DNS migration

[Ziek]

Just wondering if anybody out there had good suggestions for how to migrate
DNS the best way for the following situation:

Company currently has an NT domain, plus a lot of unix stuff.. They have
DNS internally that is being provided by unix, and all clients are using
these dns boxes as per DHCP scopes.

They would like to do an in place upgrade of the NT domain, and would like
win2003 DNS to take over the unix DNS.

Would the best method for this migration be:

1. Install a win2003 member server with DNS service , and get a secondary
zone transfer of the zone from Unix.
2. Make sure zone transfer is successful, then mark it as primary, make the
unix secondary, and change DHCP scope to assign clients with the new primary
DNS
3. upgrade the PDC to win2003, and initially point it to the member 2003 DNS
box, instead of itself (since the clients are using the member box at the
moment for dns)
4. Install DNS on the new 2003 DC and get a zone transfer from the member
server with DNS. Mark the DC's DNS zones as primary, change DHCP scope to
assign the new DC DNS , and uninstall DNS from the member server.
5. Dcpromo the member server to become a second DC, install DNS, and
configure DHCP scope to assign the second DC DNS as dns#2.

Does this sound right, or is there a better way?

 

[Herb Martin]

Just wondering if anybody out there had good suggestions for how to migrate
DNS the best way for the following situation:

Company currently has an NT domain, plus a lot of unix stuff.. They have
DNS internally that is being provided by unix, and all clients are using
these dns boxes as per DHCP scopes.

Notice that maintaining zones on an authoritative server,
and being used directly as the DNS server by some clients
are technically two separate things.

Even if you happen to use the same server for both, as many
people do, it helps simplify design and especially troubleshooting
if you keep them mentally separate.

They would like to do an in place upgrade of the NT domain, and would like
win2003 DNS to take over the unix DNS.

Assuming you will use the SAME zone/domain name
as the Unix already supports:

Simplest is to go ahead and put DNS on the NT PDC
as a SECONDARY to the existing DNS zone on Unix.

Swap roles, Unix ->Secondary, NT ->Primary.

Change the NT PDC (and any other clients you wish.)

Upgrade the PDC to upgrade the domain (remember your
backups.)

During the upgrade it SHOULD offer to make the zone
"dynamic" (which isn't possible in NT). If this doesn't
happen for some reason, do it manually (and then work
to get the records registered but the point of this sequence
is to fix it so that the upgrade can handle that.)

A key to that is making sure the PDC is ONLY a DNS
client of itself, the DNS primary so that we are certain
that the upgrade will understand the process.

Would the best method for this migration be:

1. Install a win2003 member server with DNS service , and get a secondary
zone transfer of the zone from Unix.

You could do it that way too. And doing this,
you can make sure it is dynamic before the upgrade.

After the upgrade you can DCPromo this Win2003
server as an additional DC to the upgraded domain.

Add DNS to other DC (upgraded NT-PDC), make
replicate AD FULLY, and make them both AD-integrated
if you wish.

2. Make sure zone transfer is successful, then mark it as primary, make the
unix secondary, and change DHCP scope to assign clients with the new primary
DNS

That's a good step no matter which specific sequence
you follow.

3. upgrade the PDC to win2003, and initially point it to the member 2003 DNS
box, instead of itself (since the clients are using the member box at the
moment for dns)

Yes, if you follow this sequence instead of mine above.

4. Install DNS on the new 2003 DC and get a zone transfer from the member
server with DNS. Mark the DC's DNS zones as primary, change DHCP scope to
assign the new DC DNS , and uninstall DNS from the member server.

And make the original 2003 Primary a secondary -- or
follow my other idea about DCPromo on this 2003
server.

You really need two DCs (minimum) anyway.)

5. Dcpromo the member server to become a second DC, install DNS, and
configure DHCP scope to assign the second DC DNS as dns#2.

If doing this, I would reverse this step before messing with
the DNS (that is presumably already working from the
original upgrade.)

Get it stable, get AD replicated before messing with the DNS.

Does this sound right, or is there a better way?

It isn't that different as long as you understand the KEY Principles:

1) DNS must be dynamic to support AD

2) Before AD, only the Primary can make it dynamic

3) All DNS clients must use STRICTLY the internal, dynamic
DNS server (set).

4) DCs (and any server really) are DNS CLIENTS!!!!!

I didn't hear you mentioning the dynamic settings much
above, and that is an EASY item to overlook.

Here's my general checklist -- troubleshooting -- for DNS/AD:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]