DNS question

[Darrenrd]

Hi, All
I have a win2000 domain with DNS servers install on my 2 DC's and the zone
is A/D inegrated . Within DNS server1 ,addtionally I have a secondary zone
and about 20 or so standard primary zones. I have setup a second DNS server2
on my second DC so I'm able to see my primary A/D zone on server 2, however
I need to have a copy of secondary zone and all my standard primary zones
from DNS server 1 onto DNS server2. My object is if DNS server1 fails my
clients can used DNS server2 since I'm adding this DNS info via DHCP.
I think I would have to recreate my secondary zone and all standary
primary zones on DNS server 2 in this way DNS server2 is not dependantant on
DNS server1, hence I'm not zone transfer from DNS server 1, therfore if DNS
server 1 fails my client won't be affected.
Does this make sense, and what are my options , remember my objective is for
each DNS not to have a link to each other for redundancy purpose.
Thanks
-Darren

 

[Herb Martin]

I have a win2000 domain with DNS servers install on my 2 DC's and the zone
is A/D inegrated . Within DNS server1 ,addtionally I have a secondary zone
and about 20 or so standard primary zones. I have setup a second DNS server2
on my second DC so I'm able to see my primary A/D zone on server 2, however
I need to have a copy of secondary zone and all my standard primary zones
from DNS server 1 onto DNS server2. My object is if DNS server1 fails my
clients can used DNS server2 since I'm adding this DNS info via DHCP.
I think I would have to recreate my secondary zone and all standary
primary zones on DNS server 2 in this way DNS server2 is not dependantant on
DNS server1, hence I'm not zone transfer from DNS server 1, therfore if DNS
server 1 fails my client won't be affected.

For an internal DNS set you should NEVER have more than one Primary
per zone -- nor a Primary and also an AD Integrated "set" of DNS servers.

The exception is when you must handle two distinct namespaces with the
same zone name (aka "Shadow DNS" or "Split (brain) DNS") -- one external
and one internal. They look like the same zone but will not replicate so
from
one point of view, they are really DIFFERENT zones with the same name.

If you have an AD-integrated DNS server, you can add other DC/DNS
servers to the "set" (it's multimastered so they replicate).

If you have either a Primary or AD-integrated set, you can still add
secondaries (it's a choice.)

Does this make sense, and what are my options , remember my objective is for
each DNS not to have a link to each other for redundancy purpose.

For every Primary zone one one server put a secondary on the other.

Since they are both DCs (same domain right?), for every AD-integrated
zone, put that same AD-integrated zone (or a secondary) on the other.

 

[Michael Johnston [MSFT]]

Having two primary zones for one domain name will become an adminitrative nightmare. Setting one up as a primary and the other as secondary is the
recommended way to go. If the servers are DCs in the same domain, then AD integrated would simplify this and acheive much of what you are after. Having
multiple primaries for one domain name is a bad idea but certainly is possible. Each namespace though will have to be managed seperately, but technically
speaking it should work.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

 

[Herb Martin]

You can certainly do manual DNS "file" replication to
move the zones -- you are also correct that it is an
administrative headache (and can become a nightmare.)

DNS is not done this way traditionally but if you take
responsibility for all inconsistencies, then it's your choice.

This is actually what we do with Shadow DNS (or
split DNS) but on a very limited basis.

 

[Herb Martin]

Having two primary zones for one domain name will become an adminitrative

nightmare. Setting one up as a primary and the other as secondary is the

recommended way to go. If the servers are DCs in the same domain, then AD

integrated would simplify this and acheive much of what you are after.
Having

multiple primaries for one domain name is a bad idea but certainly is

possible. Each namespace though will have to be managed seperately, but
technically

speaking it should work.

Which part of my message was not clear on this point?

Actually, I gave the detail even for the fairly common
case (shadow DNS) where two Primaries are commonly
used -- but only as an exception to our rule that internally
we never have such.