Server 2003 secondary DNS

[q2418130103p]

Hello,
We have a network with 2 Server 2003 Domain Controllers on it.
The entire network was configured on the first controller, then the second was configured as a backup and file server.

Both are running AD integrated DNS. AD replicates fine, DNS records appear to replicate also (on account of the ad integration i assume)

My question is about the settings on the second server with regards to DNS.

The first server is set like this:
The DNS server for its nic is set to 127.0.0.1
DNS is AD integrated, and is forwarding requests to our ISP
its set as the primary zone for msdcs.domainname

The second server is set like this:
Nic points to 127.0.0.1 for dns
DNS is ad integrated, and is also set as primary
It forwards requests to the ISP

Is this the correct setup for a secondary DNS server on a secondary DC?
The reason I ask is because when the first dc boots up, it gets a replication error that the secondary DC could not be accesed using DNS using the address GUID._msdcs.domainname and instead used the netbios name of the secondary server to complete replication.

[faulkner132]

The problem is most likely with your individual zone (i.e. mydomain.local, thissite.com, etc) set up on your secondary server. If everything is replicating exactly from the first server to the second then the second server "thinks" it's DNS entries are the primary (just like the first server) instead of the secondary.

My guess is the fix would be to set up the second server's DNS entries as secondary zones. This option is presented when you create a zone. I've never run into this problem before, but it seems like a logical fix.

With respect to the network setup, this is how I typically set them up:
Server 1, Internal NIC (to local network) DNS: [locally assigned address... 192.168.x.x, etc]
Server 1, External NIC (to ISP) DNS: ISP DNS 1, ISP DNS 2
Server 2, Internal NIC DNS: [local IP of server 1]
Server 2, External NIC (to ISP) DNS: ISP DNS 1, ISP DNS 2

This seems to work well.

[q2418130103p]

Quote:

Originally Posted by faulkner132 The problem is most likely with your individual zone (i.e. mydomain.local, thissite.com, etc) set up on your secondary server. If everything is replicating exactly from the first server to the second then the second server "thinks" it's DNS entries are the primary (just like the first server) instead of the secondary. My guess is the fix would be to set up the second server's DNS entries as secondary zones. This option is presented when you create a zone. I've never run into this problem before, but it seems like a logical fix. With respect to the network setup, this is how I typically set them up: Server 1, Internal NIC (to local network) DNS: [locally assigned address... 192.168.x.x, etc] Server 1, External NIC (to ISP) DNS: ISP DNS 1, ISP DNS 2 Server 2, Internal NIC DNS: [local IP of server 1] Server 2, External NIC (to ISP) DNS: ISP DNS 1, ISP DNS 2 This seems to work well.

ther servers only have internal NICS, although I understand what you are getting at. You are saying to set the forwarders of both dns servers to the isp and set the nic of the secondar server to point to the first server.

the problem is that we cant run the second dns server as a secondary, if my undertanding is correct. the goal of the second dns server is to replace the first in case of an incicident with the first. This currently works, as both servers have all the entries required becasue of AD intergration, and I believe this is the default setup that was created when we promoted the second server... i think.

In the mydomain.local zone both servers are listed there, but the SOA is different for each, both have the SOA pointed to themselves.

The in firstdnszone and domaindnszone, both servers are also listed there.

If you do an nslookup on mydomain.local you get both the ip of the first and second.

[faulkner132]

Ah, I see...
This should help:

http://technet2.microsoft.com/window....mspx?mfr=true

[ITlover]

One thing that i would like to add is that the Domain Controller should not be used as a File or Backup Server since the function of Domain Controller is to authenticate the log in of domain users accounts.

[glc]

Explain why, please. I have several customers that only have one server - so it's a domain controller and their file server...........

[mairving]

Quote:

Originally Posted by glc Explain why, please. I have several customers that only have one server - so it's a domain controller and their file server...........

If it is under 50 users it doesn't really matter what they run on it hence SBS which includes Exchange and SQL Server.

Microsoft recommends that you don't run Exchange and SQL Server on a DC but I have never seen them say anything about a file server. A file server is not resource intensive so I can't imagine it being a problem.

[glc]

Yeah, it sure seems a waste to have a whole server doing nothing but authenticating users.

[q2418130103p]

i was not in charge of the equipemtn for this network, i was brought in afterwards to fix problems.

they added the second DC for two reasons. They wanted a server that had more storage space, instead of upgrading the original server they decided to purchase second. the second server was promotoed to a dc so that in the case there was a failure with the first dc, users could still be authenticated for login. if the second fails, then at least the first is still there to authenicate users, although they will have limited acces to files because the second server houses most of them.

secondly, in a domain enviorment all clients are required to use the local dns servers. if one server goes down, the other server is still there to provide dns so people can still access their email and the internet, even if they can not get their files.

[q2418130103p]

one last thing about the second dc, one of the reasons they purchased a second dc instead of upgrading the original is becasue they planned on pulling large files down, such as raw audio and video, on a regular basis, and wanted something significantly faster and more redundant.

[ITlover]

Sir GLC, what i have been studying and experiencing in my learning process is that when we have a machine that is configured as DC and offcourse there are user computers that needs to log into the domain inorder to access the network resources and for that there login credentials has to be authenticated by the DC which has a Active Directory database and when many domain users are there who need to log in to the domain and if there is 1 DC then it becomes a burden on that DC to perform other functions as well like File or Backup Server function.

I am in South Asia (Pakistan) and maybe you guys might be using different DCs in single environment which would not make burden on them and they could be used as File,Print or Backup Server as well and this is done so that you donot have to purchase another computer and install Win Server in it and configure it be a File or Backup Server which consumes lot of time. So in your area they might consider it appropriate to make the domain controller as Backup or File Server inorder to save time and energy.

I hope this helps,

Regards,