locked
Backup DNS/DHCP Servers

    Question

  • I'm setting up my first multi-server environment and am having some confusion on how to setup the 2nd server as a backup DNS/DHCP.

     

    Server 1 is the DC, DNS, and DHCP server.

    Server 2 is a setup to be a RD/SQL server.

     

    Everything is setup and working great but I want to  add the DNS/DHCP roles to the 2nd server in case there is a problem with the primary server.  I've read on adding secondary zones but the DC's forward lookup zone just looks to the ISP's DNS, will this follow through?

     

    I assume I go into DHCP and set the secondary DNS as being the backup server.  

     

    How do the two DHCP servers communicate with one another so they only hand out the same set of addresses?

     

    I'm sure this is all very basic but could not find quick detail info on properly setting it up.

     

    Thanks

    Sunday, June 13, 2010 6:49 PM

Answers

  • Hello,

    It would be best to have both zones stored on DCs, so setting up an additional DC would be best for an AD design. At the moment, if you loose your AD server, your AD services will be down.  Having at least two DCs will allow you to take advantage of AD security for your DNS design.

    In any event, if you set up the DNS server service on a member server, simply set up a secondary zone pulling from the primary DNS server.  Make sure on the primary that you allow for zone transfers (properties of the zone, zone transfer tab).

    I am not clear on what you mean by "but the DC's forward lookup zone just looks to the ISP's DNS, will this follow through?" Do you mean that your AD/DNS server is set up with a forwarder to your ISP?  If so, you need to simply set up a forwarder on the secondary DNS server as well.  That configuraiton does not replicate through any zone transfers.

    How do the two DHCP servers communicate with one another so they only hand out the same set of addresses?  DHCP servers, unless running in a clustered environment, do not share the DHCP database.  Therefore you will need to "split" the scopes.  I would recommend a 50/50 design.

    For example, you would create the same scope on both DHCP servers.  Create a range on both for 192.168.0.1-192.168.0.254.  Then you would create an exlcusion on the first (192.168.0.127-192.168.0.254) and create an exclusion on the second (192.168.0.1-192.168.0.126).  If you have a need to create reservations, you will create the reservation on both servers.

     

     


    Visit: anITKB.com, an IT Knowledge Base.
    • Marked as answer by Eric_Ptek Monday, June 14, 2010 4:10 AM
    Sunday, June 13, 2010 7:49 PM

All replies

  • Hello,

    It would be best to have both zones stored on DCs, so setting up an additional DC would be best for an AD design. At the moment, if you loose your AD server, your AD services will be down.  Having at least two DCs will allow you to take advantage of AD security for your DNS design.

    In any event, if you set up the DNS server service on a member server, simply set up a secondary zone pulling from the primary DNS server.  Make sure on the primary that you allow for zone transfers (properties of the zone, zone transfer tab).

    I am not clear on what you mean by "but the DC's forward lookup zone just looks to the ISP's DNS, will this follow through?" Do you mean that your AD/DNS server is set up with a forwarder to your ISP?  If so, you need to simply set up a forwarder on the secondary DNS server as well.  That configuraiton does not replicate through any zone transfers.

    How do the two DHCP servers communicate with one another so they only hand out the same set of addresses?  DHCP servers, unless running in a clustered environment, do not share the DHCP database.  Therefore you will need to "split" the scopes.  I would recommend a 50/50 design.

    For example, you would create the same scope on both DHCP servers.  Create a range on both for 192.168.0.1-192.168.0.254.  Then you would create an exlcusion on the first (192.168.0.127-192.168.0.254) and create an exclusion on the second (192.168.0.1-192.168.0.126).  If you have a need to create reservations, you will create the reservation on both servers.

     

     


    Visit: anITKB.com, an IT Knowledge Base.
    • Marked as answer by Eric_Ptek Monday, June 14, 2010 4:10 AM
    Sunday, June 13, 2010 7:49 PM
  • Hello,

    if a server is used for remote desktop, as server 2 you should not use it for any other server roles or install SQL on it. Leave a Remote desktop server only for multiple user access and install applications and server roles on separate machines.

    For DHCP split scope configuration on Windows server 2008 R2 see also:

    http://blogs.technet.com/b/teamdhcp/archive/2009/01/22/how-to-configure-split-scope-using-wizard.aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, June 13, 2010 8:58 PM
  • Thanks.  

     

    So based on how it is setup just setup a 2nd DNS and I understand what you mean by split scope for DHCP.  I did not know if one should reference the other or not, but you are correct the first server is setup with a forward look up zone to the ISP.

    Monday, June 14, 2010 4:12 AM
  • Hello,

    if a server is used for remote desktop, as server 2 you should not use it for any other server roles or install SQL on it. Leave a Remote desktop server only for multiple user access and install applications and server roles on separate machines.

    For DHCP split scope configuration on Windows server 2008 R2 see also:

    http://blogs.technet.com/b/teamdhcp/archive/2009/01/22/how-to-configure-split-scope-using-wizard.aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    I understand.  There is another reason SQL is installed on this server and it is not going to be heavily used.

     

    It is not desirable but it is the setup the customer has, I do not want to leave them without DNS if there is a problem with the primary server.  

    Monday, June 14, 2010 4:13 AM