none
DNS Infrastructure - Is my idea crazy? RRS feed

  • Question

  • Hello DNS Guru's,

    I'm obviously not a guru which is why I'm here.  What are your thoughts, comments, or recommendations about this idea?

    I have a few DC's in various physical regions running DNS for internal zones.  LOTS of systems are pointing to DC's for DNS, radius and other things.  Now the DC IP has to change, which sucks.

    • I want to have a separate server (say "NS1.myDomain.com") running DNS only, but still have all the same DNS records as before
    • This will allow non-domain admins to log into the physical server and DNS'y things, adjust disk size, view dns logs, etc
    • I was hoping DNS records created / edited here would be replicated to all other DCs, but that is not the case, correct?

    Since NS1 is not a DC, I can't have AD integration and replication.  I like having the security features of AD integrated zones and hope to keep it safe.  But does anyone else have suggestions, or can you point me to proper terminologies or processes to follow to guide me through a safe configuration?  Is this a good, bad, or horrible idea?  Is secondary zones the way to go?

    Thursday, October 10, 2019 10:04 PM

Answers

All replies

  • Hi,

    I suggest to can keep DNS role on domain controller and on NS1.mydomain.com, you can install a secondary DNS zone. 


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    Thursday, October 10, 2019 10:29 PM
  • Thanks for the quick reply. To clarify, I wasn't going to remove DNS from the DC, only create a new DNS host. I will look into the 2ndary zone and why my attempts aren't working.
    Thursday, October 10, 2019 10:32 PM
  • Hi Thameur and others...

    So a 2ndary zone is read only.  Ok, not what I was hoping the but the load balancing feature may be enough of a benefit in itself.  Now, knowing that it is a read only copy... :

    a) if I configure my existing DHCP server to point clients to this new "NS1" server that is read only.  Will it (DHCP/AD/DNS) still be able to update DNS records based on DHCP assignments?  (Currently, my DHCP server is on a DC with DNS and it does currently do the updates as expected)

    Friday, October 11, 2019 12:51 AM
  • Hi,

    How are things going on?

    Did you already configure DHCP to point clients with the new secondary DNS server? Then the records can update into the DNS? 


    Furthermore, as the research, the registering entity (the client or the DHCP server itself) will query the SOA of the zone, then sends the registration request to the SOA.

    It's really independent of the DNS zone type.

    We can refer to the threads discussed secondary DNS, 

    Will a client that points to a "Secondary" DNS server still be able to register its record in DNS?

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/4adf786a-49fa-470e-b432-4cd0500c6898/will-a-client-that-points-to-a-quotsecondaryquot-dns-server-still-be-able-to-register-its-record?forum=winserverNIS

    How to replicate dns record to a second dns server in domain?

    https://social.technet.microsoft.com/Forums/forefront/en-US/8b057056-7d90-4be5-a967-c352d82e6406/how-to-replicate-dns-record-to-a-second-dns-server-in-domian?forum=winservergen

    Hope above information can help you.

    Highly appreciate your effort and time. If you have any question or concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by Drew.Prince Friday, October 11, 2019 2:26 PM
    Friday, October 11, 2019 9:38 AM
  • Hi Michael,
    Thank you for the response, details, and references, it is very much appreciated.  I have not yet tested it, but I will shortly.

    Thanks again

    Friday, October 11, 2019 2:26 PM
  • Hi,

    I'm very glad that the information here is helpful to you. 

    Highly appreciate your effort and time, if you have any question or concern, please feel free to let me know.

    Thanks for your sharing and support.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, October 14, 2019 1:54 AM