Secondary DNS Zone

Similar Messages

• Setting up a secondary DNS zone

  i work for a digital web agency and we have our primary DNS server setup on a Linux box.
  overall we have no problems with it however from time to time it can go down which causes lots of problems.
  I've been thinking about potentially setting up a Secondary slave DNS server on my network but using the 10.6 server box i currently have setup.
  is this possible if my primary DNS server is on a linux box?

  You will also need to add the name of the secondary server in your domain name server list (where you registered your domain)
  Note necessarily. If this is only serving your LAN then you need to tell your LAN clients about this server, but entering this server's address in their DNS servers field (which may be populated via DHCP if you're using that).
  You only need to register the domain if you're serving public DNS to external clients but I'm guessing that's already handled elsewhere.

• How to setup multiple DNS zones in a single domain

  We have a small charter school running a Mac Open Directory network on a single subnet with a single registered FQDN for its internal domain. We are about to open a second school within a wing of the same building which will also be on a Mac Open Directory domain, but since it is legally a separate school (just administered by the same staff) it needs to be on it's own subnet and have its own LDAP directory.
  Is there a way to program DNS between the two schools so that DNS traffic can be routed between them without breaking the DNS and Open Directory/Kerberos realms of either? Both schools will share the same internal domain name. Is it as simple as creating two primary DNS zones on each other's nameservers, both using the same domain name but each having its own designated nameserver for that particular subnet?
  For instance, the existing school is running DNS on server1.example.com within the 10.39.54.0/23 subnet. The second school will be running DNS on server2.example.com within the 10.39.56.0/23 subnet. Would I then simply create two primary zones within each subnet, one referring to its own with itself as the nameserver and one within the neighbor subnet referencing that subnet's server as the designated nameserver.
  Or would I do this with each schools DNS servers searching through its own subnet as its primary zone with the neighbor zone being added as a secondary zone?
  Thanks!

  You have two options.
  Use a DNS server with a single internal domain example.com and have (as you said) server1.example.com
  If the two subnets are on separate networks either via a router or VLAN, then you could run a separate DHCP server on each and advertise the appropriate DNS server for that subnet.
  Otherwise you could have a single DNS server and either single DHCP advertising that single DNS server and have both server1 and server2 in the single DNS zone, or a DHCP server in each subnet but still pointing to the same single DNS server.
  Each of these two servers would be an Open Directory Master
  Note: in DNS terminology a DNS 'zone' is the same thing as a Domain Name.
  The second option which if you want to keep the two 'schools' completely separate is to do the following
  Use a DNS server per subnet
  Use a DHCP server per subnet
  Use a different domain name per school e.g. school1.com and school2.com
  Create a server record on each as appropriate e.g. server1.school1.com and server2.school2.com
  You cannot have a single DNS server have two identical zones e.g. example.com and example.com as they are of course the same thing.
  If the two schools will merge officially at some point it might be better to use the same domain name, if they are going to fully split then definiately it is going to be better to use two different domain names.

• Can't create DNS zones in Server Admin

  Hi All,
  So, I've run into this strange problem where when configuring the zone files for the DNS server in Server Admin that clicking on the + button doesn't do anything. I've re-installed Tiger Server including reformating the disk and still nothing.
  Can anyone tell me where the zone file is kept. It might be better just to make my own unless anyone can tell me why the + button isn't working.
  Thanks much!

  Definitely better to make your own, if you know how (lots of good google-able docs on this). Using Server Admin for DNS zone files is dicey at best.
  BIND config file is located at '/etc/named.conf'
  Zone files live in '/var/named/.' Primary zone files are named 'myDomain.com.zone' and secondary files are named 'myDomain.com.bak'
  Feel free to email me if you need some default files.
  Can anyone tell me where the zone file is kept. It
  might be better just to make my own unless anyone can
  tell me why the + button isn't working.
  iBook G4   Mac OS X (10.4.3)  

• Secondary DNS failing to redirect clients when Primary DNS goes down

  I have a single domain with two Windows 2008 servers, DC1 (physical) and DC2 (virtual).  Both servers run DNS and are GC servers, and the entire domain is on the same subnet (192.168.0.x). 
  All clients on the network are configured to use DC1 as primary DNS, DC2 as secondary DNS. 
  DHCP is enabled only on DC1.  (This might be part of the issue, not sure).
  The problem is that when DC1 goes down for a reboot or repair, we lose access to the internet from our clients.  Trying to pull up any website results in a "Page cannot be displayed" error.  DC2 is available during this time and can be
  pinged from any client but does not resolve DNS requests, even if I specify it as the primary DNS server on one of my workstations.  However I can log on to DC2 locally and browse the web. 
  Here are the results of a DCdiag /dnsall from DC2 (I bolded areas of concern):
  Directory Server Diagnosis
  Performing initial setup:
     * Connecting to directory service on server DC2.
     * Identified AD Forest.
     Collecting AD specific global data
     * Collecting site info.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
     The previous call succeeded
     Iterating through the sites
     Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
     Getting ISTG and options for the site
     * Identifying all servers.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
     The previous call succeeded....
     The previous call succeeded
     Iterating through the list of servers
     Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     * Identifying all NC cross-refs.
     * Found 2 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\DC2
        Starting test: Connectivity
  * Active Directory LDAP Services Check
  Determining IP4 connectivity
  Determining IP6 connectivity
  * Active Directory RPC Services Check
  ......................... DC2 passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\DC2
        Test omitted by user request: Advertising
        Test omitted by user request: CheckSecurityError
        Test omitted by user request: CutoffServers
        Test omitted by user request: FrsEvent
        Test omitted by user request: DFSREvent
        Test omitted by user request: SysVolCheck
        Test omitted by user request: KccEvent
        Test omitted by user request: KnowsOfRoleHolders
        Test omitted by user request: MachineAccount
        Test omitted by user request: NCSecDesc
        Test omitted by user request: NetLogons
        Test omitted by user request: ObjectsReplicated
        Test omitted by user request: OutboundSecureChannels
        Test omitted by user request: Replications
        Test omitted by user request: RidManager
        Test omitted by user request: Services
        Test omitted by user request: SystemLog
        Test omitted by user request: Topology
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: VerifyReferences
        Test omitted by user request: VerifyReplicas
        Starting test: DNS
  DNS Tests are running and not hung. Please wait a few minutes...
  See DNS test in enterprise tests section for results
  ......................... DC2 passed test DNS
     Running partition tests on : ForestDnsZones
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : DomainDnsZones
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : Schema
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : Configuration
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : mydomain
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running enterprise tests on : mydomain.com
        Starting test: DNS
  Test results for domain controllers:
   DC: DC2.mydomain.com
  Domain: mydomain.com
  TEST: Authentication (Auth)
  Authentication test: Successfully completed
  TEST: Basic (Basc)
                    Microsoftr Windows Serverr 2008 Standard 
  (Service Pack level: 2.0)
  is supported
  NETLOGON service is running
  kdc service is running
  DNSCACHE service is running
                    DNS service is running
  DC is a DNS server
  Network adapters information:
  Adapter [00000006] Intel(R) PRO/1000 MT Network Connection:
  MAC address is 00:0C:29:91:59:68
  IP Address is static
  IP address: 192.168.0.249
  DNS servers:
  192.168.0.105 (DC1.mydomain.com.) [Valid]
  127.0.0.1 (DC2) [Valid]
  The A host record(s) for this DC was found
  Warning: The AAAA record for this DC was not found
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - mydomain.com]
                    The SOA record for the Active Directory zone was found
  The Active Directory zone on this DC/DNS server was found primary
  Root zone on this DC/DNS server was not found
  TEST: Forwarders/Root hints (Forw)
  Recursion is enabled
  Forwarders Information:
  192.168.0.105 (DC1.mydomain.com.) [Valid]
  192.168.0.7 (<name unavailable>) [Invalid (unreachable)]
   Error: Forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)
  TEST: Delegations (Del)
  Delegation information for the zone: mydomain.com.
  Delegated domain name: _msdcs.mydomain.com.
  DNS server: DC1.mydomain.com. IP:192.168.0.105 [Valid]
  TEST: Dynamic update (Dyn)
  Test record _dcdiag_test_record added successfully in zone mydomain.com
  Test record _dcdiag_test_record deleted successfully in zone mydomain.com
  TEST: Records registration (RReg)
  Network Adapter
  [00000006] Intel(R) PRO/1000 MT Network Connection:
  Matching CNAME record found at DNS server 192.168.0.105:
  a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
  Matching A record found at DNS server 192.168.0.105:
  DC2.mydomain.com
  Warning:
  Missing AAAA record at DNS server 192.168.0.105:
  DC2.mydomain.com
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._tcp.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._udp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kpasswd._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.gc._msdcs.mydomain.com
  Matching A record found at DNS server 192.168.0.105:
  gc._msdcs.mydomain.com
  Warning:
  Missing AAAA record at DNS server 192.168.0.105:
  gc._msdcs.mydomain.com
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
  Matching  SRV record found at DNS server 192.168.0.105:
  _gc._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
  Matching CNAME record found at DNS server 192.168.0.249:
          a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
  Matching A record found at DNS server 192.168.0.249:
  DC2.mydomain.com
  Warning:
  Missing AAAA record at DNS server 192.168.0.249:
  DC2.mydomain.com
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
               Matching 
  SRV record found at DNS server 192.168.0.249:
  _kerberos._tcp.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kerberos._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kerberos._udp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kpasswd._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
             Matching 
  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.gc._msdcs.mydomain.com
  Matching A record found at DNS server 192.168.0.249:
  gc._msdcs.mydomain.com
  Warning:
  Missing AAAA record at DNS server 192.168.0.249:
  gc._msdcs.mydomain.com
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
  Matching  SRV record found at DNS server 192.168.0.249:
  _gc._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
  Warning: Record Registrations not found in some network adapters
  TEST: External name resolution (Ext)
  Internet name www.microsoft.com was resolved successfully
  Summary of test results for DNS servers used by the above domain
  controllers:
  DNS server: 192.168.0.7 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.7              
  [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
  DNS server: 192.168.0.105 (DC1.mydomain.com.)
  All tests passed on this DNS server
  Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
  DNS delegation for the domain  _msdcs.mydomain.com. is operational on IP 192.168.0.105
  DNS server: 192.168.0.249 (DC2)
  All tests passed on this DNS server
  Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
  Summary of DNS test results:
  Auth Basc Forw Del  Dyn  RReg Ext
  Domain: mydomain.com
  DC2                      
  PASS WARN FAIL PASS PASS WARN PASS
  ......................... mydomain.com failed test DNS
        Test omitted by user request: LocatorCheck
        Test omitted by user request: Intersite

  Looks like it may be trying to forward to a machine that's down (DC1 and another 192.168.0.7) and root hints aren't available.
  Check out this article:
  http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx
  See if you can enable DNS access through the firewall to the Internet if it's not already available.  Try to match whatever forwarder settings are on DC1, or remove them entirely and let the server resolve DNS from Internet root servers.  Alternativly,
  you could change your forwarder to a public DNS server you have access to, your ISP should supply this or you could test with something common like 4.2.2.2.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• No DNS zones in server admin

  Here's my log: 
  Oct 21 12:49:25 server servermgrd[2019]: -[DNSManagerRRMgr bindZoneDB]: Unable to load zone database (RRs) for "***.com" from file "/var/named/db.***.com": CNAME and other data

  Definitely better to make your own, if you know how (lots of good google-able docs on this). Using Server Admin for DNS zone files is dicey at best.
  BIND config file is located at '/etc/named.conf'
  Zone files live in '/var/named/.' Primary zone files are named 'myDomain.com.zone' and secondary files are named 'myDomain.com.bak'
  Feel free to email me if you need some default files.
  Can anyone tell me where the zone file is kept. It
  might be better just to make my own unless anyone can
  tell me why the + button isn't working.
  iBook G4   Mac OS X (10.4.3)  

• Non-AD Integrated Secondary DNS Promote to Master?

  Hello. We currently run a non-domain joined 2012 R2 DNS server for our external .com domain. I would like to stand up a secondary in our DR datacenter, but am wondering how I would promote it to master in the event our current master were to fail? Both platforms
  are Server 2012 R2.
  ns1.domain.com = master
  ns2.domain.com = secondary
  In the event ns1 experienced a failure, I'd like to be able to promote ns2 to become master (authoritative) for the .com domain to allow record changes.

  Hi,
  According to your description, my understanding is that primary DNS server has been down, and you want to change the secondary DNS server (not domain member and configured for external name resolution) to primary DNS server.
  If there is one DNS server in your domain, I am wondering if it is an AD-Intergraded zone. And if the secondary DNS server has a full transferred secondary zone.
  In general, compared the secondary DNS server with primary DNS server, you may find that the secondary one do not have a  folder in forwarder lookup zones named
  _msdcs.<domain.com>, according zone transfer we may copy this folder and RRs. But considering the primary DNS server is down, we need to manually copy these date to secondary DNS server.
  If the primary zone is not AD-Integrated, open path %systemroot%\system32\dns\
  on primary DNS server and copy the file _msdcs.domain.com.dns/domain.com.dns
  to the corresponding path on secondary DNS server, then create primary zone using this exiting file. All RRs will be displayed once the zone has been created. 
  For AD-Integrated primary zone, we need to back up the zone by command lines and then restore it to the secondary DNS server, detailed steps you may reference:
  https://technet.microsoft.com/en-us/library/jj649877.aspx
  https://technet.microsoft.com/zh-cn/library/ff807395(v=ws.10).aspx
  Or you may also try to manually add the folder _msdcs.domain.com.dns, including its sub folders and RRs. And remember to change the secondary zone type to primary.
  And remember to redirect DNS clients to use the secondary DNS server as the primary one.
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Limiting DNS Zone Transfers Correctly

  I am setting up the DNS server. I have encountered a limitation when trying to limit zone transfers. Obviously I want to allow only zone transfers to my secondary DNS.
  The advice given in the user manual seems incorrect. The user manual says to limit zone transfers using your firewall to limit TCP connections on port 53. However, my understanding is that regular DNS clients need to be able to use TCP to obtain DNS responses that are greater than 512 octets.
  Does somebody know of a way to correctly limit the zone transfers without breaking the DNS GUI or breaking large responses?

  you can add the statement... it should not break Server Admin.
  While you are there, you may want to add forwarders for efficiency.
  Add the bold code
  options {
  directory "/var/named";
  forwarders {
  0.0.0.0;
  0.0.0.0;
  forward first;
  recursion true;
  replace 0.0.0.0 with your ISPs name servers
  Jeff

• Changing DNS zone names after the fact

  Over 3 months ago we started setting up our server network. After discussions with administration it was determined (at the time) that we would use and register a domain name with a .net extension. So we set up a primary server with this extension and had it registered with our ISP. We subsequently added 7 other servers to the mix and as they were installed they grabbed their names from the DNS zone we had setup *.net in our DNS zone in our primary nameserver system. It was all well the tests worked we had it all going and are moving our 130 machines (including about 60 users) over next few months (and have moved about 10 users and other machines so far.
  My question is this. Back in beginning a *.org was the other option but we had problems with it and our ISP (could have been some error on our part) so we went with *.net for our domain and got that registered. Now all of a sudden as our management is wanting to move the organizational website (we are not doing that) to another service that service is tying to convince them we should have not used *.net but *.org.
  The person in charge of us is strongly asking if we can go back and setup with *.org but as I understand it I cannot go in and delete my *.net DNS zone and then rename all the servers with a .org extension but as we understand it from lynda.com and other sources it appears that we probably would have to go back and reset all the machines back up by reinstalling them after I changed the first primary nameserver. And then register the new name and wait for it to propagate?
  Are we wrong? Can we just go in and turn off the DNS in server admin and then change the zone name(s) to *.org and the host names of each server from *.net to *.org and restart DNS and find all to be well? As much as we can tell it appears that we would have to restart from scratch as all the documents and lynda.com imply we should have had our final domain name set and registered before we started to install and setup the primary and secondary servers?
  I see some examples where it is said to make such changes something needs to be done with ipconfig and not the GUI in server admin. But again I am not sure that this will work with our primary nameserver and the 7 servers under it?
  Any feedback or help about this would be appreciated. It is our preference to stay with *.net and not have to do major work as we are starting user and network migration to the new servers and hate to have have such a major setback just because one person and the web design service they want to use does not like *.net. to us it appears the horse is long out of the barn and when this was approved last fall we have gone to far to easily go back. But if it is easier to go back than we think then we are willing to try to change.
  Thanks
  russ

  foilpan wrote:
  first, what are these servers doing? are they all web servers, OD masters, simple file servers? depending on their roles, changing their names can be more or less of a problem.
  The first server we set (the name server) does incoming mail, is the DNS server for local net and such. Then there is the outgoing mail server (one of 7) a web server (another of 7) and then the rest are mostly file servers for our setup.
  second, work out that political stuff before making any changes. if everything's working fine as is, make a strong case for leaving things alone. if possible, estimate support costs for changing everything and troubleshooting, then see if management can justify it.
  Sort of my feeling. We thought we had it all worked out but then they decided to abandon the old web site (managed by someone else but associated with the old mail/network somewhat) and have a new Web design company do it and this company complained about us having chose a .net for what reason I do not know so the administrator somehow was persuaded and had no idea of the can of worms she had opened up by changing her mind. If it is too much of a hassle and it appears so in terms of delays to move rest of organization over then I hope we can convince them.
  are all these servers public facing or behind a firewall?
  They are behind a firewall on a high speed cable modem ISP service (firewall is local ASTARO machine).
  also, why not setup another dns zone for .org and point to the same hosts? that would allow you to use either .net or .org, for the most part. again, that depends on what these servers are doing.
  We suggested that but the administrator did not like having two names we have a lot of users (volunteers and such) who are not really too savvy (the nature of free and partime help I guess) and she feels they will be confused by two extensions for network, mail and web. It sure does not bother me (I have about 8 email addresses for example now .
  post more details without the political background and what the end result should be, and we'll be able to add more here.
  Ok basically we want to know with the following:
  1) main nameserver (the first server that provides the DNS zone for local *.net and serves the incoming mail)
  2) A second outgoing SMTP server to split load and do outgoing work...
  3) A third webserver doing all the web services (blog, wicki, and such)
  4) 4 file servers that are going to provide a local file server for our 4 main departments
  5) A final test server we are testing other things with-- so total of 8 servers.
  6) 8 Users out of 60 now on the network with their personal desktops or laptop machines, and a few printers and other devices all on new network.
  There are a total of 130 macs and pc's in our organization that will all eventually be on this new network with the above.
  Basically we are wondering if the main (first) DNS and incoming mail sever, and the 7 other (web, SMTP out, and file server machines) will have to be set back up from reinstall if we are to make the change from the *.net zone we have now to a *.org one?
  Any other details that would be of help?
  Thanks
  Russ
  2) second

• Hosting Multiple DNS Zones on different servers How To?

  Hello, I have an issue that I would like one of the experts to help out with.
  I am currently facing an issue with DNS. I currently need to be able to ping certain machines on my internal domain by their external IP address.
  Example: machineA.domain.local has IP address 192.168.1.10 but from the inside of my network I would need to be able to ping machineA.domain.local and have it resolve to my EXTERNAL IP ADDRESS.
  Now as far as I know using a split DNS would solve this issue. Herein lies my issue.
  My DNS works half the time. Sometimes I will ping machineA.domain.local and it will resolve the internal address and sometimes it would resolve the public IP address (which I set manually in my split DNS)
  Now, my reasoning for this is because there are multiple entries with the same machine name on the same domain controller that resolve to different IP addresses. So when I ping machineA.domain.local the reply will be a "confused" reply.
  Here is what I tried to do to correct the issue. I created another Windows Server 2008 R2 machine with only the DNS role installed. I then removed the split DNS from my domain controller and added the zone "zone.domain.com" with the A record "machineA.domain.com"
  I did not join the domain with the new machine as I did not believe it to be necessary.
  The machines on the inside still cannot ping "machineA.domain.com", nor can my new server successfully ping "machineA.domain.local". It can resolve "machineA.domain.com" but I am fairly certain this is because I added it in
  the DNS zone.
  I tried to go a little further and tried to connect to the domain controller DNS via the MMC snap in on my new server. I get an error telling me that the access is denied.
  In order to attempt to fix that I added the computer in the properties of the DNS in the security tab. I also added the newly created server to the DNS admins group.
  Nothing works I am not sure what I am doing incorrect but I would need to know how I can do the following
  A) Successfully (if possible) have 2 different zones on the same domain
  example: internal.domain.local and external.domain.com
  I would need to know how to be able to successfully ping the machines I need to ping that resolves to  the external IP address from the inside without having the internal A record in the DNS zone interfere.
  I would also need to know how I could connect to the domain controllers DNS via another computer (the new server) without having the access is denied error.
  Once again, I tried to use a split DNS on the same server which yielded mixed results. I cannot have the machines replying randomly or go down because 2 DNS zones are on the same machine.
  Thank you hope to get an answer ASAP!

  Anyone have any ideas on this?

• How to change DNS zone, or how to host email outside of BC

  I have BC from Creative Cloud Suite, so I have the cheapest possible plan for BC.  Meaning I don't get any email hosting.  So I was looking to host email outside of BC.  I looked it up on google to see if it could be done (I'm really new with all this hosting stuff!), and I found that if you change the DNS zone and MX records to certain things you could.  I had to delete the MX record I had set up prior to finding out BC won't host my email, and I went to set up an Advance DNS Records.. But I'm not sure what to do! There's a lot of information I'm not sure about, and I don't know what goes where!
  I'd like to have godaddy host my email, and what I found is that I need to change my DNS zone to: mailstore1.secureserver.net and change MX records to 0 smtp.secureserver.net 10 mailstore1.secureserver.net
  I may end up finding somewhere else to host email at a later point, but right now I just want to try to figure out how to do this so I'll be able to in the future.  Any and all help is appreciated! Thank you

  Hi
  All you need to do is go to Admin > Site Settings > Site Domains and activate your new domain. You’ll have to enter an MX record for e-mail to be setup, which will be provided by godaddy.
  Here’s a similar article on the same topic:
  http://forums.adobe.com/message/4997019#4997019
  Let me know how it goes

• DNS record is not dynamically created in DNS Zone, when joining to DNS domain

  hi
  in my test lab i have deployed two virtual machines (both are windows server 2008 R2 enterprise).
  on vm1 i have installed just DNS role (without Active directory) and created a primary non-ADintegrated zone.
  on this DNS zone, i have enabled dynamic update set to
  non-secure & secure .
  now in my vm2 (as a DNS client) , i set the ip address of this DNS server as preferred DNS server and then in system properties, on the primary DNS suffix field, i entered the name of my DNS domain (mydomain.lab)& rebooted VM2, but the a record of this
  client (vm2) is not registered (created ) in mydomain.lab zone.
  i respect the record be created like the situations which we join a client to AD domain 

  Hi  John ,
  When registering DNS record ,client will send a SOA query to find the primary server of the zone .Then send register message to the server .
  We can use nslookup to find the problem :
  Open Command Prompt
  type nslookup
  type set type=soa
  type zone name
      1. If there is positive response ,check the name of
  primary name server and the IP address of the server .
  Its name should be vm1.mydomain.lab .If not ,edit the SOA record in the zone .
  If no IP address ,edit NS record in the zone .
      2. If there is no response ,check the SOA record in the zone .
  We can manually delete and recreate the records to ensure there are right SOA and NS records .
  Here is the guide for using nslookup :
  Nslookup :
  https://technet.microsoft.com/en-us/library/cc940085.aspx
  Best Regards,
  Leo
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Hi Leo, thanks for reply.
  i did all steps you mentioned but still no result.
  i put an screenshot of my desktop here , everything is shown here:

• Active Directory Integrated DNS Zones, replicate only to specific domain controllers

  I have a customer with a fairly large Active Directory forest with many domains that they are trying to consolidate into a single domain which likely take 18 to 24 months according to their timeline.  During this time, they would like all DNS zones
  to be serviced directly from the new domain controllers, meaning, domain A would have replicas of domain B, C, D, E, etc.  Because the environment is complex and some domain controllers in domains other than A are in a very sad state and replication problems
  abound, they would like to avoid replicating all zones forest wide.  
  I've never done this before, or even considered it necessary, is it even possible?  I don't have a ton of time for trial and error, but based on this there seems to be some hope:
  https://technet.microsoft.com/en-us/library/cc753801.aspx?f=255&MSPPError=-2147217396
  Is this telling me how to do what I want to do?
  Thanks
  J
  Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator, MCITP: Enterprise Administrator

  He actually didn't specify much about dynamic updates requirements for old domains, if they don't need secure dynamic updates then a primary zone would work:
  The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server that is configured to load
  either a standard primary or directory-integrated zone.
  REF: Understanding Dynamic updates
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• External DNS zone on Internal DNS servers

  We currently have a 2 domain forest with DNS running on all domain controllers. All domain controllers are 2012 or 2012 R2 and our Domain and forest functional level is set at 2008 R2 due to the existence of an exchange 2003 server which wont be retired
  for several months. We have 2 DNS servers in the root domain and 4 DNS servers in the child domain. This is a centralized DNS setup. Our parent domain is DOMAIN.LOCAL and the child domain is XX.DOMAIN.LOCAL. Externally, our DNS is MYDOMAIN.com. we
  do not have a public facing DNS server and our DNS records are hosted by a 3rd party
  We want to add the MYDOMAIN.COM DNS zone internally (AD Integrated) since we have several instances where applications do not really work well with the XX.DOMAIN.LOCAL DNS. We want this zone to host several DNS records for internal resolution
  only since we do not have any public facing applications or web servers such as SharePoint etc.
  My question(s) is this?
  How is the best way to do this and how will it affect the zones we currently have in place.
  Is it as simple as creating a new forward lookup zone, adding static records?
  How do we (or do we) handle delegation?
  Any information or suggestions to get me started would be greatly appreciated.
  Russ

  Hi,
  I’m not quite understand your question, do you want to create a new primary DNS zone on your current DNS server? If so, you
  just need to create a new primary, you can create the additional primary DNS zone.
  The related KB:
  Configuring a new primary server
  http://technet.microsoft.com/en-us/library/cc776365(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Another DNS Zone Question! :)

  I have several geographic sites all with their own leopard servers (ten or so). Each are open directory masters managing public ip subnets. We do have an external dns server and all of our servers have registered names that are part of the same domain....
  My question is this... when setting up dns on each server, do I need to create zones, or can I just make the dns forward to our external name server. I am worried that having more that one ns authoritative for the same domain will cause problems with our isp dns server? I have one server running just fine without zones... just forwarders ... and all is running smoothly, ical, wiki's, mcx, mobile accounts, etc...
  Looking forward to finding out whether having zones at other locations and authoritative dns servers is a bad thing or not.
  Thanks.

  As long as the external DNS server has all of the info you need, there's no need to set up duplicate zones on your servers; as you note, it could even cause problems if the info got out of sync. In fact, you don't even need to act as a forwarder, you could just turn off DNS service and configure all your computers (servers & clients) to use your ISP's DNS servers.
  In your situation, I see two reasons you might want to run DNS service: in case your internet link goes down (losing access to DNS tends to make it hard to find servers, even if they're on the same LAN), or if the public DNS servers don't have the reverse DNS (IP number -> domain name) entries you need. If you're worried about the first, you could set your servers as secondaries (aka slaves) for the relevant zones, in which case they'll download the zone files from the master and automatically keep in sync. If the second is an issue, you're probably best off bugging your ISP -- since the reverse records are tied to your IP numbers, and those're "owned by" the ISP, they're generally in charge of the reverse DNS no matter who's hosting your forward DNS zones.