DNS Config issue

[YMan]

Hi all,

We have two DCs, mydc1 and mydc2. DNS is installed on mydc1 and is having
standard primary zones (such as mydomain.com, mydomain2.com etc.). Both DCs
are running Windows 2003 server. The major zone is mydomain.com which is the
domain for the company.

We'd like to install DNS in mydc2 and to make them AD-Integrated. Would any
of you know of the proper procedure in doing so?

Is it true just by the following steps?
- make the zone mydomain.com an AD-integrated by checking the check-box of
storing the zone in AD
- install DNS in mydc2
- create a primary zone for mydomain.com and also check the check-box to
store zone in AD

However, there are a few questions I don't quite understand. Would the data
already on mydc1 copy or replicate to the DNS in mydc2? Does that mean I can
add / change / delete resource records in either of the DNS? What about
other zones also host in DNS in mydc1?

An additional question is should I include IP address of mydc2 in DHCP for
LAN users also?

Sorry if this sound silly to you.

Thx,

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi all,

We have two DCs, mydc1 and mydc2. DNS is installed on mydc1 and is
having standard primary zones (such as mydomain.com, mydomain2.com
etc.). Both DCs are running Windows 2003 server. The major zone is
mydomain.com which is the domain for the company.

We'd like to install DNS in mydc2 and to make them AD-Integrated.
Would any of you know of the proper procedure in doing so?

Is it true just by the following steps?
- make the zone mydomain.com an AD-integrated by checking the
check-box of storing the zone in AD
- install DNS in mydc2
- create a primary zone for mydomain.com and also check the check-box
to store zone in AD

However, there are a few questions I don't quite understand. Would
the data already on mydc1 copy or replicate to the DNS in mydc2? Does
that mean I can add / change / delete resource records in either of
the DNS? What about other zones also host in DNS in mydc1?

An additional question is should I include IP address of mydc2 in
DHCP for LAN users also?

Sorry if this sound silly to you.

Thx,

With Active Directory integrated zones, you only need to create the zone on
one DC, the zone will replicate to all DCs in the domain with no further
action from you.

 

[YMan]

In

With Active Directory integrated zones, you only need to create the zone
on
one DC, the zone will replicate to all DCs in the domain with no further
action from you.

--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps

I have configured both DNS as in the following steps :

1. in mydc1 I checked the box to store data in AD
2. Install DNS in mydc2 using "Configure Server Wizard"
3. Configure a primary zone and also AD-Integrated

Then I found that in mydc1 the DNS has the primary DNS being mydc1. However
in mydc2 the primary server (as well in SOA) it is mydc2. Not all the
records in mydc1 are replicated to mydc2 (well in fact only those in the
reverse zone are replicated over).

Did I missed something? Do settings such as Zone transfer need to be
configured as well?
Thx,

 

[Ace Fekay [MVP]]

In

I have configured both DNS as in the following steps :

1. in mydc1 I checked the box to store data in AD
2. Install DNS in mydc2 using "Configure Server Wizard"
3. Configure a primary zone and also AD-Integrated

Then I found that in mydc1 the DNS has the primary DNS being mydc1.
However in mydc2 the primary server (as well in SOA) it is mydc2. Not
all the records in mydc1 are replicated to mydc2 (well in fact only
those in the reverse zone are replicated over).

Did I missed something? Do settings such as Zone transfer need to be
configured as well?
Thx,

Zone transfers have nothing to do with AD Integrated zones, although you can
allow zone transfers to other DNS servers for your zone if you desire. AD
Integration allows multiple SOAs, in essence, multi-master design where zone
data can be changed on any server you like. So due to the behavior of AD
Integrated zones, since all DNS servers that host the AD Integrated zones
are essentially ALL SOAs for the zone, this is normal and can be ignored.

All records in an AD Integrated zone are stored in AD. Therefore, whatever
data you create on one server, will be stored in the actual physical AD
database (depending on which AD version since Win2003 has those application
partitions), and will be replicated during AD's normal replication process.
If it is Win2000, there is a latency period of 5 to 15 minutes within a
site, whereas between sites, the latency period will depend on your Sites
replication schedule and frequency. If Win2003, the data will replicate
within 15 seconds within a site, but between sites, the same as Win2000.

If this is Win2003, you have the option to change replication scope to
either Win2000 support (stored in the DomainNC partition), or Win2003
DomainDnsZones (domain wide - middle button) or ForestDnsZones (forest
wide - top button). If you are in a mixed environment, stick with the bottom
radio button in the replication scope properties page since that puts it in
the DomainNC and is compatible with Win2000. If you try to mix it, you will
come up with conflict errors and the whole thing goes south.

If you want it to replicate immediately within a site using Win2000, create
your records, then go to sites and services and force replication between
the machines. If between sites, you will have to wait for the replication
schedule/frequency to occur.

In a nutshell, it's based on AD.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I have configured both DNS as in the following steps :

1. in mydc1 I checked the box to store data in AD
2. Install DNS in mydc2 using "Configure Server Wizard"
3. Configure a primary zone and also AD-Integrated

Then I found that in mydc1 the DNS has the primary DNS being mydc1.
However in mydc2 the primary server (as well in SOA) it is mydc2. Not
all the records in mydc1 are replicated to mydc2 (well in fact only
those in the reverse zone are replicated over).

Did I missed something? Do settings such as Zone transfer need to be
configured as well?
Thx,

Yes, you missed something, you should have not created the zone on the
second DC, doing so causes it to overwrite the zone that was already in AD.
Therefore you would have lost any manually created records in the previous
zone. That is why I said "create the zone only on one DC"

Each DC has itself listed as the SOA primary because each DC has a master
zone. The SOA primary record is basically only for Secondary zones to know
where the master is and has no effect on AD replication and is not used in
AD replication. AD replication is more reliant on the
<verylongGUID>._msdcs.ADForestName Cname record. Make sure this record is
registered for both DCs in both DNS servers.

 

[YMan]

In this case, if I want to get things straight. Should I now uninstall the
DNS on mydc2 and reinstall it again? Or should I just remove the zone on DNS
in mydc2 and let the AD replication process takes care of it?

 

[Kevin D. Goodknecht Sr. [MVP]]

In

In this case, if I want to get things straight. Should I now
uninstall the DNS on mydc2 and reinstall it again? Or should I just
remove the zone on DNS in mydc2 and let the AD replication process
takes care of it?

Not unless the two zones are in different replication partitions, deleting
the zone from DC2 also deletes it from DC1 if the are in the same partition.
On the General tab of the zone properties sheet, clickon the "change" button
next to "Replication" to make sure both zones are set to the same
replication partition. Default is all DCs in the AD domain, which is best
for domains with a combination of Win2k and Win2k3.
If the zones are in different replication partitions delete one of the
zones.

 

[YMan]

In

Not unless the two zones are in different replication partitions, deleting
the zone from DC2 also deletes it from DC1 if the are in the same
partition.
On the General tab of the zone properties sheet, clickon the "change"
button
next to "Replication" to make sure both zones are set to the same
replication partition. Default is all DCs in the AD domain, which is best
for domains with a combination of Win2k and Win2k3.
If the zones are in different replication partitions delete one of the
zones.

Both are set to the same replication partition (all DCs in the AD domain).
And I am now seeing some A records in the DNS in mydc2.

Is this normal that not both DNS have identical host (A) records in them, if
the replication partition is set to all DCs in the AD Domain (or I should
say that they are AD-Integrated)?

Thanks again

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Both are set to the same replication partition (all DCs in the AD
domain). And I am now seeing some A records in the DNS in mydc2.

Is this normal that not both DNS have identical host (A) records in
them, if the replication partition is set to all DCs in the AD Domain
(or I should say that they are AD-Integrated)?

I think you still missed my point, here is what you posted:
I have configured both DNS as in the following steps :

1. in mydc1 I checked the box to store data in AD
2. Install DNS in mydc2 using "Configure Server Wizard"
3. Configure a primary zone and also AD-Integrated

What you did in step 3 above (creating a new zone on DNS in mydc2), you must
understand that when you create this zone, it became the newer of it and the
one already in AD. So.... It overwrote the existing zone in AD and it did
NOT contain the records that existed in the zone in AD.

The key point is, when you create a new zone, it contains no records, so
when it replicates, it deletes the existing zone and its records.
When installing DNS on a replica DC, do not create any zones, be patient and
wait for the zone in AD to replicate. I have such a hard time of convincing
people to wait for replication to replicate the zone.
Existing Zone Information Overwritten When Backup DNS Zone Created:
http://support.microsoft.com/default.aspx?scid=kb;en-us;217086

 

[YMan]

I think you still missed my point, here is what you posted:

I have configured both DNS as in the following steps :

1. in mydc1 I checked the box to store data in AD
2. Install DNS in mydc2 using "Configure Server Wizard"
3. Configure a primary zone and also AD-Integrated

What you did in step 3 above (creating a new zone on DNS in mydc2), you
must
understand that when you create this zone, it became the newer of it and
the
one already in AD. So.... It overwrote the existing zone in AD and it did
NOT contain the records that existed in the zone in AD.

The key point is, when you create a new zone, it contains no records, so
when it replicates, it deletes the existing zone and its records.
When installing DNS on a replica DC, do not create any zones, be patient
and
wait for the zone in AD to replicate. I have such a hard time of
convincing
people to wait for replication to replicate the zone.
Existing Zone Information Overwritten When Backup DNS Zone Created:
http://support.microsoft.com/default.aspx?scid=kb;en-us;217086

Now I understand a bit more.
Then would I be able to do this all over again, with the steps below:
1. switch the zones in both DNS back to Primary std by uncheck the check box
of storing zone in AD
2. delete the zone in mydc2
3. check the check box to turn the zone in mydc1 to AD-integrated again
4. wait for replication to create the replica in mydc2

Do you think this will work? The reason is that I'm afraid the newly created
zone in mydc2 will overwrite the one in mydc1. Since I can still see the
resource records in mydc1 thus I want to reverse the procedure and start all
over again.
Thanks again.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Now I understand a bit more.
Then would I be able to do this all over again, with the steps below:
1. switch the zones in both DNS back to Primary std by uncheck the
check box of storing zone in AD
2. delete the zone in mydc2
3. check the check box to turn the zone in mydc1 to AD-integrated
again
4. wait for replication to create the replica in mydc2

Do you think this will work? The reason is that I'm afraid the newly
created zone in mydc2 will overwrite the one in mydc1. Since I can
still see the resource records in mydc1 thus I want to reverse the
procedure and start all over again.
Thanks again.

Yes, it will work if replication is not broken. Change the zone on DC1 to
standard primary, allow dynamic updates, point DC2 to DC1 for DNS. Then, run
this command:
ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net start
netlogon

This will make sure DC1 has all the AD records from both DCs then change the
zone to AD integrated, let the zone replicate, or force a replication cycle.

 

[YMan]

Now I understand a bit more.

Yes, it will work if replication is not broken. Change the zone on DC1 to
standard primary, allow dynamic updates, point DC2 to DC1 for DNS. Then,
run
this command:
ipconfig /flushdns & ipconfig /registerdns & net stop netlogon & net start
netlogon

This will make sure DC1 has all the AD records from both DCs then change
the
zone to AD integrated, let the zone replicate, or force a replication
cycle.

Thanks Kevin for your patience and help.

Let me repeat what I think I have gather from you :
1. change zone in mydc1 to Standard Primary and allow dynamic update
2. change in IP address of mydc2 to have its DNS points to mydc1
3. run the command ipconfig /flushdns and ipconfig /registerdns
4. run net stop netlogon and net start netlogon
5. delete the zone in mydc2
6. waiting for replication of zone and then check mydc2 for result

Do I miss anything?

Thanks again.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Thanks Kevin for your patience and help.

Let me repeat what I think I have gather from you :
1. change zone in mydc1 to Standard Primary and allow dynamic update
2. change in IP address of mydc2 to have its DNS points to mydc1
3. run the command ipconfig /flushdns and ipconfig /registerdns
4. run net stop netlogon and net start netlogon
5. delete the zone in mydc2
6. waiting for replication of zone and then check mydc2 for result

Do I miss anything?

By changing the zone on mydc1 to standard primary, this should remove the
zone from mydc2.
If it doesn't, delete it after you change the zone on mydc1 to standard
primary.

 

[YMan]

By changing the zone on mydc1 to standard primary, this should remove the

zone from mydc2.
If it doesn't, delete it after you change the zone on mydc1 to standard
primary.

Thanks Kevin,

The zone data seems replicating great. Thanks again for your great help.

Rdgs,
YMan