Backing up DNS information

[LastYJ]

Is there any way to back up DNS information in Windows Server 2003
Standard?

I have a total of three Win 2003 Domain Controllers which are DNS servers
as well. Two in Toronto, one in Calgary.

Last evening, the two that are in Toronto lost all of their zones under
both the Forward and Reverse Lookup Zones.

I found out the problems when users who are on shift were kicked out of
Outlook and some were not able to login to the domain.

The first thing I did was TermServ into the Exchange 2003 server. For
something that normally takes 30 seconds, it took well over five mintues.
I then suspect it was a DNS problem.

So, I tried to TermServ into the DC's and as suspected, both the Forward
Lookup Zone and the Reverse Lookup Zone were empty, as if the DNS server
was never configured.

I looked in the event logs and these are some of the errors:

The DNS server received indication that zone zoo.domain-removed.com was
deleted from the Active Directory. Since this zone was an Active Directory
integrated zone, it has been deleted from the DNS server.

The DNS server received indication that zone 34.20.10.in-addr.arpa was
deleted from the Active Directory. Since this zone was an Active Directory
integrated zone, it has been deleted from the DNS server.

The DNS server received indication that zone 36.20.10.in-addr.arpa was
deleted from the Active Directory. Since this zone was an Active Directory
integrated zone, it has been deleted from the DNS server.

The DNS server has encountered numerous run-time events. To determine the
initial cause of these run-time events, examine the DNS server event log
entries that precede this event. To prevent the DNS server from filling the
event log too quickly, subsequent events with Event IDs higher than 3000
will be suppressed until events are no longer being generated at a high
rate.


I have no idea as to why it would think the zone was deleted from the AD.
Nobody was doing anything at that time. I called Microsoft Support, spent
$350 and over three hours being cut off, and transferred to five different
people explaining the situation over and over and over and over again, with
bad phone lines and bad accents (I don't mean to offend anyone) and didn't
get an answer or resolution.

Luckily, the DNS info were not replicated to Calgary and I was able to re-
create the zones on both Toronto DC's as secondary and copy the information
from the Calgary DNS server. I then changed one of the Toronto DC's from
seconday back to AD-integrated and all seems to be well.

So, my question is, will taking a System State snapshot for the AD-
integrated DNS server help me in backing up the DNS information and how
would I prevent this from ever happening again? Luckily it was not during
the day, and even though we have staff 24/7, it didn't cause too much
inconvenience.

Sorry for the long post and I hope someone has an idea as to what the hell
happened. Thank you.


Chris.

 

[Ace Fekay [MVP]]

In

Is there any way to back up DNS information in Windows Server 2003
Standard?

I have a total of three Win 2003 Domain Controllers which are DNS
servers
as well. Two in Toronto, one in Calgary.

Last evening, the two that are in Toronto lost all of their zones
under
both the Forward and Reverse Lookup Zones.

I found out the problems when users who are on shift were kicked out
of
Outlook and some were not able to login to the domain.

The first thing I did was TermServ into the Exchange 2003 server. For
something that normally takes 30 seconds, it took well over five
mintues.
I then suspect it was a DNS problem.

So, I tried to TermServ into the DC's and as suspected, both the
Forward
Lookup Zone and the Reverse Lookup Zone were empty, as if the DNS
server
was never configured.

I looked in the event logs and these are some of the errors:

The DNS server received indication that zone zoo.domain-removed.com
was
deleted from the Active Directory. Since this zone was an Active
Directory integrated zone, it has been deleted from the DNS server.

The DNS server received indication that zone 34.20.10.in-addr.arpa was
deleted from the Active Directory. Since this zone was an Active
Directory integrated zone, it has been deleted from the DNS server.

The DNS server received indication that zone 36.20.10.in-addr.arpa was
deleted from the Active Directory. Since this zone was an Active
Directory integrated zone, it has been deleted from the DNS server.

The DNS server has encountered numerous run-time events. To determine
the
initial cause of these run-time events, examine the DNS server event
log
entries that precede this event. To prevent the DNS server from
filling the
event log too quickly, subsequent events with Event IDs higher than
3000
will be suppressed until events are no longer being generated at a
high
rate.


I have no idea as to why it would think the zone was deleted from the
AD.
Nobody was doing anything at that time. I called Microsoft Support,
spent $350 and over three hours being cut off, and transferred to
five different
people explaining the situation over and over and over and over
again, with
bad phone lines and bad accents (I don't mean to offend anyone) and
didn't
get an answer or resolution.

Luckily, the DNS info were not replicated to Calgary and I was able
to re-
create the zones on both Toronto DC's as secondary and copy the
information
from the Calgary DNS server. I then changed one of the Toronto DC's
from
seconday back to AD-integrated and all seems to be well.

So, my question is, will taking a System State snapshot for the AD-
integrated DNS server help me in backing up the DNS information and
how
would I prevent this from ever happening again? Luckily it was not
during
the day, and even though we have staff 24/7, it didn't cause too much
inconvenience.

Sorry for the long post and I hope someone has an idea as to what the
hell happened. Thank you.


Chris.

If someone meant to delete a zone off a particular DNS server, and the zone
is AD Integrated, unfortunately the system will translate it as a request to
delete the zone entirely out of the AD database. You can test that by
creating a demo.com zone, make it AD integrated, create the zone on all
DC/DNS servers as AD Integrated, then delete it from one of them. You will
find it is deleted from the database entirely and will affect all DNS
servers.

A system state backup will back up the AD Database. To restore just the zone
data, however, you will need to perform an authoratative restore for that
specific data.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[ade]

Ace, please could you give an example of how to restore only DNS using an
authoratative restore?

Thanks.

"Ace Fekay [MVP]"

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Ace, please could you give an example of how to restore only DNS
using an authoratative restore?

If you have a backup zone file, remove the zone from AD. Then create a new
standard primary zone using the backed up zone file as the file to get the
data from. Then change the restored standard primary to be stored in AD. Do
this only on one DC! It is this zone that will be replicated through AD to
all DCs. Do not manually add a zone on any other DC, it will not contain the
backed up data and will overwrite any existing zone in AD causing zone data
loss of the static records.

 

[Ace Fekay [MVP]]

Ace, please could you give an example of how to restore only DNS using an
authoratative restore?

Thanks.

How to perform an authoritative restore to a domain controller in Windows
2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;241594

But in the future, prior to deleting an AD Integrated zone, as Kevin
mentioned, change the zone type to a Primary on one of the servers so you
have the zone data in text format. It's easier.

Ace