Multiple DNS Serves in Single Zone

Discussion in 'DNS Server' started by Michael Mach, Jul 7, 2009.

  1. Michael Mach

    Michael Mach Guest

    Have a Win 2K AD network of about 1,000 xp clients. AD network was
    configured with 2 DC's. Each DC has a Primary zone configured and no
    secondary zone. The clients register their DNS settings with one or the
    other DNS server as each DC uses the same name for Primary Zone
    (company.local).

    Each of the DC's is authoritative for the same zone name (company.local).
    The only issue we're having is that a client registers DNS is one of the DC.

    Is this a suitable configuration?
    Shouldn't there by only one server authoritative for a single zone?
    How does one enable failover with 2 DC's if only one can be authoritative?

    Michael
     
    Michael Mach, Jul 7, 2009
    #1
    1. Advertisements

  2. Hello Michael,

    It sounds that you have configured on each server the same primary zone manual?
    That's the problem, you should have one primary zone and when not using AD
    integrated zones a secondary zone on the other one, which stores a copy from
    the primary DNS server.

    So both DC's belong to the same domain and have no problems in the event
    viewer with replication in between?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jul 7, 2009
    #2
    1. Advertisements


  3. What you have are two separate and unrelated zones that each think they are masters and will never share data between them. I've honestly never heard of anyone doing it this way. It sounds like a complex solution with no advantages. I honestly wouldn't do this, for there's no fault tolerance to the zone, nor is there anyway a registration from one will appear on the other.

    My recommendations are to delete the zone on one of the DCs. Then go to the other DC, and change it to AD Integrated (store zone in AD database). It will automatically appear on the other DC within 15 minutes if in one site, or 3 hours, depending on the replication schedule set on the site link. Any changes made on one, will replicate to the other as part of the default background AD replication process.

    Remember one thing please, once created, never delete the zone on any of the DCs or AD will think it is a broad deletion out of the AD database and will replicate the change, and it will disappear. If you want to remove the zone from one DC, simply uninstall DNS on that DC, but never delete the zone itself.

    With AD integrated zones, all zones are multi-master, and get replicated between DCs with changes, updates, registrations, etc.

    The following should help to better understand AD integrated zones.

    Active Directory-Integrated Zones: Domain Name System (DNS ...Mar 28, 2003 ... DNS servers running on domain controllers can store their zones in Active Directory. In this way, it is not necessary to configure a ...
    http://technet.microsoft.com/en-us/library/cc772746(WS.10).aspx

    Active Directory-Integrated DNSTo use DNS integration within Active Directory, assign the zone type Active Directory-integrated when you create the zone. (For more information about how ...
    http://technet.microsoft.com/en-us/library/cc978010.aspx

    DNS Primer: Tips for understanding Active Directory integrated ...Note that in Windows 2000 there was simply the option to create an Active Directory integrated zone. In Windows Server 2003, in addition ...
    http://searchwindowsserver.techtarget.com/tip/0,289483,sid68_gci1342779,00.html

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup/forum to benefit from collaboration among responding engineers, as well as to help others benefit from your resolution.

    Ace Fekay, MCT, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging
    Microsoft Certified Trainer

    http://twitter.com/acefekay

    For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [Microsoft Certified Trainer], Jul 7, 2009
    #3
  4. Michael Mach

    Michael Mach Guest

    Great advice! Thank you very, very much. I was pretty sure the original
    configuration was flawed, so your post helped confirm that. I plan to remove
    the one primary zone from the one DC, then make the remaining one Zone on the
    other DC an Active Directory Integrated Zone. Should I then go back and add
    AD Integrated Zone on the second DC (that had its primary zone removed)?
    --
    Regards,

    Michael M
     
    Michael Mach, Jul 8, 2009
    #4
  5. Hello Michael,

    No, you have to wait for AD replication, additional i would reboot the server.
    Nothing has to be configured on the now "empty" DNS server.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jul 8, 2009
    #5
  6. Michael Mach

    Chris Dent Guest

    No need. The zone will appear on the other DC after replication
    completes (and after you've switched it to AD Integrated, of course :)).

    Chris
     
    Chris Dent, Jul 8, 2009
    #6
  7. Michael Mach

    Michael Mach Guest

    Thanks! Sounds too easy.
     
    Michael Mach, Jul 8, 2009
    #7
  8. Meinolf Weber [MVP-DS], Jul 8, 2009
    #8
  9. Michael Mach

    Michael Mach Guest

    I'm assuming you mean on the DC that we will delete the primary zone from.
    For this DC, when should I change it to itself?
    --
    Regards,

    Michael M
     
    Michael Mach, Jul 8, 2009
    #9
  10. You are welcome!
    As I said in my post, ABSOLUTELY NOT. If you do, it will create a duplicate zone problem in AD, which is complex to clean up. Just wait. be patient. Go get lunch, take a long break, etc, and just go to the second DC, and simply hit the F5 key to refresh the console. The zone will appear automatically.


    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jul 8, 2009
    #10
  11. As Meinolf said, yes. But wait for the zone to appear first. For each DC, point to itself as the first entry, then the other DC as the second entry.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jul 8, 2009
    #11
  12. Michael Mach

    Michael Mach Guest

    So here is what I have to do. Currently both DC1 and DC2 have primary zones
    with the same name...

    1. Delete Primary Zone on DC2.
    2. Point DNS on DC2 to DC1 only.
    3. Configure DC1 as AD Integrated.
    4. WAIT for replication of DNS records from DC1 to DC2.
    5. After replication, point DNS on DC2 to itself and then to DC1.

    Is this correct?
    --
    Regards,

    Michael M
     
    Michael Mach, Jul 8, 2009
    #12
  13. Yep, sounds like a good plan.

    Let us know how you make out.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jul 8, 2009
    #13
  14. Michael Mach

    Michael Mach Guest

    Went through the 5 steps and worked great! I now am replicating both ways on
    the DC's! Thanks for your advice.
    --
    Regards,

    Michael M
     
    Michael Mach, Jul 8, 2009
    #14
  15. You are welcome, Michael! If you have any other questions, don't hesitate to ask.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jul 8, 2009
    #15
  16. Hello Michael,

    Nice to hear, thanks for the feedback.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jul 9, 2009
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.