DNS - can I have 2 primarys in same domain 2

[DonDavisFCB]

Can I bring up 2 Primary DNSs in the same domain?
I would like to do this to offload the Network equipment (routes, hubs and switches) from the corporate DNS that is integrated with DHCP and WINS.
I do not want to run a secondary because I don't want any zone transfers. (Read as: I don't want all the servers and workstations)

Thanks
Don Davis

 

[johnny99]

You can have as many primary DNS servers for a domain as you want.
But you will have to manualy control every change you make to the domain and enter these changes your self on all primary DNS servers.

If you want to offload work from your main DNS server why not just use secondary DNS servers or cache only DNS servers?

Why do you care about the servers and workstations in the domain?
Or is this because you use the same domain inside and outside of your installation?

/johnny

 

[DonDavisFCB]

Johnny,
Our primary DNS is corrupt beyond description!
It is also integrated with DHCP and WINS for workstations and servers. I want to configure my own DNS but use the same established domains as the "official" DNSs.

My DNS folks sent me this E-mail:
"You need to think about the DNS zones before you bring up another DNS server. I don't think you can have 2 of the same writeable DNS domains at one time on 2 different servers (AAA.COM)."

Is this correct or just protecting their turf ?

 

[johnny99]

There will be a pointer to the auth. names servers for your domain. If you want to build new DNS servers (or just a new primary) build it first. Check that everything is the way you want it to be and then change the registration of the auth. DNS servers.

If you have a domain (and hosts) that is needed on the internet what you could think about is using a different domain for your inside. It could be a total different domain name or just a sub-domain of your real domain.
That way you could have a simpel and easy to maintain outside zone and a big inside zone.
Remember that your domain and subdomains don't have to be on the same DNS server (but they can)

What we do is that we don't use our outside domain name for any hosts at all, only CNAME to servers in a different domain that is only used to hold the hosts.
We have one domain for the servers that can be accessed from the internet, another one for the inside and also one for testing.
These domain names are also "real" domain names but used to keep things apart (like DHCP hosts and AD hosts)

/johnny

 

[DonDavisFCB]

I have brought up a second PRIMARY DNS in the same domain (aaa.com) just for network equipment.
It does NOT conatin all of the records as the other Primary DNS for the "aaa.com" domain, the servers and DHCP workstations are intentionally left out.
I have pointed my pc to the new DNS (network only) and am able to resolve network equipment. I cannot resolve servers.
I have added a forwarders directive to named.conf.
I have added the other DNS (with servers) to my PCs DNS search order.
I am unable to resolve servers because my new DNS (without servers) will not forward to the other DNS (with servers).
I understand that this is because they are both primary (authorative) for the same (aaa.com) domain.
Is there a configuration option to cause the network primary to forward do the server primary ???
I cannot put them in another zone.....

 

[johnny99]

DNS forwarders has nothing to do with primary or any other type of DNS.
It basicly is telleing the DNS server how to resolve hostnames. If you have one (or more) forwarders defines in a DNS server, this DNS server will forward all requests to one of the DNS servers defined in the forwarders record.

/johnny

 

[CCIEWANNABE]

Only one DNS server should be configured as primary for a zone. A primary DNS server holds the "master copy" of the data for a zone, and secondary servers have copies of this data which they synchronize with the primary through zone transfers at intervals or when prompted by the primary.

Configure the primary and secondary DNS servers on separate machines, on separate Internet connections, and in separate geographic locations. Any other post telling you its okay is wrong.

A domain represents the entire set of names / machines that are contained under an organizational domain name. Domains are broken into "zones" for which individual DNS servers are responsible. Imagine the request hang-ups you will have when querying for records on two primary DNS servers... Confusion, hang-ups, error messages, broadcast storms and lastly calls from your boss. Remeber Primary is the authoritve record for that zone. A Common mistake will be that a parent or child won't agree. How will you check the revolver pointer?
Route once; switch many

 

[johnny99]

In theory you are 100% correct. You should only have one hold the primary zone file on one server.
But what Don asked was if he could build 2 different primary servers so that he could maintain one zone for his inside and another for his outside (of the same domain)
You can do this.
There is better ways to do it, but sometimes real life is not perfect.

Problem is that, like IP-numbers, DNS is 99% planning and 1% implementation. If you do something wrong in your planning you sometimes later have to make changes to your implemantation.

By the way there is no rule that the authoritive server(s) have to be primary to the zone. In most installations the primary zone server is one of the authoritive servers.
Authoritive are defines in the SOA NS records.

Some installations don't even have there primary server in the authoritive server list, but only name secondary servers as authoritive.
This is mostly for havy used zones where you want to keep load of your primary zone servers.

/johnny

 

[dschmootz]

Clifford and Johnny,

This question relates to all of this and I would sure appreciate both your inputs. I have to take down my primary DNS server(Old PDC), permanently. I installed DNS on my new PDC, and made the zones secondary, and all zones appeared with entries. Not sure about forwarding, but neither server is using it. Now, what is the next step in making the new PDC a primary DNS? I tried disabling DNS on the Primary, then promoting the secondary, but it came back with an "invalid Data" error. When the old PDC has DNS disabled, I'm not getting name resolution. Sone of the records say that the old PDC is the name server. Is that the problem? Thanks in advance!

 

[johnny99]

Are you using the Windows NT4 DNS or something else like Bind?

I have never tried to run a &quot;real&quot; DNS on NT4, but what it should do is keeping all the secondary domain info in files. In Bind the names would often have the name db.<domain-name> (eg db.joe.net)

What I would do is to keep my old primary DNS and have backups of it. Take the new PDC and configure it also to be primary DNS for the same Zones and restore the zones from the primary DNS (depending on how many domains you have)

The manual procedure would work but not if you have 15.000 domains (but then you wouldn't run DNS on NT4)

How many domains and hosts are we talking about?
Can you have downtime?

/johnny

 

[dschmootz]

Johnny,

Hi. I'm using NT DNS. I have one domain, but in each zone there are many hosts, such as printers and servers. When you say to &quot;restore the zones&quot; from the primary, what do you think would be the best way. I can add the zones in, but I'm trying to avoid having to put in each entry in each zone. Will I have to do this or do you know a way to &quot;copy&quot; them? I can have some downtime...especially at night. Thanks!

Don

 

[johnny99]

I think that NT DNS makes files in the same format as eg. Bind so you should be able to copy the files.

I would expedt them to be in \winnt\system32\drivers\etc or somewhere close.

Where I work now we have moved DNS to Win2K and you can at least configure it to import files in Bind format (there in an RFC that teels what a zone file should like.

See if you can find test files (use notepad to read them) that looks right. There should be an SOA in one of the first lines.

Are you moving from one NT4 box to another or to a Win2K box?

/johnny

 

[dschmootz]

Johnny,

Hi. Moving it from one NT to another. Actually, all files are in sys32/DNS, but I think they're specific to each server. For instance, when you create a zone on one, it creates it's own SOA, but I will open thru notepad and check it out. Thanks.