none
Question regarding setting up NON-AD integrated secondary DNS server in DMZ RRS feed

  • Question

  • HI have an existing server in DMZ not joined to any domain which is just running DNS role and has a forward lookupzone configured with few entries as well as a reverse lookup zone.

    I wanted to setup another non domain joined DNS server in the existing DMZ for load balancing and redundancy.

    what should be the correct configuration for me? Like select secondary zone when creating forward lookup zone on this second server? Please guide me in this.

    John

    Monday, January 25, 2016 7:02 PM

Answers

  • Hello Jaspre150

    If you want to add a new DNS Server in your demilitarized zone for load balancing purposes there are multiple ways do to this :

    - You can create Secondary Zone and set the first DNS Server as the Primary Server

    - You can configure a full forward/a conditional forward on the secondary server (But is not recommended because if you would do so the secondary server would always query the primary server which causes network traffic)

    -Or you could simply create a Stub Zone (It only consists of necessary RRs such as SOA, NS, and Host which means A and AAAA records)

    -Or if you don't want to go through all of the zone creation configurations again and also you don't want to use above methods you can go to DNS Folder (%WinDir%\System32\DNS) and copy the file named exactly like you zone with a .dns extension and past it in your secondary server DNS Folder and then activate Dynamic Updates (unluckily since your DNS Servers have not joined any Domains you have to choose the Unsecure Dynamic Update which is not so unsecure indeed) so records would always be updated.

    I suspect there is no any other possible method for doing this.

    Regards

    Ben

    Monday, January 25, 2016 7:19 PM
  • Either you make it host a primary zone and you need to manually duplicate the DNS records on both servers each time you add / remove new ones or you make it a secondary DNS server and you enable DNS transfers from your existing server to it.

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Tuesday, January 26, 2016 12:31 AM

All replies

  • Hello Jaspre150

    If you want to add a new DNS Server in your demilitarized zone for load balancing purposes there are multiple ways do to this :

    - You can create Secondary Zone and set the first DNS Server as the Primary Server

    - You can configure a full forward/a conditional forward on the secondary server (But is not recommended because if you would do so the secondary server would always query the primary server which causes network traffic)

    -Or you could simply create a Stub Zone (It only consists of necessary RRs such as SOA, NS, and Host which means A and AAAA records)

    -Or if you don't want to go through all of the zone creation configurations again and also you don't want to use above methods you can go to DNS Folder (%WinDir%\System32\DNS) and copy the file named exactly like you zone with a .dns extension and past it in your secondary server DNS Folder and then activate Dynamic Updates (unluckily since your DNS Servers have not joined any Domains you have to choose the Unsecure Dynamic Update which is not so unsecure indeed) so records would always be updated.

    I suspect there is no any other possible method for doing this.

    Regards

    Ben

    Monday, January 25, 2016 7:19 PM
  • Either you make it host a primary zone and you need to manually duplicate the DNS records on both servers each time you add / remove new ones or you make it a secondary DNS server and you enable DNS transfers from your existing server to it.

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Tuesday, January 26, 2016 12:31 AM
  • Hi Jaspre150,

    As far as I'm concerned, use secondary DNS zone is a good way to load balance, as secondary zone could updates records from primary zone automatically.

    If so, we also need to configure DNS server address on clients, mark a part of the clients to use primary DNS server for name resolution and another part to use secondary DNS server.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, January 26, 2016 2:36 AM
    Moderator