Primary DNS?
Homer
servers. My Primary DNS server (or at least that's what I
will call it for now) was my PDC when I upgraded to
Windows 2003. I will refer to it as Server1. Since then
I configured another server as a Secondary DNS server (or
at least that's what I will call it for now). I will
refer to it as Server2. So I had 2 DNS servers at this
location. Server1 is quite old and needs replaced. I
bought a brand new server, which I will refer to as
server3, and I have transfered all of the FSMO roles from
server1 to server3. All I have left to transfer is DNS
and DHCP in order to down server1. I installed DNS on the
server3 and wanted to transfer the primary DNS role from
server1 to server3. I thought I understood what was
happening with DNS but when I started looking at things I
got real confused. After I installed DNS on server3 and
when into DNS manager I found that all my zones were
already there without me adding anything. All of my zones
are AD integrated so I assume that is why this happened.
When I compared what I was seeing in DNS from each of the
three servers, I realized that everything was identical.
I did not see anything that would differentiate one from
being the primary. There is a folder under my domain name
forward lookup zone called _msdcs. The only thing in it
is one NS record listing server1. This is the only unique
reference to server1 that I can see. I read the article
at: http://support.microsoft.com/default.aspx?scid=kb;en-
us;323383 but it doesn't seem to apply to what I'm
seeing. When I go to Change, as it tells me to in the
article, Primary is already selected and so is AD
integration. This is the case no matter which DNS server
I look at. So, my question is this, because my zones are
AD integrated does that mean that there really isn't a
Primary or First DNS server anymore. Can I simply
uninstall DNS on server1, change my servers DNS settings,
change DNS settings in DHCP and I'm good to go? If so, I
read somewhere that the Primary DNS server should point to
itself for DNS and all other DNS server should first point
to themselves and then to the Primary DNS server. Which
one should I consider the Primary? Does it matter? Boy
am I confused!!!
Herb Martin
news:6b5601c483b2$c0c0e1a0$a301...@phx.gbl...
> I have a single Windows 2003 domain and all Windows 2003
> servers. My Primary DNS server (or at least that's what I
> will call it for now) was my PDC when I upgraded to
> Windows 2003. I will refer to it as Server1. Since then
> I configured another server as a Secondary DNS server (or
> at least that's what I will call it for now). I will
> refer to it as Server2. So I had 2 DNS servers at this
> location. Server1 is quite old and needs replaced. I
> bought a brand new server, which I will refer to as
> server3, and I have transfered all of the FSMO roles from
> server1 to server3. All I have left to transfer is DNS
> and DHCP in order to down server1. I installed DNS on the
> server3 and wanted to transfer the primary DNS role from
> server1 to server3. I thought I understood what was
> happening with DNS but when I started looking at things I
> got real confused. After I installed DNS on server3 and
> when into DNS manager I found that all my zones were
> already there without me adding anything.
Sounds like Server was really an "Active Directory Integrated"
DNS server (aka "Primary stored in AD")
> All of my zones
> are AD integrated so I assume that is why this happened.
> When I compared what I was seeing in DNS from each of the
> three servers, I realized that everything was identical.
Here's the deal:
A traditional Primary is the ONLY DNS server than can change
the records and the Secondary DNS servers pull (zone transfer)
from it to improve resolution performance or fault tolerance.
A (Win2000+) AD Integrated DNS server SET is one or more
DCs running DNS for that zone that ALL act as the master of
the DNS database and allow changed to be made on any of the
DNS-DCs for that zone (you can still have secondaries but
probably won't choose that for small domains.)
One other issue: Make sure you added a NEW GC in Sites
and Services (you mentioned the FSMO role but not he GC.)
You can have as many DC-GCs as seem appropriate.
> I did not see anything that would differentiate one from
> being the primary. There is a folder under my domain name
> forward lookup zone called _msdcs. The only thing in it
> is one NS record listing server1. This is the only unique
> reference to server1 that I can see. I read the article
> at: http://support.microsoft.com/default.aspx?scid=kb;en-
> us;323383 but it doesn't seem to apply to what I'm
> seeing. When I go to Change, as it tells me to in the
> article, Primary is already selected and so is AD
> integration. This is the case no matter which DNS server
> I look at. So, my question is this, because my zones are
> AD integrated does that mean that there really isn't a
> Primary or First DNS server anymore. Can I simply
> uninstall DNS on server1, change my servers DNS settings,
> change DNS settings in DHCP and I'm good to go? If so, I
> read somewhere that the Primary DNS server should point to
> itself for DNS and all other DNS server should first point
> to themselves and then to the Primary DNS server. Which
> one should I consider the Primary? Does it matter? Boy
> am I confused!!!
--
Herb Martin
Homer
correct. If so then I should be able to uninstall DNS
from server1 right now. Is that correct? As for GC's,
server1 was a GC but I already have server2 as a GC also
so I am good to go with that. I was going to make the new
server3 a GC but somewhere in the transferring of roles it
told me that I shouldn't make the new server a GC.
Anyway, if what I said above is correct and I can remove
the old DNS server, then can I just pick one of my
remaining DNS servers and consider it the primary. That
is, for purposes of pointing clients and other servers to
DNS? If I understand this correctly, there really is no
single primary server but I still need to pick one as my
first DNS server to point to. I would appreciate it if
you would clarify these last questions of mine so I can
get moving on with this. Thanks for all your help.
Homer
>.
>
Herb Martin
> From your response it sounds like my thinking was
> correct. If so then I should be able to uninstall DNS
> from server1 right now. Is that correct?
As long as you have a CLEAN and FULLY replicated
AD that should be fine.
People screw up by putting DNS into AD then BEFORE
they replicate (AD) fully putting multiple DNS servers
for the zone into that incompletely replicated AD.
> As for GC's,
> server1 was a GC but I already have server2 as a GC also
> so I am good to go with that. I was going to make the new
> server3 a GC but somewhere in the transferring of roles it
> told me that I shouldn't make the new server a GC.
You can have as many GCs as you do DCs. For small domains
(single domain forests especially) many people recommend
having them all be GCs.
> Anyway, if what I said above is correct and I can remove
> the old DNS server, then can I just pick one of my
> remaining DNS servers and consider it the primary.
Well, the terminology breaks down but I find it most clear to
speak of the "Single Primary" OR the "Active Directory
Integrated SET of" DNS servers.
In Win2000 this was the PROPER terminology but in Win2003
Microsoft confused the terminology and made "AD integrated"
a type or primary - it added nothing and made the distinctions
less clear.
> That
> is, for purposes of pointing clients and other servers to
> DNS?
Clients have make NO distinction between Primary or other
DNS servers for the Zone -- (unless registering their own
address they don't even know the difference.)
>If I understand this correctly, there really is no
> single primary server but I still need to pick one as my
> first DNS server to point to.
Yes, and that is called PREFERRED not Primary.
You should probably make each the Preferred for about
half of the clients and the other the Preferred for the other half;
listing both (opposite order) on each client.
> I would appreciate it if
> you would clarify these last questions of mine so I can
> get moving on with this. Thanks for all your help.
Got it?
--
Herb Martin
Homer
>.
>