Primary & Secondary - AD Integrated config - EASY

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Could someone please clear up some configuration confusion.

I am running Windows 2000 on both of my domain controllers - DC1 and DC2.
DC1 has been the PRIMARY DNS server and DC2 the SECONDARY - no problems.

I now have changed the primary (forward & reverse zones) to AD Integrated
w/dynamics updates.

1) What should I change my SECONDARY (forward & reverse zones) to - leave as
secondary or AD integrated like primary?

2) What is best practice for loading zone data at startup - file, registry,
or AD & registry and should the same setting be for both controllers/DNS
servers.

3) *** Is there any visual clues that the zone data IS stored in AD or do I
assume that if there are not any DNS log errors that the data has been stored
correctly. Today I use the DNS snap-in to view zone records... is there
another way to view the records in AD. Hopefully not too stupid of a
question ;~)

4) I have the DNS client settings on the PRIMARY pointing to itself then the
SECONDARY and the client settings on the SECONDARY pointing to the PRIMARY
then itself - is this correct?

Thanks in advance... I HAVE tried to research before posting but could not
find a clear configuration of the secondary server of an AD Ingetrated DNS.

Bill
 
In
Bill Wester said:
Could someone please clear up some configuration confusion.

I am running Windows 2000 on both of my domain controllers - DC1 and
DC2. DC1 has been the PRIMARY DNS server and DC2 the SECONDARY - no
problems.

I now have changed the primary (forward & reverse zones) to AD
Integrated w/dynamics updates.

1) What should I change my SECONDARY (forward & reverse zones) to -
leave as secondary or AD integrated like primary?
Click to expand...

If the zone is on a DC in the same domain as the other DC, it MUST be set to
AD Integrated. Otherwise, you will find the zone will just "disappear" from
DNS.
2) What is best practice for loading zone data at startup - file,
registry, or AD & registry and should the same setting be for both
controllers/DNS servers.
Click to expand...

Leave it default.

3) *** Is there any visual clues that the zone data IS stored in AD
or do I assume that if there are not any DNS log errors that the data
has been stored correctly. Today I use the DNS snap-in to view zone
records... is there another way to view the records in AD. Hopefully
not too stupid of a question ;~)
Click to expand...

No, it's not a stupid question. You can use ADSI Edit to view the zone. That
utility is available when yo uinstall the Windows Support Tools available on
the Windows server cdrom. Win2003 have other replication scope options, but
in Windows 2000, you would just look in the DomainNC partition.

Introducing the ADSI Edit Utility:
http://www.windowsitpro.com/MicrosoftExchangeOutlook/Article/ArticleID/8901/8901.html

ADSI EDIT:
http://www.w2kcfg.net/adsi_edit.htm

4) I have the DNS client settings on the PRIMARY pointing to itself
then the SECONDARY and the client settings on the SECONDARY pointing
to the PRIMARY then itself - is this correct?
Click to expand...

Either way is fine. Some say the best practice is to point to the partner
first, then itself as the second, unless the partner is across a WAN link.
But never point to an ISP in either your DCs or clients.

Don't forget to configure a forwarder. Article 300202 (posted below) can
show you how.
Thanks in advance... I HAVE tried to research before posting but
could not find a clear configuration of the secondary server of an AD
Ingetrated DNS.

Bill
Click to expand...

291382 - Frequently Asked Questions About Windows 2000 DNS and Windows
Server 2003 DNS:
http://support.microsoft.com/?id=291382

298448 - Windows 2000 DNS and Active Directory Information and Technical
Resources:
http://support.microsoft.com/?id=298448

Configure DNS for AD:
http://www.microsoft.com/windows2000/en/server/help/sag_DNS_pro_ConfigServerForDS.htm

300202 - Setting Up Windows 2000 For Internet Access with AD installed:
http://support.microsoft.com/?id=300202


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
 
Thanks Ace,
Leave it default.
Click to expand...

What is the default?

And lastly, when I change my secondary to ActiveDirectory Integrated I get a
dialog to choose from the following:

* Discard the new zone and load the existing zone from Active Directory
o Overwrite the existing zone in Active Directory with the new zone.

I believe the secondary sees that, in my case, the 1st controller already
created a zone records in AD and is asking to use that (and I should choose
the discard option). Am I correct?

Bill
 
If the zone is on a DC in the same domain as the other DC, it MUST be set to
AD Integrated. Otherwise, you will find the zone will just "disappear" from
DNS.
Click to expand...

Well, I think your above comment came true. I set my Primary (only the
primary) to AD Integrated on Saturday and all was fine until this morning
(Monday 9:00 AM) when I started getting resolving errors on the network. It
was funny as I was actually in the DNS manager on the secondary when I
started getting calls. At that point I tried to set the secondary to AD
Integrated but it errored - not sure of the exact wording but something to
the effect that it could not because of the wrong type. Could it be that the
zone on the primary was lost at that point????

Anyway, to quiet the natives, I had to quickly recreate the primary zone
from a backup of the zone file. I kept it as type=Primary (secondary is
still type=Secondary). Errors and network discovery problems have stopped.

Now I don't know if the problem is with my DNS OR my error in not making the
Secondary AD Integrated from the start???

Bill
 
In
Bill Wester said:
Well, I think your above comment came true. I set my Primary (only
the primary) to AD Integrated on Saturday and all was fine until this
morning (Monday 9:00 AM) when I started getting resolving errors on
the network. It was funny as I was actually in the DNS manager on
the secondary when I started getting calls. At that point I tried to
set the secondary to AD Integrated but it errored - not sure of the
exact wording but something to the effect that it could not because
of the wrong type. Could it be that the zone on the primary was lost
at that point????

Anyway, to quiet the natives, I had to quickly recreate the primary
zone from a backup of the zone file. I kept it as type=Primary
(secondary is still type=Secondary). Errors and network discovery
problems have stopped.

Now I don't know if the problem is with my DNS OR my error in not
making the Secondary AD Integrated from the start???

Bill
Click to expand...

The problem is patience and understanding of what's going on.

The zone disappeared for a reason. I was trying to say that once you made
the zone AD Integrated, then make all the zones on all DCs AD Integrated or
it will disappear anyway otherwise it looks at it as a duplicate zone. Don't
re-create it as a Primary. Just let AD do it's job. A little patience and
understanding of what's going on will go a long way.

Really, the better time to fix this is on a weekend starting Friday night.
Otherwise, another way to handle it is to set DNS pointers only to one of
the DC/DNS servers, preferrably the one holding the "Primary" zone. Delete
the secondary zone once you've insured ALL your clients are now receiving
only this DC/DNS as their DNS address thru DHCP. Then change the zone on the
Primary to AD Integrated. Then ALLOW TIME FOR THIS TO REPLICATE TO ALL DCs.
Then as long as DNS is still installed on the other DC, the zone should
*magically* appear by itself.

Ace
 
In
Bill Wester said:
Thanks Ace,


What is the default?
Click to expand...

"Active Directory and the Registry," which is the way it was when you first
installed DNS and if the zone is AD Integrated.
Did you change something?
And lastly, when I change my secondary to ActiveDirectory Integrated
I get a dialog to choose from the following:

* Discard the new zone and load the existing zone from Active
Directory
o Overwrite the existing zone in Active Directory with the new zone.

I believe the secondary sees that, in my case, the 1st controller
already created a zone records in AD and is asking to use that (and I
should choose the discard option). Am I correct?
Click to expand...

Choose "Discard."

Ace
 
Thanks again Ace,

My DNS is now set back to Primary (dc1) and Secondary (cd2). I will attempt
to change type this weekend following your suggestion - if I understand
correctly...

1) Have all running clients pointing to the Primary only (I don't use DHCP,
all are static).
2) Delete Forward and Reverse zones on secondary.
3) Change Primary to AD Integrated and allow time for replication.
* Forward and Reverse zones should be recreated on Secondary *.

Did I understand you correctly?

Thanks,

Bill
 
In
Bill Wester said:
Thanks again Ace,

My DNS is now set back to Primary (dc1) and Secondary (cd2). I will
attempt to change type this weekend following your suggestion - if I
understand correctly...

1) Have all running clients pointing to the Primary only (I don't use
DHCP, all are static).
2) Delete Forward and Reverse zones on secondary.
3) Change Primary to AD Integrated and allow time for replication.
* Forward and Reverse zones should be recreated on Secondary *.

Did I understand you correctly?

Thanks,

Bill
Click to expand...

Sounds like a plan. :-)

It is much easier to use DHCP...

Ace
 
Back
Top