DNS - configuring manually

  • Thread starter Thread starter Marty List
  • Start date Start date
M

Marty List

To make a long story short, I have a small test domain with 2 domain
controllers, 1 Win2000 and 1 Win2003. I ran DCPROMO on the Win2000 server
to demote/uninstall AD, and I swear I did not check "This server is the last
domain controller in the domain" but after DCPROMO was finished all of the
DNS zones are gone. The other domain controller is still online and
contains the site, domain and user accounts, although the domain is pretty
much useless since DNS is empty.

So I guess my question is - does anyone know of any articles on manually
configuring the DNS zones for Active Directory? Before I wipe out the
domain & rebuild it I was hoping to learn something new from this. Any
suggestions?
 
Let me see if I understand your question correctly:

Q: In the event where DNS Zone gets deleted, you would
like to know how to recreate the zone.

A: DNS Zones are really easy to recreate, especially if
you are using dynamic DNS.

======================
DETAILED STEPS:
======================

1. Open the DNS Console.

2. Right-click your servername and choose New Zone.

3. Go through the wizard and choose AD Integrate or
Standard Primary, Forward lookup zone. Make sure you
type in the fully qualified dns name of your domain for
the name of your zone. Click Finish.

4. On your DC, make sure it points to itself in TCP/IP
properties for the Primary DNS server (not your ISP!)

5. Type the following commands at a dos prompt to re-
register your SRV records (on your DC):
ipconfig /flushdns
net stop netlogon
net start netlogon
ipconfig /registerdns

6. Type the following commands on any clients or member
servers that you wish to re-register host records:
ipconfig /flushdns
ipconfig /registerdns

7. Create any manual / static entries that will not be
dynamically created.

Hope this helps.

Marcus Gillette, MCSE + MCSA
 
The following articles should help:
237675 Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?id=237675
298448 Windows 2000 DNS and Active Directory Information and Technical
Resources http://support.microsoft.com/?id=298448

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hi Marcus,

Thanks for the reply, but I'm not talking about the standard zones used for
name resolution, I'm referring to the active directory specific zones like
_msdcs, _sites, _tcp, _udp.

I'm reading through the links that Tim Hines posted.
 
Thanks Tim, after doing some reading I found this:

"The list of records that should be registered by a domain controller are
stored in the %SystemRoot%\System32\Config\Netlogon.dns file on the domain
controller."

After stopping the DNS service, pasting these records into my primary zone's
..dns file and removing the comment characters & starting the DNS again it
worked like a charm! So far everything seems to be working, and DCDIAG.EXE
reports no problems.
 
Marty said:
To make a long story short, I have a small test domain with 2 domain
controllers, 1 Win2000 and 1 Win2003. I ran DCPROMO on the Win2000
server to demote/uninstall AD, and I swear I did not check "This
server is the last domain controller in the domain" but after DCPROMO
was finished all of the DNS zones are gone. The other domain
controller is still online and contains the site, domain and user
accounts, although the domain is pretty much useless since DNS is
empty.

So I guess my question is - does anyone know of any articles on
manually configuring the DNS zones for Active Directory? Before I
wipe out the domain & rebuild it I was hoping to learn something new
from this. Any suggestions?
Click to expand...

Hey Marty,

The check box you reference "This server is the last domain controller
in the domain" prevents domain controllers from attempting to replicate
off any locally originated changes prior to demotion. In addition, this
check box will NOT function should the DC believe there to be other DCs
within its domain. Finally, in a Windows 2000 directory this could not
have directly caused the loss of any DNS zone data for the reasons
outlined above.

To rebuild the zones necessary for Active Directory service and name
resolution, simply perform the following -

1. Point the remaining DC(s) DNS resolver(s) to a valid DNS server
2. Ensure the DNS server maintains a zone named after the domain
3. Ensure the SOA record within that zone is resolvable (to self)
4. Ensure the zone is configued for dynamic update (in a recovery
scenario I would recommend temporarily configuring non-secure)
5. On the remaining DC(s), restart the NETLOGON service ... and, seeing
as it's you, use -

net stop netlogon & net start netlogon

.... or you can flake out and use the GUI. :)

NETLOGON is responsible for dynamically registering the necessary AD
records (it CANNOT, however, dynamically create the zone thus the afore
mentioned step nor is it resposible for registering DC specific A
records, for that, use ipconfig /registerdns). The NETLOGON.DNS file you
mentioned in one of your other posts is intended for import against non
DDNS aware name servers (or zones that dis-allow dynamic update).

Finally, the loss of AD representative DNS zone data should never be
considered as a potential reason for an AD rebuild as the content itself
is dynamically constructed and (as you can see from the steps above and
the other posts) can be easily recreated.

HTH

Dean
 
Back
Top