Add new DC with DNS on a Mulitple DC with DNS servers

Currently have 6 Domain Controllers and all 6 DC are running DNS server. (1 Primary DC with DNS and 5 sub-DC with DNS). I have just promoted a new Domain Controller and I need to know how to setup/add the DNS server on it. Each DC will use its own DNS as a Primary DNS and it will use the other DNS as a Secondary DNS. Please provide links or instructions on how to setup/add the DNS on this new DC on a multiple DC with a multiple DNS serves.

1. Suggests network connectivity issues.

Are you using Forwarders? Or Root Hints (the default)?

What rules are in place to allow this server to make queries on the Internet (will need Outbound UDP Port 53 at the very least)?

2. RPC connectivity. Check it can resolve the name of the target server and check Firewalls if there are any between the servers.

3. Suggests Firewalls again, this one is problem 1 again.

Point a domain on GoDaddy without Nameservers.

Nameservers aren’t necessary are they?

Can you just remove the nameservers from the listings and setup the A record to the IP you want it to go to? (assuming mail and such aren’t issues).

I’m doing a site which has a static IP of for example : 64.52.102.60. There are 3 domains setup that point to that from the previous users that worked on it but that all have different name servers. They all go to the same place though.

Now it’s been handed off to me with another domain name I have to point to it (not redirect). It’s registered through GoDaddy. Can I just setup the A records to match that IP or do I need Nameservers for some reason ?

Thanks!

The server on which you set up the A record to point to the IP is, by definition, the nameserver.

Nameservers ARE essential. They are the servers that know about all the records for the domain. You don’t have a domain if you don’t have nameservers.

You do just want to set up the A record to match that IP, if I understand your question… but you are doing this on your nameserver!

Hmmm… Now you have me confused!

The domain you needed to point, were the nameservers for the domain set to point to GoDaddy’s? If so, your A record change should have worked. You normally need to allow twelve hours to propagate… but, some hosts only update the DNS changes once daily (mine is one), so they just queue all the requests for DNS updates during the day, then actually perform the updates at night. I don’t know if Godaddy do this.

Was the domain registered with 1and1 or Godaddy?

Major DNS issue

Hello,

I came into the office and rebooted one of our member servers and noticed that on reboot it said a service didn’t start. When I started looking into the errors it pointed me back to our primary DC. When I go into DNS I don’t see anything under the forward or reverse lookup zones. They are empty. Any and all help would be MUCH appreciated. Here is the results of running dcdiag /test:dns (LEWISDC1 is the server in question, this was ran on this server)

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\LEWISDC1
Starting test: Connectivity
……………………. LEWISDC1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site\LEWISDC1

DNS Tests are running and not hung. Please wait a few minutes…

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : LEWISCO

Running enterprise tests on : LEWISCO.lcfhc.org
Starting test: DNS
Test results for domain controllers:

DC: lewisdc1.LEWISCO.lcfhc.org
Domain: LEWISCO.lcfhc.org

TEST: Basic (Basc)
Warning: adapter [00000002] Intel(R) PRO/1000 MT Network Connection has invalid DNS server: 192.168.0.11 ()
Error: The A record for this DC was not found
Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)

TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 192.168.0.1 ()
Error: Forwarders list has invalid forwarder: 205.152.132.235 ()
Error: Forwarders list has invalid forwarder: 209.149.134.252 ()

TEST: Records registration (RReg)
Network Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:
Warning: Missing GC SRV record at DNS server 192.168.0.8 :
_ldap._tcp.gc._msdcs.LEWISCO.lcfhc.org

Error: Missing A record at DNS server 192.168.0.11 :
lewisdc1.LEWISCO.lcfhc.org

Error: Missing CNAME record at DNS server 192.168.0.11 :
5ae28650-1936-4f29-9d87-436c6a0f8b3a._msdcs.LEWISCO.lcfhc.org

Error: Missing DC SRV record at DNS server 192.168.0.11 :
_ldap._tcp.dc._msdcs.LEWISCO.lcfhc.org

Error: Missing GC SRV record at DNS server 192.168.0.11 :
_ldap._tcp.gc._msdcs.LEWISCO.lcfhc.org

Error: Missing PDC SRV record at DNS server 192.168.0.11 :
_ldap._tcp.pdc._msdcs.LEWISCO.lcfhc.org

Error: Record registrations cannot be found for all the network adapters

Summary of test results for DNS servers used by the above domain controllers:

DNS server: 192.168.0.1 ()
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.1

DNS server: 192.168.0.11 ()
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.LEWISCO.lcfhc.org. failed on the DNS server 192.168.0.11

DNS server: 205.152.132.235 ()
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 205.152.132.235

DNS server: 209.149.134.252 ()
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 209.149.134.252

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: LEWISCO.lcfhc.org
lewisdc1 PASS FAIL FAIL n/a PASS FAIL n/a

……………………. LEWISCO.lcfhc.org failed test DNS

Here is first 2 entries into the DNS event log when starting:

#1
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4013
Date: 2/10/2008
Time: 12:16:22 PM
User: N/A
Computer: LEWISDC1
Description:
The DNS server was unable to open the Active Directory. This DNS server is configured to use directory service information and can not operate without access to the directory. The DNS server will wait for the directory to start. If the DNS server is started but the appropriate event has not been logged, then the DNS server is still waiting for the directory to start.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2d 23 00 00 -#..

#2
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
Date: 2/10/2008
Time: 12:16:22 PM
User: N/A
Computer: LEWISDC1
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2d 23 00 00 -#..

Well after shelling out $515.00 to Microsoft last night the issue is fixed… They worked about 2 1/2 hours on it and I didn’t even need to rebuild anything. They were able to use ASDI Edit to make some edits to the AD object of this server and then reset some of the Kereros settings and all is well now..

Not sure on awarding any points on this since it seemed like the general concensus here was to blow the server away and rebuild/restore it. Which by the way, I did take the server down before I called MS and did an AD restore of the system state and that seemed to help a little but it was still very messed up in thinking it was a Domain Computer instead of a Domain Controller. It also was holding 3 of the FSMO roles and I was unable to transfer them also.. I had tried that before the MS call as well. Over all I was really impressed with the expertise of the MS support engineer though, very good…

So with all that said if the Administrator wants to award points then I will let it be his call. Thanks anyway for the responses.

Considerations for changing Leased Line supplier

We will shortly be changing our leased line provider & I want to be sure that everything is in place to ensure a smooth transition. Could someone please point out what areas I need to consider. It will be a managed router with a new range of external IP Addresses for my external facing servers etc, though these have not yet been assigned.

These are the things that I am aware of so far:
1) NAT in my firewall - add in the new external IPs when known
2) DNS in my AD (2003 Server) - change to the name servers for my new ISP?
3) Domains (e.g. mycompany.co.uk) - change the IP addresses in the A records for my mailserver etc…

I’m not quite sure what I need to change in my DNS, so some help there would be appreciated.

For my domains, can I setup secondary records so that my new IP addresses & my existing IPs are valid?

Is there anything else I need to consider?

Many thanks in advance.

For your DNS-Servers in your AD you have to change the IPs of the external DNS servers.
You find those IP adresses under the FORWARDING tab in the properties of your DNS server in the DNSMGMT Snap-In of you MMC.
As you can still reach the dns servers of your old ISP this change is not that critical, only performance may be degraded a little bit.

Domain name pointing to 2 different DNS servers

Hello guys,

When you register a domain name, let´s say at GODADDY.com and they ask you for the DNS servers, if one of the servers is down, the other DNS server is supposed to serve in order to browse the website?

Let’s say I have DNS1 and DNS2, when a user try to browse my site, it will always point to DNS1 and if this one is down, it will automatically point to DNS2?

Thanks!

It’s not as simple as that I’m afraid.

You must split up DNS and HTTP. They operate on very different levels, DNS couldn’t care less about HTTP and vice versa.

I think what you’re looking for is Fail-Over should one of the web servers fail? You can use DNS to provide that, but it’s not quite that simple, and gets more complex if the DNS service and web service share a server.

Normally you would have:

DNS1 (1.2.3.4) - Primary for domain.com
www.domain.com IN A 1.2.3.4 TTL 300 (5 minutes)

DNS2 (1.2.3.5) - Primary for domain.com
www.domain.com IN A 1.2.3.4 TTL 300 (5 minutes)

Note that both DNS servers are Primary, that means no automatic replication of changes between the zones. If we don’t make both Primary you’re pretty stuffed if you lose the Primary DNS Server, you won’t be able to make changes (Secondary zones are Read Only).

Also notice that we have a low TTL set, 5 minutes. The TTL or Time To Live defines how long a requesting DNS server should remember your record before asking for it again.

If the web service on 1.2.3.4 fails you would have to manually change the IP address for www.domain.com and point it to 1.2.3.5. Clients would continue to go to 1.2.3.4 until you do.

You could do this:

DNS1 (1.2.3.4) - Primary for domain.com
www.domain.com IN A 1.2.3.4 TTL 300 (5 minutes)

DNS2 (1.2.3.5) - Primary for domain.com
www.domain.com IN A 1.2.3.5 TTL 300 (5 minutes)

In this situation while both servers are up load will be roughly split between the servers. It’s very rough because you cannot control who queries DNS1 and who queries DNS2 while both are available.

If DNS1 were to fail it should drop off and only DNS2 would be responding, and therefore only DNS2 would be used as a Web Server (because that’s the only version of the www record available). We’re still reliant on the low TTL or 1.2.3.4 will be used if it’s in memory / in the cache.

In short, while both are up you will not be able to control which web server is used unless you only have one www record.