2000-2003 migration

January 15, 2010 at 19:09:08
Specs: Windows 7
Problem


The DNS in production is setup with a Primary DNS server and Secondary DNS server not using active directory integration. In my test lab I change the primary DNS to active directory integrated then on the secondary DNS server I remove the forward zone and reverse zone and re-add them as Active Directory integrated. When I look at the records on the forward zone and reverse zone, some of the records are missing from what shows on the primary server. Then after a few minutes replication takes place and now both the primary and secondary which are now active directory integrated have less records than before. After this, I have to re-boot the test servers and then the DNS records show up again in both servers.


See More: 2000-2003 migration

Report •

#1
January 22, 2010 at 08:10:57
Sounds like you are getting into a replication loop. When one server replicates it adds and REMOVES which in which case it is remove host records from one server because they do not exist in the other and vise-verse.

It sounds like you are trying to setup a redundant DNS server for fail over. I have had no luck with this. I tried setting up the Default First Site and having my secondary DNS pointed to it and other stuff.

You can check out...

http://www.eggheadcafe.com/software...

http://www.experts-exchange.com/Sof...

I only use one because it really only used for new computers on the network to resolve addresses and build host tables so if the server is down most computers will work normally giving me time to bring it up.

That being said, I am sure you can do this I would love to see how but I suggest posting this in the Networking forum because those guys know their DNS.


Report •

#2
January 23, 2010 at 18:49:54
No offense ace, but I'm not sure what you are talking about with your replication loop stuff.

And since this is an Active Directory DNS question, this is the place for it. Some of us really know our DNS too. ;)

If you are in an Active Directory domain, there are very few reasons to not use AD integrated zones. With AD Integrated zone, you can pretty much remove the concept of primary and secondary. They are integrated and the DNS information replicates as part of AD replication as opposed to standard zone transfers in DNS. In fact, with AD integrated DNS zone, you should disable zone transfers.

Create your first DNS zone on your first server. Create an AD integrated forward lookup zone. Create a reverse lookup zone also. Create your second DNS server in the same domain and set it to be AD integrated. It will get all of it's records from the first DNS server as part of replication. That's about it.

Make both domain controllers global catalog servers. In a single domain environment, all DCs should be global catalogs.

In DHCP, supply the information of the DNS server so your client know about both DNS servers. If one is unavailable, the other will respond. After replication, the records on both DNS server will be the same.

Ace, I have news for you. In an Active Directory environment, DNS does more than resolve addresses. If DNS is down and you only have one server - your AD environment is pretty much down also. DNS is absolutely required for AD to run. You need to understand how it works and are well served to have more than one DC and more than one DNS server.


Report •
Related Solutions


Ask Question