DNS upgrade to AD integrated zones

  • Thread starter Thread starter BOB
  • Start date Start date
B

BOB

I need some information on the process for upgrading DNS
to use Active Directory Integrated Zones. Our domain was
recently upgraded from winNT4.0 to win2000 Active
Directory. Before the upgrade, the winNT DNS was upgraded
to primary and secondary win2000 standalone DNS servers.

Active Directory is up and running smoothly. Now I would
like to upgrade the standalone (non-DC) primary and
secondary win2000 DNS servers to use Active Directory
Integrated zones.

Is the process something like this?

1) install secondary DNS service on a domain controller
2) make the new DNS service on the domain controller the
primary for all the zones to be integrated into AD
3) go to properties of each zone > general tab > change >
Select "stores zone data in active directory
4) remove the standalone secondary dns servers

I've read quite a bit about how AD integrated zones work,
but haven't found much information about the specific
steps of upgrading from standalone DNS to AD integrated.

Any help would be appreciated.
Bob
 
In
BOB said:
I need some information on the process for upgrading DNS
to use Active Directory Integrated Zones. Our domain was
recently upgraded from winNT4.0 to win2000 Active
Directory. Before the upgrade, the winNT DNS was upgraded
to primary and secondary win2000 standalone DNS servers.

Active Directory is up and running smoothly. Now I would
like to upgrade the standalone (non-DC) primary and
secondary win2000 DNS servers to use Active Directory
Integrated zones.

Is the process something like this?

1) install secondary DNS service on a domain controller
2) make the new DNS service on the domain controller the
primary for all the zones to be integrated into AD
3) go to properties of each zone > general tab > change >
Select "stores zone data in active directory
4) remove the standalone secondary dns servers

I've read quite a bit about how AD integrated zones work,
but haven't found much information about the specific
steps of upgrading from standalone DNS to AD integrated.

Any help would be appreciated.
Bob
Click to expand...

AD Integrated zones are only on Domain Controllers, any zone on a Domain
controller can be AD integrated. The SOA record of an AD integrated zone
will always take the name of the zone with the newest zone serial. so the
SOA record can change depending on the machine that does the last update.
This can create a problem if you are using the AD integrated zone for the
public DNS because the machine name must be registered as a nameserver on
the public name space. You cannot give an AD zone an alias SOA name.

So for as changing the zone from primary/secondary to AD integrated, there
is no special process, but you can disable zone transfers.
 
Kevin,

Thanks for the response.

One of the requirements for the upgrade to AD was to keep
the same internal and external namespace the same (single
domain for internal/external use). Does this prevent our
organization from using AD integrated zones?

When installing DNS on the DC to prepare for AD integrated
zones, does the zones have to be listed as primary with
the DNS service running on the domain controller?

Or is there always a non-DC running the DNS service set as
primary all the AD integrated zones and the AD zones are
replicated as secondary zone?

thanks,
Bob
 
In
BOB said:
Kevin,

Thanks for the response.

One of the requirements for the upgrade to AD was to keep
the same internal and external namespace the same (single
domain for internal/external use). Does this prevent our
organization from using AD integrated zones?
Click to expand...

Not necessarily, are we talking about the DC hosting the public DNS zone?
If the DC hosts the public DNS zone you will have unreliable resolution in
the public name space. This is because the DNS on the DC must host records
that are used internally only.
When installing DNS on the DC to prepare for AD integrated
zones, does the zones have to be listed as primary with
the DNS service running on the domain controller?

Or is there always a non-DC running the DNS service set as
primary all the AD integrated zones and the AD zones are
replicated as secondary zone?
Click to expand...

Are you hosting your public DNS zone locally?
If you are then it is recommended you keep public and private zones on
separate DNS servers. A DNS zone that services the internal network must be
resolvable to internal IP addresses. The public zone must resolve to public
IP addresses. If you try to share responsibilities on the same server in the
same zone you can have very unpredictable results. You would set up a
"split-brain" DNS where one serves internal clients and one serves external
clients. Now, there are records in the public zone such as www records that
will point to public IP addresses for internet users. These records must be
manually created in the private zone with IP addresses base on the actual
location of the web site from the network view.
What the last statement means is that from your internal network, if the web
site is hosted locally, the record will need the private address of the web
site. If the web site is hosted by another provider then the record must
point to the public address.
 
Back
Top