Adding DNS to internal Lan for use with a new network.

Discussion in 'DNS Server' started by Paul Hesse, Mar 6, 2008.

  1. Paul Hesse

    Paul Hesse Guest

    Hi guys.

    I am deploying a new 2008 server DC with AD. By default when I run DCPROMO
    the wizard installs DNS on the domain controller which works fine. I would
    really like
    to have DNS running on its own box and not the DC so as to provide some

    I was thinking of doing the following. Bring up DNS/DHCP on its own box first.

    Run DCPROMO on the DC and point it to the DNS box so AD can register with
    that dns service. Then once the DC is up I can join the DNS/DHCP box to the

    I will be using this on a internal network only. My concern was that if I
    client computers that join the domain to the stand alone DNS server they
    will be able to register their machines in DNS so that dns can be used
    instead of
    wins to resolve machine names to ip addresses over the internal lan.

    Would this be considered a good method or is their a better way of doing this.

    Thanks Paul.
    Paul Hesse, Mar 6, 2008
    1. Advertisements

  2. Paul Hesse

    Yue Luo Guest

    To support AD operation, you must have DNS server running on some of the DCs.
    What is your concern about running DNS on DC?

    Yue Luo, Mar 19, 2008
    1. Advertisements

  3. Read inline please.

    Your concerns for running DNS on the DC are really unfounded. The DC is the
    best place for DNS because only DCs support storing zones in Active
    Directory, which allows you to make only secure updates to DNS. You may also
    run DNS on member servers by running Secondary zones on them. While
    Secondary zones cannot accept updates because the zone data is read only,
    client will use the SOA record to find the master DNS server that accepts
    One note about running secondary zones to ADI DDNS zones, every time the ADI
    zone accepts an update, the secondary will request a zone transfer, causing
    zone transfer events and 3000 events that can be ignored so long as the zone
    transfer events are for successful zone transfers.

    It may be too late, but the first DC should point to itself only during
    DCPromo so DCPromo can create the proper zones and Replication directory
    partitions. All additional DCs must point to an Existing DC for DNS during
    the DCpromo process. After additional DCs w/DNS are running, each DC should
    point to another DC for DNS in ADDITION to itself, this includes the
    original first DC. Doing this will prevent startup errors and speed startup

    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    Keep a back up of your OE settings and folders
    with OEBackup:
    Kevin D. Goodknecht Sr. [MVP], Mar 19, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.