Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Howto:Move AD DNS to another DNS

0 views
Skip to first unread message

Charlie

unread,
Feb 28, 2004, 1:31:48 PM2/28/04
to
Can anyone point me in the right direction or provide some
docs on how to move my primary AD DNS to another DNS? Or to
I have to go the route of creating a secondary zone and
prmote to primary?

thx

Roger Abell

unread,
Feb 28, 2004, 4:00:33 PM2/28/04
to
Move to where ?
To another DC of the forest? of the domain?
To Bind or some other third-party DNS product?

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Charlie" <anon...@discussions.microsoft.com> wrote in message
news:3b8c01c3fe29$20674960$a301...@phx.gbl...

Charlie

unread,
Feb 28, 2004, 7:08:12 PM2/28/04
to
Looking to move to a stand alone machine for DNS. It may
be BIND but was going to start with Win2003. Currently I
have DNS running on the DC.

thanks Roger, you ahve been a wealth of knowledge.

>.
>

Roger Abell

unread,
Feb 28, 2004, 10:27:29 PM2/28/04
to
Thanks for you confidence Charlie.

If you are moving zones from DC to non-DC, third-party or
otherwise, there are a couple choices.

One you mentioned, is to set up a secondary transfer, and
then at some point change it to primary when the zone on
the DC is decommissioned. One simple way to do this is
to halt the DNS server that is secondary, and edit the zone
file to change the SOA, and the boot (named.conf on bind-ish)
file to alter the directive for the zone from being secondary
to being primary.
The other way is to just skip the step about setting up the
preliminary secondary transfer, and instead just copy over
the zone file, edit it to have a new SOA, and then when
ready, edit a primary directive into the boot file (named.conf)

To do the above on Windows DNS you need to make sure
that the DNS is (if only for the time being) loading from file,
not from registry and file.

Either way, what is often the bigger issue is making sure you
provide uninterrupted service to the DNS clients. This is often
done by transferring the IP address to the new DNS server, but
in your case you are probably not decommissioning the DNS
service on the DC (too valuable to support AD), and even if
you were you need to be pretty careful about changing IPs of DCs.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Charlie" <anon...@discussions.microsoft.com> wrote in message

news:3dd701c3fe58$1eab0f10$a301...@phx.gbl...

Charlie

unread,
Feb 28, 2004, 11:38:09 PM2/28/04
to
Are there any special considerations to be made to
accomodate the special Ad entires if I was to switch over
to BIND? I need to support AD so I did switch I would most
like just keep the AD DNS as a secondary.

Thanks again for all your help!

>.
>

Roger Abell

unread,
Feb 29, 2004, 4:42:04 AM2/29/04
to
I can think only of disadvantages to having the AD supporting
zones not hosted on the DC's DNS, AD integrated set for
secured dynamic updates, especially given that you seems to
indicate that you will have a Win DNS on a DC.

If you move it to Bind as primary, with secondaries to the
selected locations elsewhere, the biggest headache will be
with the need for manual correction of the Bind based zone
whenever you have changes to DCs or such as their PDC
FSMO role placement. Forgetting to get the DNS updated,
or botching it, can have severe impacts on all of the AD
deployment. The DNS resource records can change for a
number of less-than-obvious reasons, such as which DC a
domain selects to be preferred for a site in which the domain
has no DCs, etc..

Left on Win DNS with secured dynamic updates,
this become automated and usually error-free.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Charlie" <anon...@discussions.microsoft.com> wrote in message

news:149501c3fe7d$d4cabf50$a601...@phx.gbl...

0 new messages