Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, January 1, 2010 3:28 PM
hello,
I have read and know that you can host a windows primary dns zone on only one dns server and all the other copies of the same zone ( on any other dns servers) has to be secondary. But i see something different with what i do here in my test domains.
Can anyone help me where am i wrong or is there some changes that happened recently? OR Is it that i can host a primary zone in a single dns server in a domain and i can host on another DNS server provided it is on another domain ?
Thanks
http://www.4shared.com/file/185932068/d0644c66/Doc1.html
All replies (4)
Sunday, January 3, 2010 7:05 PM âś…Answered | 3 votes
Please refer to comments...
"But your answer does not cover my basic doubt. I have migrated some DNS zones and records once and what i did was to create a zone with the same name as the first server making it secondary . Then zone transfer occurs from the primary .once that is done shut down the first server that is hosting the primary copy and then promote the secondary server as primary."
Yes, this is an acceptable practice. This is the easiest way to copy a zone. You can change a zone from secondary to primary without an issues.
"BUT my understanding was we can have only one primary copy of a zone"
Why would you want more than one primary zone for a particular sub-domain? The primary zone is the READ/WRITE (Master) copy of the zone. The other DNS servers that act as secondary are there for redundancy. You make the changes to the records on the primary and those changes are copied to the secondary based on the information that is stored in the SOA record.
1) you can have a primary zone hosted on two or more Dns servers in an AD domain itself.
Yes, you can host as many primary zones as you wish on as many servers as you wish. However, you dont create the same primary zone more than once. Each primary zone that is being referred to in this statement is a different sub-domain, i.e. domain1.com, domain2.com, domainx.com, etc...
2) In a nutsheel the advantage of keeping a secondary zone on a second or third dns server is that zone transfers can happen ( if we keep another primary we have to update manually all other primary copies except first one ?)
No, the advantage of having secondary servers is to provide your DNS server with fault tolerance. If you only have one DNS server and that server fails, then your clients will not be able to resolve host names. If you deploy 2 DNS servers and each DNS server is configured with 1 primary zone using the same name (domain1.com), these are INDEPENDENT zones! In this configuration, you will need to update the records MANUALLY on both servers. Why would any one do this? The preferred and recommended configuration is that one DNS server host the PRIMARY zone (domain1.com) and the secondary DNS server hosts a SECONDARY zone called (domain1.com). You make the changes and updates on the primary server and those changes are replciated to the secondary server accorinding to the properties of the SOA record.
Friday, January 1, 2010 7:18 PM | 1 vote
When hosting traditional primary zones, yes, you can only have one master copy of the zone. You can have as many secondary dns servers host this zone as you wish. They all will pull the zone from the primary. A DNS server can host multiple zones. It can have primary zones and host secondary zones at the same time (provided that they are different subdomains, of course).
In addition, with the introduction of Active Directory, a new zone became available which is called "Active Directory Integrated Zones". These zones can only be hosted on domain controllers and the zone data itself is not stored in a traditional text based file, but in the Active Directory database itself. Other DCs in the domain will have access to the zone so in this configuration there is no concept of Primary/Secondary. All DCs are masters. It is possible to have a secondary DNS server copy the zone from a DNS server hosting the zone as "AD Integrated".
You can have as many Primary DNS zones as you wish in your environment. again, one server can host multiple zones. Or if you wish you can have multiple DNS servers each hosting a primary zone.
Note: You should always have your DNS zone on at least two DNS servers to ensure that your zone is highly available and fault tolerant. You can acomplish this by having the Primary zone on one DNS server and the Secondary zone on the other; or have two DCs with the same Active Directory Integrated Zone.
For you case:
It appears that you are running the same zone on two DNS servers as "Primary". In this configuration, each zone is independant of each other. You have the following options:
Option 1
If you want a primary/secondary configuration then delete the zone file from the second dns server. Then on that second server create a new zone, but choose Secondary. When prompted for the name/IP of the server that you want to copy the file from, provide the information for the first "Primary" DNS server. However, before you complete this step, you will need to look at the properties of the zone on the first "Primary" DNS server, go to the "Zone Transfers" tab and make sure that the zone is set up to allow transfers to occur. You should just put in the IP address of the secondary server on that list so it is allowed to receive the zone file. Back to the secondary... once you complete the wizard, the secondary DNS server will copy the zone over from the primary and will be regulated by the properties of the SOA record.
Option 2 (Both servers must be running AD)
If you prefer to take advantage of AD replication and increased security, then delete the zone from the second DNS server as described in the option 1. On the first server, change the zone type from Primary to "Active Directory Ingetrated". That's it! After replication occurs, you will see the zone file appear on the second DC/DNS server without any additional configuration. Replication of the zone will occur as per your configured AD replciation (you can configure AD replciation by using the AD Sites and Services MMC Console).
Visit my blog: anITKB.com, an IT Knowledge Base.
Sunday, January 3, 2010 2:05 PM
Jorge,
Thanks for ur reply.
But your answer does not cover my basic doubt. I have migrated some DNS zones and records once and what i did was to create a zone with the same name as the first server making it secondary . Then zone transfer occurs from the primary .once that is done shut down the first server that is hosting the primary copy and then promote the secondary server as primary.
I am also familiar with AD zones and stub zones .
BUT my understanding was we can have only one primary copy of a zone . Like in the following text
"There can be only one Standard Primary DNS Server for a particular zone. Any other standard DNS Servers in a
particular zone must be Secondary DNS Servers" ( Taken from a link)
When i tested ( just like that ) i understood that
1) you can have a primary zone hosted on two or more Dns servers in an AD domain itself.
2) In a nutsheel the advantage of keeping a secondary zone on a second or third dns server is that zone transfers can happen ( if we keep another primary we have to update manually all other primary copies except first one ?)
Thanks
raj
PS: I was in the process of doing some other thing in DNS and i tested this before that and am stuck here .
Wednesday, June 17, 2020 8:05 AM
Hi Jorge,
I have a primary DNS running in Windows 2008 which is also a DC. I have created another DC in a Windows 2016 server.
My plan is to decommission the Windows 2008 server and create another DC on another Windows Server 2016 for Secondary.
Should I still configure a Secondary DNS Zone in the current Windows 2016 or should I configure a Primary Zone, since I will have it configured on a future windows server 2016?
thanks,