Delegate DNS Forward Lookup Zone

Similar Messages

• Setting Forward Lookup Zones in DNS based on the port queried

  I have the following problem.
  We are using Dynamic DNS to access our site and the modem/router differentiates via port forwarding what server the query goes to based on the port number ie all request go to abc.dyndns.org:port number.
  Based on the port eg. port 3389 goes to server1 (192.168.0.1), port 8080 goes to server 2(192.168.0.2), port 80 goes to server 3 (192.168.0.3). This all works well if you are entering from OUTSIDE the local network.
  INSIDE the local network, I have setup a Forward Lookup Zone on a Domain server using DNS where the Host A resolves abc.dyndns.org to the local IP address of server 1 (192.168.0.1). This works fine.
  How do I get the abc.dyndns.org:other ports to go to the other servers IP addresses as you can only setup one Host A record of  abc.dyndns.org to one address 192.168.0.1, if someone queries from INSIDE the local network as the modem/router does not
  come into play?

  As I said before, DNS doesn't do this. DNS has nothing to do with ports resolution. It's purely a name to IP or IP to name resolution. THAT'S IT!
  But you can port translate each individual port from the WAN IP to different IPs  internally. I thought I said that earlier? Maybe I wasn't clear. I apologize for not fully explaining it, for I thought you understood that part.
  Revisiting the bottom of your original post:
  INSIDE the local network, I have setup a Forward Lookup Zone on a Domain server using DNS where the Host A resolves abc.dyndns.org to the local IP address of server 1 (192.168.0.1). This works fine.
  How do I get the abc.dyndns.org:other ports to go to the other servers IP addresses as you can only setup one Host A record of  abc.dyndns.org to one address 192.168.0.1, if someone queries from INSIDE the local network as the modem/router does not
  come into play?
  You still have to specify the port internally. Assuming mail.domain.com is server4 (since you didn't specify that port in your original post), you simply create a mail.domain.com zone and give it a blank IP for (making this up) 192.168.0.3, then type in
  the same exact thing you would do from the outside:
  http://mail.domain.com:8083/folder  
  Like I said, it's in the application. DNS just resolve to an IP. There are 65,536 port numbers, and DNS does not deal with resolving any of them. That's the responsibility of the application or service and the client (such as a browser) connecting to
  it.
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Create a "New Zone" in the "Forward Lookup Zone"

  I am working I Windows Server 2008 R2 SP1. 
  I went to DNS Server and tried to create a "New Zone" in the "Forward Lookup Zone" under "subdomain.domain.com". 
  I got the error: "Zone Not Loaded by DNS Server".
  Tried to F5 to Refresh but still same error.
  How do I get a new child or "subdomain" that will work in forest or "domain.com"?

  Hi
  You need to create a new child Domain in a new server.
  Build a new server and follow the belwo link as how to create a new child domain. This will create a subdomain as well a DNS
  http://technet.microsoft.com/en-us/library/cc771856(v=ws.10).aspx

• When trying to assign IP reservation in IPAM, Domain does not appear in Forward lookup zone drop-down list

  I am trying to assign reserved IP Addresses through IPAM that is installed on a Server 2012 OS.  Here is the procedure I have been following:
  Login to IPAM server
  Open Server Manager
  In left-hand column select IPAM
  In left-center column expand IP ADDRESS SPACE
  Select IP Address Range Groups
  Right-click the appropriate address range and select Find and Allocate Available IP Address
  In new window, scroll down to Basic Configurations
  I can input the basic configurations with no problem.  DHCP Reservation Synchronizations look good too.  But when I get down to DNS Record Synchronization, I can't do anything with the Forward lookup zones because nothing appears in the drop-down
  lists and I cannot manually enter the zone name.  Here is a screen shot of what I see at this point:
  Without completing this information, I cannot complete the Address Reservation.
  Any help or insight will be greatly appreciated.
  Thanks!
  Tom LaLumiere

  Hi Tom,
  This happens if your DNS servers that are managed by IPAM are not authoritative and primary for any zones, if they are not authoritative for the appropriate zones, or if there are not any DNS servers managed by IPAM.
  See the examples below. Here my DNS server is authoritative for 4 forward zones and 2 reverse zones. I can choose any of the forward zones but assuming I pick a range such as 10.0.1.0, I would be unable to choose the 168.192.in-addr.arpa zone because the
  IP addresses do not match.
  -Greg

• Msdsc folder and forward lookup zone

  I have a customer running a 2012 domain. In DNS, there is a Forward Lookup Zone named _msdcs.domain.name and also a folder named _msdcs inside the domain.name
  Forward Lookup Zone.
  The folder is grayed out. From what I've read, this folder may be a leftover from a previous domain OS upgrade. Can it be deleted safely?
  Also, we think there may be some corruption in the _msdcs.domain.name zone. From what I have read, it seems like we can delete it and Active Directory will re-create it. Do I have that correct?
  Jonathan

  The grayed out _msdcs folder is a delegation that should contain NS (Name Server) records for the DNS servers that hold the _msdcs.domain.ext zone - However it's only used in scenarios where the _msdcs.domain.ext zone isn't replicated or available at all
  DCs - in a multi-domain environment for example.
  No you should not delete the zone, it's needed for replication, if you wish to re-create it for a good reason, you have to point _all_ DCs to one single DNS Server where you re-create the zone.
  But there is no need to do this unless in rare situations, if you think information is missing dcidiag /test:dns /E will find out.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog
  So if this is a single domain with 2 Windows 2012 DNS servers, it seems like I can delete that grayed out folder. Correct?
  As for deleting and re-creating the zone, we believe there may be corruption in it and have read that if the zone is deleted, then AD will automatically re-create it.
  Jonathan

• DNS: Forward Lookup Domain with Just the MX Record

  Our Active Directory domain is olddomain.com. I have a Forward Lookup Zone for olddomain.com with CNAME, MX, and many A records. The MX record points to an internal mail server.
  We just acquired newdomain.com.
  newdomain.com is resolving to external DNS and it works. However, I need to route the internal mail flow of newdomain.com to our internal mail server and not have it pass out to the internet before coming back in.
  I would like to add JUST the mx record for newdomain.com to DNS. All other lookups (newdomain.com,  subdomains.newdomain.com, etc) should work exactly as they do now.
  I have had two thoughts how to do this, but need advice:
  Can I have all newdomain.com DNS lookups point to an external DNS, except for the one MX record?
  Can I have all newdomain.com resolve to olddomain.com IPs (including subdomains), except for the newdomain.com MX?
  I tried adding a new Forward Lookup Zone for newdomain.com with just the SOA, two NS, and the MX record. This broke resolution for http://newdomain.com and http://www.newdomain.com until I added two A records. I do not want to be manually adding records
  for all of our newdomain.com subdomains.
  What do you recommend?
  Thank you in advance!

  Can I have all newdomain.com DNS lookups point to an external DNS, except for the one MX record?
  You cannot as you will face the problem you already described.
  However, you might think about doing it that way:
  Get a copy of your external DNS zone (If you can do it of course) using
  NSlookup: http://social.technet.microsoft.com/wiki/contents/articles/29184.nslookup-for-beginners.aspx
  Create a zone named newdomain.com
  Develop a script that will create all the DNS records from the extracted copy except for the MX record
  Can I have all newdomain.com resolve to olddomain.com IPs (including subdomains), except for the newdomain.com MX?
  Same answer as before.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• DNS Forward Lookups Not Working

  My DNS experience and knowledge is pretty limited. Having said that it appears that our xserves can do reverse lookups for both of our xserves, but can't do a forward lookup. How can I fix this?
  Here are the lookup information from network utility:
  Lookup has started ... dataxserve.w.k12.ia.us
  ; <<>> DiG 9.3.4 <<>> dataxserve.w.k12.ia.us
  ;; global options: printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37918
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;dataxserve.w.k12.ia.us. IN A
  ;; Query time: 0 msec
  ;; SERVER: 192.168.0.3#53(192.168.0.3)
  ;; WHEN: Tue Jan 15 13:26:53 2008
  ;; MSG SIZE rcvd: 49
  Lookup has started ... 192.168.0.3
  ; <<>> DiG 9.3.4 <<>> -x 192.168.0.3
  ;; global options: printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19034
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;3.0.168.192.in-addr.arpa. IN PTR
  ;; ANSWER SECTION:
  3.0.168.192.in-addr.arpa. 86400 IN PTR dataxserve.w.k12.ia.us.
  ;; AUTHORITY SECTION:
  0.168.192.in-addr.arpa. 86400 IN NS dataxserve.w.k12.ia.us.
  0.168.192.in-addr.arpa. 86400 IN NS xserve.w.k12.ia.us.
  ;; Query time: 0 msec
  ;; SERVER: 192.168.0.3#53(192.168.0.3)
  ;; WHEN: Tue Jan 15 13:32:01 2008
  ;; MSG SIZE rcvd: 122
  Lookup has started ...xserve.w.k12.ia.us
  ; <<>> DiG 9.3.4 <<>> xserve.w.k12.ia.us
  ;; global options: printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10240
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;xserve.w.k12.ia.us. IN A
  ;; Query time: 0 msec
  ;; SERVER: 192.168.0.3#53(192.168.0.3)
  ;; WHEN: Tue Jan 15 13:32:52 2008
  ;; MSG SIZE rcvd: 45
  Lookup has started ...192.168.0.2
  ; <<>> DiG 9.3.4 <<>> -x 192.168.0.2
  ;; global options: printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49722
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;2.0.168.192.in-addr.arpa. IN PTR
  ;; ANSWER SECTION:
  2.0.168.192.in-addr.arpa. 86400 IN PTR xserve.w.k12.ia.us.
  ;; AUTHORITY SECTION:
  0.168.192.in-addr.arpa. 86400 IN NS xserve.w.k12.ia.us.
  0.168.192.in-addr.arpa. 86400 IN NS dataxserve.w.k12.ia.us.
  ;; Query time: 0 msec
  ;; SERVER: 192.168.0.3#53(192.168.0.3)
  ;; WHEN: Tue Jan 15 13:33:26 2008
  ;; MSG SIZE rcvd: 122
  Please help

  Hi
  You don't have to if you don't want to. You can leave both servers running internal DNS Services. The DHCP Service does not require DNS. It all depends on how you want to push out network services to your clients.
  I don't know your particular circumstances but its not absolutely necessary to run DNS on your mail server. It depends a great deal on how you want the server to handle mail for your domain. I'm not an expert but the way I generally do a mail server is to use external MX Records and duplicate the external record internally. Its a fairly simple method and should send and receive mail for your clients internally as well as externally.
  You could configure internal DNS Services on one server only and just add a machine record for the second server. You could expand on this and configure DNS Services on both servers with a machine record for each server on both. There is enough in the GUI to allow you to do this. For example server01.mydomain.com with an IP address of 192.168.254.254 and server02.mydomain.com with an IP address of 192.168.254.253. This way if one server was to go down the other server should still provide a DNS Service to your local clients. However without knowing fully your network environment and your requirements its difficult to advise.
  However is this a new setup and are you trying to get it to work? Or has it been working OK for a while and something has broken it? If its the latter what errors are you seeing?
  If you want to know more about DNS purchase a copy of Paul Ablitz and Cricket Lui's book 'DNS & Bind' and start reading.
  Hope this helps, Tony

• DNS forward lookups failing

  My system is the only DC and running Server 2012 R2 and is the only DNS server on a small network. There are 2 forwarders for internet name resolution and the root domains are also configured...all resolve without issue. Repeated simple & recursive test
  inquires all pass. The DNS timeout is set to 5 seconds.
  On every network client, approximately one-third of forwarded lookups fail on the first attempt. The second attempt may get a response. By the third attempt, the name resolves. There appears to be no relation between the domain lookups which fail. In
  fact, the same domain may fail on one day but, after clearing the cache, the same lookup won't fail
  No errors post to either the server or client event logs. I've removed the DNS service and reinstalled but the issue persists.
  Any guidance is much appreciated.
  Best,
  Bill
  Best,
  Bill

  Does the DNS lookup for your AD domain resolution or is it for public DNS names resolution?
  If it fails for public DNS names resolution, you can consider updating your DNS forwarders to be your ISP ones.
  Please also make sure that your DC is pointing only to its private IP address as primary DNS server and 127.0.0.1 as secondary one. On your client computers, make sure that they point to your DC as primary DNS server.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• DNS forward lookup

  When I run a changeip -checkhostname all returns ok from the server. When I run a dig -x on that DNS server IP all is ok. When I run a dig on the server name it fails. So forward lookup fails, reverse is fine. Any reason why?

  What DNS server(s) are involved here? Your own? ISP? A combination?
  Is the server resolving DNS itself? If so, then the network controllers reference the local box and the local DNS via the name localhost (or 127.0.0.1), and the local DNS server then connects to the upstream servers.
  Does dig with the @dns.example.com specifier for the DNS server you're interested in work?

• What's the benefit of creating Forward Lookup Zones?

  Once I install the DNS Server (using Windows Server 2008 R2).
  Do I need to create a new Forward Zone? Why?
  Believe you can do it, and you will!!

  Hi Ralph,
  Yes you do, otherwise you will not be able to query hostname to ip address, for instance say you have dev machine, the hostname is devmachine, if you try to rdp, ping...etc you will not be able to do so, it will throw an error, hostname not found
  Regards

• Permissions to create Reverse Lookup Zones in DNS

  What Active Directory permissions are needed to create Reverse Lookup Zones in DNS?  My co-worker is getting an access denied error when completing the wizard for this and the zone is NOT created.  He is a member of the "DnsAdmins" group and
  he can create Forward Lookup Zones.  We are running Server 2008 R2 SP1 on our Domain Controllers where DNS is running.  Any ideas?

  Set permissions for the DnsAdmins group on the DomainDNSZones application partition. To do this, follow these steps:
  Click Start, click Run, type Adsiedit.msc, and then click
  OK.
  In the task pane, right-click ADSI Edit, and then click
  Connect to.
  Under Connection Point, click Select or type a Distinguished Name or Naming Context, type the following, and then click
  OK:
  CN=MicrosoftDNS,DC= DomainDNSZones,DC=<var>Domain</var>,DC=<var>Domain_Extension</var>
  In the task pane, locate and right-click CN=MicrosoftDNS,DC= DomainDNSZones,DC=<var>Domain</var>,DC=<var>Domain_Extension</var>, and then click
  Properties.
  Click the Security tab, and then click Advanced. The
  Advanced Security Settings for MicrosoftDNS dialog box appears.
  In the Permissions tab, click Add.
  In the Enter the object name to select box, type DnsAdmins, and then click
  Check Names to verify the name.
  Click OK. The Permission Entry for Microsoft DNS dialog box appears.
  In the Apply onto drop-down list, click This object only.
  Click to select the Allow check box for the Full Control
  permission, and then click OK.
  In the Advanced Security Settings for MicrosoftDNS dialog box, click
  Apply, and then click OK.
  Click OK to close the properties dialog box for the DomainDNSZones application partition.
  Close the ADSI Edit window.
  Test whether you can create a new DNS zone now.
  If you found this post helpful, please "Vote as Helpful". If it answered your question, remember to "Mark as Answer". MCSE,MSCITP-EA

• Unable to create DNS forwarder in my AD integrated DNS

  Hi,
  I have my mix AD servers (2003 + 2008) and im trying to create DNS forwarder to send requests to outside the Domain over natted IP for the name resolution. However, it works perfectly fine in my test environment.
  Now, when i try to create on my production server, i get below error:
  The operation requested is not permitted on the root DNS server
  Please suggest.

  Hi, it is worth checking if you have got a root (period) forward lookup zone. If you have, you will need to remove that before you can setup a forwarder. Hope this helps. If in doubt, please post some details of your forward lookup zones (with fake names).
  Thank you
  MCTS, MCSE 2000/2003, MCSA 2000/2003, CNA

• Remove Old Name Servers from reverse lookup zones in DNS- PowerShell

  Hello Scripting Guys,
  I'm a long-time fan. Please let me know if I have included enough information for you to provide some guidance. Thank
  you!
  Here is what I am attempting to do:
  import a .csv file which contains
  zoneName,hostname,RecordType
  and then delete the name server entries from the reverse lookup zones.
  Why:
  There are hundreds of zones and 80+ name servers in each for a total of about 25,000 records to be removed. I
  have the list of zones and the list of name servers which I want to remove from the zones.
  Environment:
  I am running PowerShell as a Domain Admin with access to DNS. Zones allow secure updates only (if that matters here).
  I am running it from a Server 2012 R2 server with the DNS admin tools installed against Server 2008 R2 DNS servers. Current AD functional level Windows Server 2003. All DC are DNS server and GC's.
  What I have tried:
  The following
  works to return all the Name Server records in a zone:
  .csv file format
  zoneName,hostname,RecordType
  1.112.170.in-addr.arpa,nameserver1.contoso.com.,Ns
  1.112.170.in-addr.arpa,nameserver2.contoso.com.,Ns
  1.112.170.in-addr.arpa,nameserver3.contoso.com.,Ns
  2.112.170.in-addr.arpa,nameserver1.contoso.com.,Ns
  2.112.170.in-addr.arpa,nameserver2.contoso.com.,Ns
  2.112.170.in-addr.arpa,nameserver3.contoso.com.,Ns
  Script\Command:
  Import-Module DnsServer
  $PDCE = Get-ADDomainController -Discover -Service PrimaryDC
  import-csv c:\temp\OldNSrecords-test.csv | foreach {
  Get-DnsServerResourceRecord -ZoneName $_.zoneName -RRType "Ns" -computerName $PDCE
  -Node
  OutPut to screen:
  HostName RecordType Timestamp TimeToLive RecordData
  @ NS 0 1:00:00 Nameserver1.contoso.com
  @ NS 0 1:00:00 Nameserver2.contoso.com
  However, replacing the business line (in green above after foreach) with the remove command (in red below)
  does not work to delete the specific record listed in the .csv, even though it follows the
  pattern from MS TechNet:
  Remove-DnsServerResourceRecord -ZoneName $_.zoneName -RRType "Ns" -name $_.hostname -computerName
  $PDCE
  Error:
  PS C:\Windows\system32> C:\Temp\OldNSCleanup.ps1
  Remove-DnsServerResourceRecord : Failed to get nameserver1.contoso.com. record in
  1.112.170.in-addr.arpa zone on PDCE server.
  At C:\Temp\OldNSCleanup.ps1:4 char:1
  + Remove-DnsServerResourceRecord -ZoneName $_.zoneName -RRType "Ns" -name $_.name ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo : ObjectNotFound: (PDCE:root/Microsoft/...rResourceRecord) [Remove-
  DnsServerResourceRecord], CimException
  + FullyQualifiedErrorId : WIN32 9714,Remove-DnsServerResourceRecord​
  When I remove the use of the .csv and put the names of the zone and server in the command, I get the same results.
  Fail.
  It's as if the record does not exist, but I can browse to it in the GUI. I found
  this about Missing Glue records, but it does not seem to apply to reverse lookup NS records. I'm thinking that I need to first load each zone into an assembly and then do the removal,
  but I'm not sure how to do that in PowerShell. I tried piping the get command for the zone to the remove command, but that did not work or I did not have the correct syntax.
  I have attempted to use DNSCMD to do the same and that command appears to work, but then fails to actually remove
  the record.
  Here is an example of that command:
  import-csv C:\Temp\OldNSrecords-test.csv | foreach {dnscmd.exe "DNSServer.contoso.com" /Recorddelete $_.ZoneName
  $_.hostname $_.recordType /f}
  Output:
  Deleted Ns record(s) at 1.112.170.in-addr.arpa
  Command completed successfully. [But not really, the NS record is still there]
  I have researched several sites including the suggest one here, but this does not fit my requirement.
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/97070ff2-59e2-4f34-9c39-054048e008af/automatically-delete-removed-dcname-servers-and-automatically-add-new-dcname-servers-in-reverse?forum=winserverDS
  http://technet.microsoft.com/en-us/library/jj649872.aspx

  Here is a backing store for the root servers in the DNS format:
  ; formerly NS.INTERNIC.NET
  . 3600000 IN NS A.ROOT-SERVERS.NET.
  A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
  ; formerly NS1.ISI.EDU
  . 3600000 NS B.ROOT-SERVERS.NET.
  B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
  ; formerly C.PSI.NET
  . 3600000 NS C.ROOT-SERVERS.NET.
  C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
  ; formerly TERP.UMD.EDU
  . 3600000 NS D.ROOT-SERVERS.NET.
  D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
  ; formerly NS.NASA.GOV
  . 3600000 NS E.ROOT-SERVERS.NET.
  E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
  ; formerly NS.ISC.ORG
  . 3600000 NS F.ROOT-SERVERS.NET.
  F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
  ; formerly NS.NIC.DDN.MIL
  . 3600000 NS G.ROOT-SERVERS.NET.
  G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
  ; formerly AOS.ARL.ARMY.MIL
  . 3600000 NS H.ROOT-SERVERS.NE
  Notice that each is a pair.
  One is the NS and the secon is the A record.
  .                        3600000      NS    G.ROOT-SERVERS.NET.
  G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
  In this case the dot represents the self reference to the A record.  These are the records that bootstrap all of the Internet.  Remove them and you ae lost.
  The CSV uses the @ to anchor the local domain.  Perhaps the DNS CmdLets prefer the dot.  The @ is what appears on the screen when we use the GUI. Note the dot at the end of the FQDN.  It is required.  Even browser use
  it but they add it if you forget.
  ¯\_(ツ)_/¯

• How to Install DNS ROLE and its FQDN service and Reverse Lookup zone in Server Core using Powershell?

  Hi
  I am Setting A Lab Scenario That the PC name "Core2012" i.e. Server Core 2012 Will be Domain Controller.
  Using PowerShell I have done this Task
  Change hostname ; Configure IP address and Preferred DNS address ; Disable IPv6 ;
  Configure Firewall ; Even Active Directory Role install.
  Now problem occur
  Well I have know to install DNS role install-WindowsFeature DNS
  Ok
  But; 
  How to configure FQDN ; Restore mode password ; Setting up global catalog server ;and configure Reverse Lookup zone Using powershell
  I have search many Forums but I am not getting to touch with it.
  So I Need a help to set and Configure DNS using Powershell
  Thank You!!!
  sagarpdalvi

  Hi Sagarpdalvi,
  To set the Safe mode password with powershell, please refer to the cmdlet Install-ADDSDomainController, to enable global catalog(GC), please run the cmdlet "Set-ADObject" after install Active Directory on the core server, to configure Reverse Lookup zone,
  please refer to the cmdlet
  Add-DnsServerPrimaryZone.
  To configure DC with powershell, please check the scripts:
  Installing a Domain Controller on Windows Server 2012
  R2 Core
  Enabling and Disabling the Global Catalog
  To configure DNS, the Domain Name System (DNS) Server Cmdlets should be helpful for you:
  http://technet.microsoft.com/en-us/library/jj649850.aspx
  I hope this helps.

• Change reverse lookup zone replication

  We have a windows 2008 R2 domain / forest.
  One Root domain and 2 childdomains. A DC/DNS server in the root domain is the scavenging server in the forest
  Long story short, i noticed that the replication of the reverse lookup zone in one childomain, is set to All DC's in this domain, instead of to all DNS servers in the forest.
  I want to change this because we have a lot of duplicate in the reverse zone, and encounter issues with remote desktop or remote asstistance.
  Can i change this to "all DNS servers running on domain controllers in this forest" without any downtime / issues?
  Thanx

  Suffixes should be configured on EVERY machine, not just DCs. This way any machine can resolve anything in the infrastructure. That's the goal to design DNS.
  If you want to go to forest wide replication, the first thing you must do is set all child DCs to ONLY use the forest root DNS servers. Don't worry about servers and clients in the child domains at this time that may be pointing to the child DC/DNS for the
  moment, because you will be doing this during a maintenance window and we'll get to them later... Stick with me a second...
  Then you would change the replication scope on the parent root domain DNS servers ONLY.
  Then WAIT for replication to happen. Go have lunch, go see a movie, etc... Then check the zone properties on a few DCs at the parent, and especially the child domains' DCs, to make sure that they reflect the zone is now set to forest wide replication.
  Now on a child domain DC, create a test record. Check the partner DCs and the other child domain DCs, and the parent root domain DCs to see if it replicated. If it did, you're good to go.
  Once you've confirmed that they are all showing forest wide replication, and the test worked, then change the child domain DCs to point to it's partner DC as the first entry, and itself or the loopback as the second entry.
  And yes, delegate the _msdcs zone. First create the _msdcs.domain.local zone, and set updates to Secure Only, and put it in the forest scope. Then go to domain.local, right-click, delegate, type in _msdcs, and type in the forest root DCs' IP.
  Hope that helps.
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.