Page 1 of 2 12 LastLast
Results 1 to 16 of 23

Thread: AD multiple primary DNS servers on each site, how?

  1. #1
    Registered+
    Join Date
    Nov 2008
    Posts
    74
    Thanks
    11
    Thanked
    2 times in 2 posts

    AD multiple primary DNS servers on each site, how?

    Hi Guys

    We have setup AD so all our different sites (3 for now) are in seperate sites in "sites and services" and this all appears to be ok, I now wanted to have a primary DNS zone on each DC on each site so all the clients dont cross the WAN link to register there host records, the question is how do I go about doing this?.

    I tried creating a primary zone with the same zone name (lets say test.local) and I assumed that because its an AD integrated zone when I force replication the zone would update as well but this is not the case, i'm sure i'm missing a step here but i'm not sure what it is.

    Any help would be appreciated!

    Thanks

  2. #2
    Senior Member burble's Avatar
    Join Date
    May 2007
    Location
    Olney
    Posts
    1,138
    Thanks
    8
    Thanked
    90 times in 89 posts

    Re: AD multiple primary DNS servers on each site, how?

    AD replication is handled differently to DNS stuff so you need to setup the DNS stuff separately.

    You only need 1 primary DNS server. Make sure that the DNS role is added to all the DC's. On the primary DNS server go to Control Panel, Administrative tools and open up DNS.

    Open the forward lookup zones then right click on the zone in question and choose properties. Go to the 'name servers' tab and add in there the other two domain controllers. That will change the zone meaning that those additional DC's are authorative. Go to the 'zone transfers' tab and then allow zone transfers only to those servers listed in the name servers tab.

    What now have is a zone with 3 authorative DNS servers listed and a primary that will let the other 2 DC's transfer the zone, basically they can copy everything from the zone file.

    Go onto one of the other DC's and open up DNS management. Right click on forward lookup zones, select 'new zone.' Choose 'secondary zone' and click next. Enter the domain name in question, click next. Enter the IP address of the primary DNS server. Finish.

    The DNS server will then grab a copy of the zone from the primary DNS server.

    Repeat the process for the 3rd DC.

    Repeat the process for each of the reverse lookup zones if you have them setup.

  3. #3
    Registered+
    Join Date
    Nov 2008
    Posts
    74
    Thanks
    11
    Thanked
    2 times in 2 posts

    Re: AD multiple primary DNS servers on each site, how?

    Thanks for the reply, I already know how to do that but instead of secondary I want to setup primary zones on each DC so the clients at that site use the local DNS server for both lookups and registering there records, although now i'm thinking about it i'm not sure how much savings that will make on the WAN link.. it still seems like the way to go though.

    I should mention they are using the same namespace (Test.local) as well.

  4. #4
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts

    Re: AD multiple primary DNS servers on each site, how?

    use Active directory integrated DNS.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  5. #5
    Jay
    Jay is offline
    Gentlemen.. we're history Jay's Avatar
    Join Date
    Aug 2006
    Location
    Jita
    Posts
    8,365
    Thanks
    304
    Thanked
    568 times in 409 posts

    Re: AD multiple primary DNS servers on each site, how?

    Quote Originally Posted by Moby-Dick View Post
    use Active directory integrated DNS.
    +1

    This is how I would do it.....
    □ΞVΞ□

  6. #6
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts

    Re: AD multiple primary DNS servers on each site, how?

    Its how I do it for 200+ sites
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  7. #7
    Registered+
    Join Date
    Nov 2008
    Posts
    74
    Thanks
    11
    Thanked
    2 times in 2 posts

    Re: AD multiple primary DNS servers on each site, how?

    Thats how I did it but I'm not getting any replication, e.g. when I add a DNS record in one site it doesnt show up on the other.

    I did it exactly as i've mentioned on my first post, that does sound right doesnt it?

  8. #8
    Registered+
    Join Date
    Jan 2009
    Location
    Northampton
    Posts
    99
    Thanks
    3
    Thanked
    18 times in 16 posts
    • i4000's system
      • Motherboard:
      • Gigabyte MA790X-DS4
      • CPU:
      • AMD X3 955 Black Edition
      • Memory:
      • 8GB 800MHz 4-4-4-12
      • Storage:
      • 4 x 500GB WD Caviar Green
      • Graphics card(s):
      • Nvidia GTX275
      • PSU:
      • NorthQ 850W Magic Flex
      • Case:
      • Jeantech Phong II
      • Operating System:
      • Windows 7 x64 Ultimate
      • Monitor(s):
      • Lenovo LEN201p
      • Internet:
      • 50 Mbps

    Re: AD multiple primary DNS servers on each site, how?

    The best way would be to use AD integrated.

    When you ran DNS AD integrated what replication schedule have you set up on your AD site connectors? If it was something like hourly then it may take up to an hour for DNS records to replicate accross sites. Even if you try and force replication using AD Sites & Services it's still not perfromed instantly. You can use replmon or repadmin to force instant replication accross sites (just search for either of those tools on Microsoft's site for 100's of articles) or change your replication schedule.

  9. #9
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts

    Re: AD multiple primary DNS servers on each site, how?

    The zone should be automatically be created when you promote the GC at each site.

    have you confirmed replication is working ?
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  10. #10
    Jay
    Jay is offline
    Gentlemen.. we're history Jay's Avatar
    Join Date
    Aug 2006
    Location
    Jita
    Posts
    8,365
    Thanks
    304
    Thanked
    568 times in 409 posts

    Re: AD multiple primary DNS servers on each site, how?

    you have waited for the DNS to propagate havent you?

    check you error logs and see what it says there.
    □ΞVΞ□

  11. #11
    Registered+
    Join Date
    Nov 2008
    Posts
    74
    Thanks
    11
    Thanked
    2 times in 2 posts

    Re: AD multiple primary DNS servers on each site, how?

    The zone should be automatically be created when you promote the GC at each site.
    I havent done anything about GC's, I need to look into that.

    you have waited for the DNS to propagate havent you?
    I thought because its an AD integrated zone DNS updates would be part of AD replication, I did force AD replication thru sites and services.

    I'll look into the GC thing, that might be the answer.

  12. #12
    Registered+
    Join Date
    Jan 2009
    Location
    Northampton
    Posts
    99
    Thanks
    3
    Thanked
    18 times in 16 posts
    • i4000's system
      • Motherboard:
      • Gigabyte MA790X-DS4
      • CPU:
      • AMD X3 955 Black Edition
      • Memory:
      • 8GB 800MHz 4-4-4-12
      • Storage:
      • 4 x 500GB WD Caviar Green
      • Graphics card(s):
      • Nvidia GTX275
      • PSU:
      • NorthQ 850W Magic Flex
      • Case:
      • Jeantech Phong II
      • Operating System:
      • Windows 7 x64 Ultimate
      • Monitor(s):
      • Lenovo LEN201p
      • Internet:
      • 50 Mbps

    Re: AD multiple primary DNS servers on each site, how?

    Quote Originally Posted by corp_jones View Post
    I havent done anything about GC's, I need to look into that.


    I thought because its an AD integrated zone DNS updates would be part of AD replication, I did force AD replication thru sites and services.

    I'll look into the GC thing, that might be the answer.
    Yes with AD integrated DNS, your DNS zone data replicates as part of AD replication, however right-clicking and saying replicate now (in AD Sites & services) does not force instant replication across sites (this only works in the local site), to force instant replication across site boundaries you need to use replmon or repadmin.

    Promoting a DC to a GC does nothing for DNS, but you you will need a GC at each site to enumerate Universal Group Membership (even if you don't use universal groups).

    Without knowing your exact setup (e.g. OS, site connectors, replication schedule etc.) it is difficult to troubleshoot, but assuming your sites have site connectors configured and working here is what I would do:

    1. Ensure every DC is running DNS (sounds like you already have this)
    2. In the IP properties of each DC ensure the primary DNS server listed is itself (you can either use the actual IP address or 127.0.0.1)
    3. Nominate a DC (let's say your PDC emulator)
    4. In the IP properties of each DC ensure the secondary DNS server listed is the nominated DC (this is in case local DNS fails or is not available for some reason)
    5. Using the DNS console on the nominated DC, switch your DNS zone to AD integrated. On the other DC's delete any primary or secondary zones you may have created for your domain(s)
    6. When switching to AD integrated you will be asked to select the scope of replication, ensure the scope of replication is appropriate (i.e. if you have a single domain then "All DNS servers in the domain" is appropriate, if you have multiple domains then "all servers in the forest" is appropriate)
    7. On each DC perform the following to ensure all DNS records are registered:
    . ipconfig /registerdns (forces A record registration)
    . restart the Netlogon service (forces SRV record registration)
    8. Fire up replmon on each DC (part of the support tools on the install CD), on each DC perform the following (this is from memory, and based on a W2K3 domain so may be slightly different for you, sorry if it's slightly wrong):
    . Add the local server in the left hand pane
    . Expand the replication partners for each directory partition
    . Select each replication partner seperately
    . Right click and select replicate now
    . A dialog box should appear, you need to select "Push Mode" and "Cross Site Boundaries" to force the replication
    . Repeat for each replication partner

    Now, because potentially before you started forcing replication around, only a single DC held the AD integrated zone you need to repeat steps 7 & 8 on each DC. i.e. the first time you force re-registration of the DNS records some servers were not hosting the zone. So repeat steps 7 & 8.

    Finally, using AD Sites and Services, modify your intersite-replication schedule to a value suitable for yourself / your organisation (e.g. 15 mins) and remember that in the future records may take this amount of time to replicate between each hop.

    Hope this helps, if it doesn't then can you post some more details of your setup? I'm sure we can get to the bottom of it.
    Last edited by i4000; 18-01-2009 at 01:25 AM. Reason: Can't spell

  13. Received thanks from:

    corp_jones (18-01-2009),Jay (18-01-2009),Moby-Dick (18-01-2009)

  14. #13
    Jay
    Jay is offline
    Gentlemen.. we're history Jay's Avatar
    Join Date
    Aug 2006
    Location
    Jita
    Posts
    8,365
    Thanks
    304
    Thanked
    568 times in 409 posts

    Re: AD multiple primary DNS servers on each site, how?

    top notch info there!
    □ΞVΞ□

  15. #14
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts

    Re: AD multiple primary DNS servers on each site, how?

    Good Stuff there ! I have to admit I'm in the habit of referring to all domain controllers as GC's as in our organisation , they are
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  16. #15
    Registered+
    Join Date
    Nov 2008
    Posts
    74
    Thanks
    11
    Thanked
    2 times in 2 posts

    Re: AD multiple primary DNS servers on each site, how?

    Thank you very much i4000 for the detailed post, it really helped and I've now got it working.

    I forced replication using replmon on my non PDC emulator and that started the process of replicating the full test.local zone from PDC emulator to local which worked great, one thing I did notice (not sure if i'm doing anything wrong) is that when I add a record e.g. an A record, forcing replication using replmon (and sites and services) on both sides doesnt seem to get that record replicated, I set the replication schedule to 15min in sites and services and if I wait for that it replicates fine, this is not a problem but I was curious how I would go about forcing the record to replicate, I guess if I need to I can just set the schedule to minimum until it does replicate.

    Anyhow its working great so thanks again guys, i've just started on the path to the MCSE so still learning

  17. #16
    Jay
    Jay is offline
    Gentlemen.. we're history Jay's Avatar
    Join Date
    Aug 2006
    Location
    Jita
    Posts
    8,365
    Thanks
    304
    Thanked
    568 times in 409 posts

    Re: AD multiple primary DNS servers on each site, how?

    well done. Good job.
    □ΞVΞ□

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Everything you wanted to know about DNS records but were afraid to ask
    By Moby-Dick in forum Networking and Broadband
    Replies: 22
    Last Post: 18-06-2020, 05:41 PM
  2. Domains, DNS and name servers, HELP!
    By ripsaw82 in forum Networking and Broadband
    Replies: 8
    Last Post: 28-01-2005, 04:01 PM
  3. Bulldog DNS servers
    By DaBeeeenster in forum Networking and Broadband
    Replies: 2
    Last Post: 25-01-2005, 03:01 PM
  4. slow domain log-on
    By oshta in forum Networking and Broadband
    Replies: 14
    Last Post: 16-10-2004, 07:47 PM
  5. Need a DNS expert
    By Steve in forum Networking and Broadband
    Replies: 2
    Last Post: 26-04-2004, 01:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •