Adding Secondary/Backup DNS Server - Have I done it right?

[Colin Higbie]

I have two Windows 2000 Servers running our domain, both with AD. One had
DNS installed, the second server did not. I just realized this and decided
we should put DNS on the second server in case the first server went down.
There has never been an issue of load balancing - we only have a few
computers on the network. The sole purpose for the two servers is fail-over
protection. I want to prevent network downtime.

I installed DNS on the second server and replicated the AD between them
through the AD Sites and Services MMC. I changed the DNS entry in the IP
Settings on the second server to still list the other server as its first
DNS, but added itself as the secondary DNS. Is that correct?

If I open the DNS console on the second server, it shows the domain name
under forward lookup zones and says that it's Active Directory-integrated. I
would have thought it was working and correct...

Except that I also see the following:

If I click on the computer name in the DNS console, it still shows the
"Configure DNS Server" page, indicating that "This DNS server has not been
configured yet." (The first server shows the two folders, "Forward Lookup
Zones" and "Reverse Lookup Zones" on the same page.)

Also, I now see browser errors (8032 and 8021) and a W3SVC error (115) in my
System event log.

Is there more I need to do to complete the DNS config on the second server?
Did I do anything wrong?

I searched the MS Knowledge Base and found various articles, but I couldn't
tell if any of them applied to my case of just wanting a secondary backup
DNS running on the same domain solely to keep the domain working in the
event the other domain controller failed.

Thanks for any help,
Colin

 

[Guest]

You need to configure it as secondary zone to your existing DNS server.

HOW TO: Configure a Secondary Name Server in Windows Server 2003
http://support.microsoft.com/?kbid=816518

br,
Denis

 

[Kevin D. Goodknecht Sr. [MVP]]

In Colin Higbie <[email protected]> commented
Then Kevin replied below:

Read inline below.

I have two Windows 2000 Servers running our domain, both
with AD. One had DNS installed, the second server did
not. I just realized this and decided we should put DNS
on the second server in case the first server went down.
There has never been an issue of load balancing - we only
have a few computers on the network. The sole purpose for
the two servers is fail-over protection. I want to
prevent network downtime.

I installed DNS on the second server and replicated the
AD between them through the AD Sites and Services MMC. I
changed the DNS entry in the IP Settings on the second
server to still list the other server as its first DNS,
but added itself as the secondary DNS. Is that correct?

If I open the DNS console on the second server, it shows
the domain name under forward lookup zones and says that
it's Active Directory-integrated. I would have thought it
was working and correct...

Except that I also see the following:

If I click on the computer name in the DNS console, it
still shows the "Configure DNS Server" page, indicating
that "This DNS server has not been configured yet." (The
first server shows the two folders, "Forward Lookup
Zones" and "Reverse Lookup Zones" on the same page.)

Also, I now see browser errors (8032 and 8021) and a

These are Computer Browser service events and have nothing to do with DNS.
http://www.eventid.net/display.asp?eventid=8032&eventno=118&source=BROWSER&phase=1
http://www.eventid.net/display.asp?eventid=8021&eventno=117&source=BROWSER&phase=1

W3SVC error (115) in my System event log.

This event is cause because the W3SVC cannot bind to port 80 on the IP
address it is listening on. Something else is using port 80, Proxy server or
Wingate internet client installed maybe?
http://www.eventid.net/display.asp?eventid=115&eventno=639&source=W3SVC&phase=1

Is there more I need to do to complete the DNS config on
the second server? Did I do anything wrong?

Run the configure your server wizard in DNS management console, it will
configure forwarders just cancel the section on creating a new zone. The
wizard only needs to run once.

 

[wanderer]

It sounds like you have two primary DNS servers.

The idea behind having a primary and secondary DNS servers is that th
secondary is a mirror of the first. You can not edit in the secondar
DNS server. If you loose your primary dns server a right mouse clic
on the secondary DNs server will allow you to change it to primary.
Having a 2ndary server also helps in name resolution response time.

There are two other aspects of failover you need to consider. Bot
servers should have a copy of the Global Catalog. Right mouse clic
ntds properties and check the box for the GC on the 2nd server in AD.

You should also consider xfer a FSMO role or two to the 2nd server t
balance these roles across the servers


-
wandere

 

[Colin Higbie]

When you say it sounds like I "have two primary DNS servers," is that
correct or bad? I ran the wizard and the message on the screen went away. I
don't know what it had installed IIS when I installed DNS, but apparently it
did. I removed IIS and that cleared up all the other errors (I'm running a
Lotus Domino server, which is also a web server).

Do I need to change my DNS server on the second server from primary to
secondary, or is it good the way it is?

Load balancing is really not an issue. There are no workstations on the
network at present, except for an occasional few laptops, which generally
only have one connected at a time. But the two servers do need to be able to
talk to each other, replicate some files, and, most importantly, still have
full DNS access the Internet, even if the other goes down. I do use Active
Directory for security, with users and groups to control access to files and
folders.

Still a little confused...

Thanks,
Colin

 

[Kevin D. Goodknecht Sr. [MVP]]

In

It sounds like you have two primary DNS servers.

In an Active Directory environment all Active Directory Integrated DNS zones
are writable primary masters, replicated through AD replication, not by zone
transfers.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

When you say it sounds like I "have two primary DNS
servers," is that correct or bad? I ran the wizard and
the message on the screen went away. I don't know what it
had installed IIS when I installed DNS, but apparently it
did. I removed IIS and that cleared up all the other
errors (I'm running a Lotus Domino server, which is also
a web server).

IIS is installed by default on Win2k server which is why you were getting
the errors after you installed the Lotus Domino server.

Do I need to change my DNS server on the second server
from primary to secondary, or is it good the way it is?

No, do not do this, if you do the secondary will just be deleted by the
system because the zone already exists in AD and you cannot have two zones
with the same name on one DNS server..

Load balancing is really not an issue. There are no
workstations on the network at present, except for an
occasional few laptops, which generally only have one
connected at a time. But the two servers do need to be
able to talk to each other, replicate some files, and,
most importantly, still have full DNS access the
Internet, even if the other goes down. I do use Active
Directory for security, with users and groups to control
access to files and folders.

Load balancing is not what multiple DNS server are about, it is strictly
fail over, so one is always available.