DNS Zone Files

G

Guest

I recently setup a new AD domain and made the mistake of making the name of the domain the same as public zones that are used on day to day basis. It is sort of late now to make the change to a new domain since some of the new machines have been put online and are in use. I would perform a domain name change since I am using Win2K3 but the problem is that the AD machine is the only 2K3 machine while the workstation machines are Win2K Pro and the new Exchange server put online is already in use

So here is my questions. Is it possible to have the AD Server query a remote name server for the zone record that it is authoritative for? What I would like to do is have the domain controller query for its authoritative zone on the remote nameserver and update its records based on the finding of this zone as configured on the remote nameserver. I hope that this makes sense

If anyone has experienced this problem before and can lead me in the right direction or provide an alternate solution, it would be greatly appreciated

Thank you in advance.
 
C

Chriss3

Hi,

To Perform a Domain Rename Operation, Your Domain Functional Level as well
as your Forest Functional Level must be in Windows Server 2003 Mode. And no
Exchange 2000 Organizations exist within Active Directory.

If we only talking about the www record or may mail record a possible
workaround is to create a CNAME record for www and mail within the AD
integrated zone to point to the external website.

An AD integrated zone can only be located on a Domain Controller so far I
know.

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1

Active Directory Newbie said:
I recently setup a new AD domain and made the mistake of making the name
of the domain the same as public zones that are used on day to day basis.
It is sort of late now to make the change to a new domain since some of the
new machines have been put online and are in use. I would perform a domain
name change since I am using Win2K3 but the problem is that the AD machine
is the only 2K3 machine while the workstation machines are Win2K Pro and the
new Exchange server put online is already in use.
So here is my questions. Is it possible to have the AD Server query a
remote name server for the zone record that it is authoritative for? What I
would like to do is have the domain controller query for its authoritative
zone on the remote nameserver and update its records based on the finding of
this zone as configured on the remote nameserver. I hope that this makes
sense.
If anyone has experienced this problem before and can lead me in the right
direction or provide an alternate solution, it would be greatly appreciated.
 
G

Guest

I am aware of the domain name change rules. That is why I have not attempted to make this change. Can you help with regards to importing the authoritative domain name zone files from a remote nameserver? I would need for this to be done at a regular interval as zones are created on the remote DNS server.
 
R

Rick Claus

Active Directory Newbie said:
I am aware of the domain name change rules. That is why I have not
attempted to make this change. Can you help with regards to importing the
authoritative domain name zone files from a remote nameserver? I would
need for this to be done at a regular interval as zones are created on the
remote DNS server.

I hope I can help you with this one... I've setup a number of domains with
the same public external DNS and internal DNS names before without any
problems. Why? Because clients had chosen to maintain separate public and
private DNS zones anyway and were prepared to put into place the procedures
for updating DNS entries going forward after the migration. I admit it does
require extra DNS maintenance due to maintaining separate DNS zone files,
but it shortens the AD DNS namespace and can be less confusing to novice
users.

I hope you are comfortable with DNS and know your DNS replication setup.
This procedure might require you to temporarily change the configuration of
DNS replication for the period in time you will be editing the files. You
can choose to do this after hours or during the day - no interruption in
service will result, provided you are able to setup Secondary zone transfers
to other DNS name servers. Obviously this will be more difficulty based on
how large your network is.

As you have already mentioned you will need to put any externally maintained
DNS entries that need to be resolved internally inside your AD DNS zone.
What I have done in the past to simplify this process is change the internal
DNS zone from AD integrated back into Standard Primary in order to
re-generate the text files that can be found in your
%systemroot%/system32/dns... Don't worry - these files will still be
dynamically updateable if you enable the option in the Zone properties.

Once the server has re-created them, you can get the external DNS zone file
and do a manual merge of the external entries using your favorite text
editor. Use the AD zone as the base and only bring in the entries you need
to bring in from the outside (stay away for NS and SOA records from the
outside). Make sure you don't have any conflicts with duplicate names. If
you do have duplicates, you will have to choose to use the Internal or
External IP address based on what the system is. For example, do you want
internal users hitting the internal IP address of the web server or the
external IP address?

Once you have the single merged file, save it and go back into the DNS zone
properties to switch it back to AD integrated. The text files will magically
disappear as it goes back into an AD integrated zone.

Normally I would do this prior or during to the actual migration before the
AD DNS zone is being heavily used, but it can be done after the fact. I've
done this for external DNS zones that had a handful of entries (but too many
to put in manually via the GUI) and large) to a couple of customers that had
500+ entries.

Feel free to continue to post to this thread if I can help...



Rick Claus, MCSE (2K with 2K3 pending)

Network Engineer, IPSD

Qunara Inc.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top