Adding an Additional DNS Server to Existing 2003 Domain

We currently have 2 Windows 2003 AD servers both running DNS (AD Integrated
Zones) located on the same network. They work fine and replicate properly
when a entry is added in the DNS table.

We justed added a third AD server in a remote location for Disaster
Recovery. We installed AD and everything worked fine. Somehow when we added
DNS to this server it copied it's table (which was mostly blank) to the other
two DNS servers that were working fine. Well, you know what kind of havoc
that caused!! We got everything working again but I don't want to make the
same mistake twice.

My questions is what is the best way to copy the "_msdcs.domain.com" and
"domain.com" forward lookupo zones to the remote server without making that
mistake again. I thought when I added the DNS service and added the
"domain.com" forward lookup zone on the DR server it would replicate because
it was a AD Intergrated zone. Any suggestions??? Thanks!!

 

In

The problem was created when you manually added the zone.

If you add a new DC, always point the new DC to a current DC for DNS, don't
install and configure DNS during DCPromo.

After a full replication cycle has taken place install DNS, but do not
create any zones. Have patience and wait for the zones to replicate to the
new DNS before pointing any machines, especially itself, to it for DNS.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

Kevin,

OK understood. Now what is the best way to fix it?? I still have that
"domain.com" in that forward zone on that AD server. What are my next
steps??

Delete the "doman.com" forward zone on the DR server?
Uninstall DNS?

 

Kevin,

Looks like the "domain.com" zone is updating properly. However, the
"_msdcs.domain.com" forward lookup zone still has not appeared. Should I
continue to wait?? Thanks!!

 

In

Does the zone not have the records replicated to it?
If replication is broken due to DNS, point all three DCs to just one of the
DCs for DNS, only.
Then on the one DC performa zone re-install by changing the zone to Standard
Primary with dynamic updates allowed. Verify the AD zone id gone from the
other two DCs, and verify the zone object is gone from ADU&C
System>MicrosoftDNS container (ADU&C must be in advanced view to see the
System container)
run ipconfig /flushdns ipconfig /registerdns and restart the Netrlogon
service on all three DCs. Run netdiag /fix on all DCs then run netdiag
/test:dns /v on all DCs. If the errors are gone change the zone to AD
integrated and patiently wait for it to replicate. The only thing you may
add to the original DNS zone are NS records for the other DCs. I can't
guarantee it but is does seem to speed up replication of the zone. One thing
to keep in mind, each DC will have itself list on the SOA record as the
Primary name server, don't worry about it, it's normal behavior.

If the _msdcs.domain.com zone is not replicating you should do the same
process to it. In fact it should probably be done first, because that zone
is were all the Netlogon registrations are contained, the most important of
which is the <verylongGUID>._msdcs.domain.com Cname record must be
registered for all DCs in the forest.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

Kevin,

On the DR server in DNS the "domain.com" forward lookup zone does exist and
looks to be replicating properly. The "_msdcs.domain.com" zone is not
present at all on the DR server. This is the one I did not manually create
only "domain.com" which caused my initial trouble.

I changed the DNS entires on the DR Server to point to the two DNS servers
that are working properly. Then I restarted the server. Should the
_msdcs.domain.com zone now be created if wait patiently?? Or do I need to
follow the process you describe for the _msdcs.domain.com zone??

Since the "domain.com" zone looks to be working I shouldn't have to go
through these steps. Correct? Thanks again!!

 

In

Did you try adding the NS record for the DR server?



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================