AD and DNS

G

Guest

I have a win2k AD/ingegrated DNS domain controller on my network. I installed a second DC by using dcpromo, after the install, DNS did not appear under admin tools. I assume DNS is part of dns because of the first DC, but what happens if the first domain controller crashes?. Should i setup DNS on the second DC, or does the second DC takeover automatically because DNS is Integrated into AD...


Rob davis
 
K

Kevin Bowersock

The short answer is:
Yes you will need to set up DNS on your 2nd domain controller.

DNS gets set up on your first DC during the dcpromo becasue ad needs DNS
and will not install without it.
During the DCPromo of you 2nd DC it just uses the existing DNS ( on your
first server).

So yes I would set up DNS on your second DC and make it active directory
integrated. I woull also give your client machines BOTH dns servers for
fault tolerance.

These links should help you sort it out.:


317590 HOW TO: Configure DNS Dynamic Update in Windows 2000
http://support.microsoft.com/?id=317590

300202 How To Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?id=300202

291382 Frequently Asked Questions About Windows 2000 DNS and Windows Server
http://support.microsoft.com/?id=291382

237675 Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?id=237675

198437 How to Convert DNS Primary Server to Active Directory Integrated
http://support.microsoft.com/?id=198437

Best regards:

(e-mail address removed)

This posting is provided "AS IS"
with no warranties, and confers no rights
--------------------
| Thread-Topic: AD and DNS
| thread-index: AcR4ig8xWQjNLjP+Rt2a3IuW2P7EGA==
| X-WBNR-Posting-Host: 216.118.216.50
| From: =?Utf-8?B?cm9iIGRhdmlz?= <rob (e-mail address removed)>
| Subject: AD and DNS
| Date: Mon, 2 Aug 2004 05:13:02 -0700
| Lines: 4
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
| Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.active_directory:86573
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I have a win2k AD/ingegrated DNS domain controller on my network. I
installed a second DC by using dcpromo, after the install, DNS did not
appear under admin tools. I assume DNS is part of dns because of the first
DC, but what happens if the first domain controller crashes?. Should i
setup DNS on the second DC, or does the second DC takeover automatically
because DNS is Integrated into AD...
|
|
| Rob davis
|
 
C

Cary Shultz [A.D. MVP]

Rob,

You would need to install DNS on the second Domain Controller! If you do
not install it it is not there!

Anyway, it is a really good idea to have multiple Domain Controllers. You
will really save yourself a lot of grieve with this. It is an even better
idea to also install DNS on that second Domain Controller. Making your DNS
also Active Directory Integrated is also a really good idea.

Now, to add a couple of things you might want to consider

Make that second Domain Controller a Global Catalog Server. Here is how to
do that:

http://support.microsoft.com/?id=313994


There is something called FSMO Roles in Active Directory. By default, all
five of these roles are going to be held by the first Domain Controller in
the environment. Let's just assume a single domain/tree/forest environment.
So, the first DC holds all five of these roles ( Schema Master, Domain
Naming Master, PDC Emulator, RID Master and Infrastructure Master ). I
would keep things this way. If you wanted to ( because you read about it
someplace and you think that it is a good idea to have them split up over
multiple DCs ) split them up I would keep the Schema Master and the Domain
Naming Master on the first DC and then transfer the other three to the
second DC. Here is how to do that:

http://support.microsoft.com/?id=255690
http://support.microsoft.com/?id=255504

I might stay away from ntdsutil until you play with it a bit in the lab.

If you really wanted to go nuts with this whole 'redundancy' thing I might
split up DHCP. Make one half of the scope ( 192.168.1.1 - 192.168.1.127 )
on one DHCP Server and the other half of the scope ( 192.168.1.128 -
192.168.1.254 ) on another DHCP Server.

HTH,

Cary



rob davis said:
I have a win2k AD/ingegrated DNS domain controller on my network. I
Click to expand...
installed a second DC by using dcpromo, after the install, DNS did not
appear under admin tools. I assume DNS is part of dns because of the first
DC, but what happens if the first domain controller crashes?. Should i setup
DNS on the second DC, or does the second DC takeover automatically because
DNS is Integrated into AD...
 
P

ptwilliams

I have a question/ point to add to this. I've not got round to testing this
yet, so I'm simply speculating, but I assume Rob is thinking along the same
vein...

When you make your DNS AD-integrated, the zone file is no longer stored in a
zone file; rather it is stored in the directory. Thus, in theory you would
not *require* another DNS server to synchronise from. It is part of the
domain configuration and is thus replicated.

However, the catch twenty-two situation arises whereby how do you locate a
DC without fully functioning DNS??? You can't unless you whip up a hosts
file can you...

So, a DNS server is needed to configure another AD-integrated DNS server,
but not for the reason of getting the zone info...only for locating a DC
with that domains domain partition to obtain the zone info.

What do you think Cary (and everyone else)??? Am I correct, being stupid,
or simply thinking about things too much ;-)

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Rob,

You would need to install DNS on the second Domain Controller! If you do
not install it it is not there!

Anyway, it is a really good idea to have multiple Domain Controllers. You
will really save yourself a lot of grieve with this. It is an even better
idea to also install DNS on that second Domain Controller. Making your DNS
also Active Directory Integrated is also a really good idea.

Now, to add a couple of things you might want to consider

Make that second Domain Controller a Global Catalog Server. Here is how to
do that:

http://support.microsoft.com/?id=313994


There is something called FSMO Roles in Active Directory. By default, all
five of these roles are going to be held by the first Domain Controller in
the environment. Let's just assume a single domain/tree/forest environment.
So, the first DC holds all five of these roles ( Schema Master, Domain
Naming Master, PDC Emulator, RID Master and Infrastructure Master ). I
would keep things this way. If you wanted to ( because you read about it
someplace and you think that it is a good idea to have them split up over
multiple DCs ) split them up I would keep the Schema Master and the Domain
Naming Master on the first DC and then transfer the other three to the
second DC. Here is how to do that:

http://support.microsoft.com/?id=255690
http://support.microsoft.com/?id=255504

I might stay away from ntdsutil until you play with it a bit in the lab.

If you really wanted to go nuts with this whole 'redundancy' thing I might
split up DHCP. Make one half of the scope ( 192.168.1.1 - 192.168.1.127 )
on one DHCP Server and the other half of the scope ( 192.168.1.128 -
192.168.1.254 ) on another DHCP Server.

HTH,

Cary



rob davis said:
I have a win2k AD/ingegrated DNS domain controller on my network. I
Click to expand...
installed a second DC by using dcpromo, after the install, DNS did not
appear under admin tools. I assume DNS is part of dns because of the first
DC, but what happens if the first domain controller crashes?. Should i setup
DNS on the second DC, or does the second DC takeover automatically because
DNS is Integrated into AD...
 
G

Guest

Paul, this is exactly why i posed this question, becuase if it is integrated, DNS is being replicated to all the DC in the network right?...or am i wrong?...if i am correct, then is assume i dont need to setup another dns server. But then, if the original DNS, I would just point to another dns/DC being that it is integrated...If im wrong about all of this, and do want redundancy, then should i setup a new 2nd dns server, I'm confused about this Integrated DNS stuff.......

thank you for your response......
 
E

Enkidu

You have to set up DNS on a second DC for DNS replication to usefully
take place. Think of DNS as being seperate from AD, but storing its
*data* in AD. I'm not sure if DNS data is replicated to DCs without
DNS servers installed, but the data would not be much use if a DNS
server is not installed on the DC. There'd be nothing to read the
data.

Cheers,

Cliff

{MVP - Directory Services}
 
J

Jimmy Andersson [MVP]

For some reason I can't see the whole thread so this might already been
said.

Easiest way is to make the zones AD integrated and install the DNS service
on multiple DCs, then configure secondary DNS servers for the clients.

Regards,
/Jimmy
 
M

Mahesh Kumar V

hey all,

Saw this intersting topic going on, adding my thoughts here.

I see 2 questions here, let me answer them one by one
In 2000 domains if we have AD-intergrated DNS then DNS database
is replicated to all DC's along with AD database during AD replication. But
only the DCs which are configured as DNS will act as DNS servers and reply
to client quries. Other DCs though they have DNS data they dont answer to
the clients, this is because DNS services is not running on these DCs. In
2003 we can have more control on DNS database replication and specify which
DC should have DNS data and which shouldnt. This can be achived by setting
Application Partition in AD.
Now how to configure Seconday DNS server. This is simply, as
previoulys mentioned all DC in 2000 will have DNS database if we have
configured DNS as AD-Integrated, so the only 2 things we need to do is
1.setup DNS service on DC which needs to be backup or seconday DNS server
and 2.in all client mention the additionl DNS server ip

(e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

ok, i setup dns on second DC and called it a different name, now i have the
original DNS sever called server2.myco.com and the new dns called
server2.myco.com. and in the properties of dns on both servers, i have for
example zone transfers pointing to each other, and in dhcp i have the dns
server their, but i have had the second dns server up for about a week now,
and their have been no client registrations in the zone database as of
yet.......ok, so what did i do wrong..?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Controller Crashed - Other servers don't have 'copies' of A 2
W2K AD Domain issues, migration and rename native mode 3
DNS on Active Directory 3
DC preformaing DNS queryies on Workstations 7
Use of A records in AD DNS 1
How to clear or Reinstall DNS 1
Advice on 2nd Domain Controller, DNS and DHCP server. 5
Cleanup after manually removing a DC 5

Top