none
1 DC with AD Integrated DNS + 1 File Server with DNS rol - non AD integrated RRS feed

  • Question

  • Hi all,

    New to my company.  Found they have one, yes one, Windows 2008 R2 DC with AD integrated DNS enabled.  They have a file server with a secondary DNS server installed, which is obviously not AD integrated.  I want to install a secondary DC and get rid of this other DNS server.  What is my best path?  Build the secondary DC with DNS AD integrated, update DHCP with new DNS server, and then uninstall the DNS role from the file server?  Details, gotcha's, etc. appreciated!

    -WDE

    Tuesday, August 29, 2017 7:04 PM

Answers

  • Hi,

    >>Build the secondary DC with DNS AD integrated, update DHCP with new DNS server, and then uninstall the DNS role from the file server?

    Yes, I agree with you.It is a wise choice. Since the zones are integrated there isn't a local zone file on each server for each zone, the zones are stored in the Domain partition of the AD database on each server. DNS records can be created, updated, refreshed, or deleted from any server that holds a copy of the integratede zones and those changes will be replicated to all other servers holding a copy of the zones through the normal AD replication process.

    To avoid DNS island issue, if your dns1 and dns2..... dns1=192.168.1.10, dns2=192.168.1.11

    On DNS1 you set the tcp/ip like:

    IP: 192.168.1.10
    Gateway: 192.168.1.1
    Primary DNS: 192.168.1.11
    Secondary DNS: 127.0.0.1 (itself)

    and you have the opposite on DNS2 such as:
    IP: 192.168.1.11
    Gateway: 192.168.1.1
    Primary DNS: 192.168.1.10
    Secondary DNS: 127.0.0.1 (itself)

    Then DHCP hands out the DNS servers to all the PCs as:

    Primary DNS: 192.168.1.10
    Secondary: 192.168.1.11

    It’s better to configure DNS zones allow only secure dynamic updates

    More information about Best Practices Analyzer for Domain Name System,  please refer to the following article:

    https://technet.microsoft.com/en-us/library/dd391963%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Best Regards,

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 30, 2017 5:43 AM

All replies

  • Hi,

    >>Build the secondary DC with DNS AD integrated, update DHCP with new DNS server, and then uninstall the DNS role from the file server?

    Yes, I agree with you.It is a wise choice. Since the zones are integrated there isn't a local zone file on each server for each zone, the zones are stored in the Domain partition of the AD database on each server. DNS records can be created, updated, refreshed, or deleted from any server that holds a copy of the integratede zones and those changes will be replicated to all other servers holding a copy of the zones through the normal AD replication process.

    To avoid DNS island issue, if your dns1 and dns2..... dns1=192.168.1.10, dns2=192.168.1.11

    On DNS1 you set the tcp/ip like:

    IP: 192.168.1.10
    Gateway: 192.168.1.1
    Primary DNS: 192.168.1.11
    Secondary DNS: 127.0.0.1 (itself)

    and you have the opposite on DNS2 such as:
    IP: 192.168.1.11
    Gateway: 192.168.1.1
    Primary DNS: 192.168.1.10
    Secondary DNS: 127.0.0.1 (itself)

    Then DHCP hands out the DNS servers to all the PCs as:

    Primary DNS: 192.168.1.10
    Secondary: 192.168.1.11

    It’s better to configure DNS zones allow only secure dynamic updates

    More information about Best Practices Analyzer for Domain Name System,  please refer to the following article:

    https://technet.microsoft.com/en-us/library/dd391963%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Best Regards,

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 30, 2017 5:43 AM
  • Thanks Frank! I appreciate the confirmation and additional information/resources.

    -Wayne

    Wednesday, August 30, 2017 11:53 AM
  • Hi,
    Please mark the useful answer.

    Please let us know if you would like further assistance.

    Best Regards,

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 31, 2017 1:58 AM