Adding a second DNS server

  • Thread starter Thread starter Melanie
  • Start date Start date
M

Melanie

I have a Windows 2000 AD with one DNS server - it is on a DC. I would like
to add a backup dns server. I have a spare Windows 2003 server that is not
a DC.

Can I install DNS on the 2003 server? And how do I configure a backup DNS
server?
 
In Melanie <[email protected]> posted a question
Then Kevin replied below:
: I have a Windows 2000 AD with one DNS server - it is on a DC. I
: would like to add a backup dns server. I have a spare Windows 2003
: server that is not a DC.
:
: Can I install DNS on the 2003 server? And how do I configure a
: backup DNS server?

You can but do not add an NS record for it, set the primary to notify it for
a zone transfer.

You can DCPROMO It into the Win2k domain as a DC if you follow the steps.
Just having a secondary DNS does not give you the redudacy you will need. IF
the Win2k DC goes down DNS would not help you much, other than browsing the
web and checking email. Even that may be incredibly slow because the DC
won't be there to authenticate for you.
 
Thanks. I am following a Knowledge Base article from MS 313563. Is there
something different to follow? You say not to add an NS record?

I have another DC in my environment so I am not worried about making this
server a DC.
 
In Melanie <[email protected]> posted a question
Then Kevin replied below:
: Thanks. I am following a Knowledge Base article from MS 313563. Is
: there something different to follow?
I was refering to adding a win2k3 to a Win2k Domain as a DC.

: You say not to add an NS record?

Not for the Active Directory Domain, Only DCs should have NS records in the
AD Domain zone, this will prevent machines from attempting to register in
the Zone, They will only look for the MNAME record (Primary name server).


:
: I have another DC in my environment so I am not worried about making
: this server a DC.
If you have another DC do you not have DNS on it?
All the other DC needs is DNS installed, if you use AD Integrated Zones they
will be replicated to all DCs in the domain with DNS installed, regardless
of if you point any machines to it at all. It is more secure than even a
secondary zone which is a read only zone, a secondary zone uses a text file
on the hard drive to store its data, and that Text file can be modified by a
malicious user.
I believe in keeping security tight, remember some users make modifications,
just to see if they can. I don't believe in tempting anyone by dangling it
in front of them.
 
Back
Top