that the server points with it's preferred DNS only to the other
> DC/DNS for replication then change it to itself as preferred.
>
> Also see this article to make sure you are safe:
> http://support.microsoft.com/default...b;en-us;275278
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Thanks! Sounds too easy.
> >
> > Michael M
> >
> > "Chris Dent" wrote:
> >
> >> No need. The zone will appear on the other DC after replication
> >> completes (and after you've switched it to AD Integrated, of course
> >> ).
> >>
> >> Chris
> >>
>
>
>

"Michael Mach" <> wrote in message news:01179B09-AA7F-4FD4-AF5F-...
> Great advice! Thank you very, very much. I was pretty sure the original
> configuration was flawed, so your post helped confirm that. I plan to remove
> the one primary zone from the one DC, then make the remaining one Zone on the
> other DC an Active Directory Integrated Zone.

You are welcome!

> Should I then go back and add
> AD Integrated Zone on the second DC (that had its primary zone removed)?

As I said in my post, ABSOLUTELY NOT. If you do, it will create a duplicate zone problem in AD, which is complex to clean up. Just wait. be patient. Go get lunch, take a long break, etc, and just go to the second DC, and simply hit the F5 key to refresh the console. The zone will appear automatically.


Ace