|
|
I started with one Windows Server 2003 domain controller / DNS Server -
Active-directory-integrated. I promoted another DC, stumbled through the
various How-tos to make it a secondary DNS server. While puzzling over what
sort of new zone to create (primary/secondary?) replication set in. Now I
see the zone (the usual and the _msdcs; I've restarted DNS successfully; done
some nslookup after SETting server to the new server; so it all looks good.
But, in DNS Console I select the Server (this is on the secondary server),
and instead of listing the folders in the details page (Cached Lookups,
zones, Event Viewer, etc), it gives me the Configure a DNS Server message,
which tells me my server is not yet configured. I've restarted the console,
and the DNS Server, punched Refresh a bunch of times. It looks to me like
it's configured and working. How do I reconcile?
|
|
So i tried once more, right-click the server, Configure a DNS Server, add a
new primary zone, put in name, this time got all the way through configuring
Forwarders, pressed Finish, it told me again "zone already exists." But this
time when I hit OK voila, there were my server property folders in the
details pane, instead of Your Server is not Configured. So I'm thinking it's
OK.
"MC Murphy" wrote:
[Quoted Text] > I started with one Windows Server 2003 domain controller / DNS Server -
> Active-directory-integrated. I promoted another DC, stumbled through the
> various How-tos to make it a secondary DNS server. While puzzling over what
> sort of new zone to create (primary/secondary?) replication set in. Now I
> see the zone (the usual and the _msdcs; I've restarted DNS successfully; done
> some nslookup after SETting server to the new server; so it all looks good.
> But, in DNS Console I select the Server (this is on the secondary server),
> and instead of listing the folders in the details page (Cached Lookups,
> zones, Event Viewer, etc), it gives me the Configure a DNS Server message,
> which tells me my server is not yet configured. I've restarted the console,
> and the DNS Server, punched Refresh a bunch of times. It looks to me like
> it's configured and working. How do I reconcile?
|
|
"MC Murphy" <MCMurphy[ at ]discussions.microsoft.com> wrote in message
news:E168F80C-55DB-47C6-A619-1AAE4AD8ECD7[ at ]microsoft.com...
[Quoted Text] >I started with one Windows Server 2003 domain controller / DNS Server -
> Active-directory-integrated. I promoted another DC, stumbled through the
> various How-tos to make it a secondary DNS server.
It's a DC, so why not make the second DNS server another AD Integrated
DNS server? (That might have happened automatically once replication
completed.)
A "Secondary" is a specific kind of DNS server for a zone -- if you put the
records into AD (AD Integrated) that is more efficient and a different type.
> While puzzling over what
> sort of new zone to create (primary/secondary?) replication set in. Now I
> see the zone (the usual and the _msdcs; I've restarted DNS successfully;
> done
> some nslookup after SETting server to the new server; so it all looks
> good.
AD Integrated DNS (sometimes called a Primary with AD Integration but I
dislike this term) -- it should/might have happened automatically for the
_msdcs and Domain zone if the existing DNS server was AD Integrated for
those zones.
> But, in DNS Console I select the Server (this is on the secondary server),
> and instead of listing the folders in the details page (Cached Lookups,
> zones, Event Viewer, etc), it gives me the Configure a DNS Server message,
> which tells me my server is not yet configured. I've restarted the
> console,
> and the DNS Server, punched Refresh a bunch of times. It looks to me like
> it's configured and working. How do I reconcile?
Check replication -- if it replicates and the DNS server is configure then
the
AD Integrated zones should just "show up" on their own.
Do you have the NEW DC set to use the EXISTING (Prior) DC-DNS server
on the NIC->IP Properties?
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
|
|
In the DNS Console on both DC's, each looking at both DC's, the Forward
Lookup Zones (standard and its _msdcs counterpart) and the Reverse Lookup
Zone are of type Acive Directory-Integrated Primary, and are Running; same
info; gotta be they are both looking at the same zones in the AD. I tried
initially to create a Primary DNS Server, that's what I remember from the
MOC2277 class; but was prompted for info and kept running into "zone already
exists" errors. I tried Secondary at some point, but frankly would have
trouble now saying exactly which set of steps I tried got me through; that's
why I say "muddled". I knew what I wanted - AD-inegrated, and I'm pretty
confident I got there, but I know there's a smoother way.
FOr my NIC>IP configurations. These are private servers, with forwarders
being my ISP's 2 DNS servers. On my original DNS server I've had NIC>IP dns
servers set to itself as Preferred, and one of my ISP's servers as Alternate.
On my second DNS server, that I've just added, I have the same addresses in
NIC>IP dns servers: my original DNS server is the preferred, an ISP's dns
server is alternate. That has caused no problems that I've heard of. Is it
correct? Thanks for the advice.
"Herb Martin" wrote:
[Quoted Text] > > "MC Murphy" <MCMurphy[ at ]discussions.microsoft.com> wrote in message > news:E168F80C-55DB-47C6-A619-1AAE4AD8ECD7[ at ]microsoft.com... > >I started with one Windows Server 2003 domain controller / DNS Server - > > Active-directory-integrated. I promoted another DC, stumbled through the > > various How-tos to make it a secondary DNS server. > > It's a DC, so why not make the second DNS server another AD Integrated > DNS server? (That might have happened automatically once replication > completed.) > > A "Secondary" is a specific kind of DNS server for a zone -- if you put the > records into AD (AD Integrated) that is more efficient and a different type. > > > While puzzling over what > > sort of new zone to create (primary/secondary?) replication set in. Now I > > see the zone (the usual and the _msdcs; I've restarted DNS successfully; > > done > > some nslookup after SETting server to the new server; so it all looks > > good. > > AD Integrated DNS (sometimes called a Primary with AD Integration but I > dislike this term) -- it should/might have happened automatically for the > _msdcs and Domain zone if the existing DNS server was AD Integrated for > those zones. > > > But, in DNS Console I select the Server (this is on the secondary server), > > and instead of listing the folders in the details page (Cached Lookups, > > zones, Event Viewer, etc), it gives me the Configure a DNS Server message, > > which tells me my server is not yet configured. I've restarted the > > console, > > and the DNS Server, punched Refresh a bunch of times. It looks to me like > > it's configured and working. How do I reconcile? > > Check replication -- if it replicates and the DNS server is configure then > the > AD Integrated zones should just "show up" on their own. > > Do you have the NEW DC set to use the EXISTING (Prior) DC-DNS server > on the NIC->IP Properties? > > > -- > Herb Martin, MCSE, MVP > http://www.LearnQuick.Com> (phone on web site) > > > |
|
"MC Murphy" <MCMurphy[ at ]discussions.microsoft.com> wrote in message
news:A1481123-DBEC-4639-84C0-6FB78F363989[ at ]microsoft.com...
[Quoted Text] > In the DNS Console on both DC's, each looking at both DC's, the Forward
> Lookup Zones (standard and its _msdcs counterpart) and the Reverse Lookup
> Zone are of type Acive Directory-Integrated Primary, and are Running; same
> info; gotta be they are both looking at the same zones in the AD. I tried
> initially to create a Primary DNS Server, that's what I remember from the
> MOC2277 class; but was prompted for info and kept running into "zone
> already
> exists" errors. I tried Secondary at some point, but frankly would have
> trouble now saying exactly which set of steps I tried got me through;
> that's
> why I say "muddled". I knew what I wanted - AD-inegrated, and I'm pretty
> confident I got there, but I know there's a smoother way.
You can easily check the Zone Properties (for each zone) in the General
tab -- upper area is the Zone type (Primary, AD Integrated, Secondary,
or Stub are the choices) and the button to change it.
> FOr my NIC>IP configurations. These are private servers, with forwarders
> being my ISP's 2 DNS servers.
You must ONLY use there the INTERNAL DNS server(s) which can resolve
your internal & domain names and addresses.
> On my original DNS server I've had NIC>IP dns
> servers set to itself as Preferred, and one of my ISP's servers as
> Alternate.
That is incorrect and will cause you TROUBLE although it may appear to
work some of the time.
Remove all external servers from the NIC->IP properties. Use the DNS
server to forward to these external servers if that is your intention.
No internal DNS Client (regular client, DC, DNS Server, etc) may use
an external DNS Server on the NIC->IP properties.
> On my second DNS server, that I've just added, I have the same addresses
> in
> NIC>IP dns servers: my original DNS server is the preferred, an ISP's dns
> server is alternate. That has caused no problems that I've heard of. Is
> it
> correct? Thanks for the advice.
No. It is not correct. It WILL cause problems; intermittent and difficult
to troubleshoot problems.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
|
|
I've looked through zone properties, all zones are AD-integrated, and my 2
DNS servers are looking at the same zones. I did manage to get that right.
For NIC>IP I'll give every computer, including my two DNS servers, my two
DNS servers' private addresses as preferred and alternate DNS servers. The
only reference to my ISP's public dns servers will be in my domain's
Forwarder IP Address List in my two dns server configurations. Thanks.
"Herb Martin" wrote:
[Quoted Text] > > "MC Murphy" <MCMurphy[ at ]discussions.microsoft.com> wrote in message > news:A1481123-DBEC-4639-84C0-6FB78F363989[ at ]microsoft.com... > > In the DNS Console on both DC's, each looking at both DC's, the Forward > > Lookup Zones (standard and its _msdcs counterpart) and the Reverse Lookup > > Zone are of type Acive Directory-Integrated Primary, and are Running; same > > info; gotta be they are both looking at the same zones in the AD. I tried > > initially to create a Primary DNS Server, that's what I remember from the > > MOC2277 class; but was prompted for info and kept running into "zone > > already > > exists" errors. I tried Secondary at some point, but frankly would have > > trouble now saying exactly which set of steps I tried got me through; > > that's > > why I say "muddled". I knew what I wanted - AD-inegrated, and I'm pretty > > confident I got there, but I know there's a smoother way. > > You can easily check the Zone Properties (for each zone) in the General > tab -- upper area is the Zone type (Primary, AD Integrated, Secondary, > or Stub are the choices) and the button to change it. > > > FOr my NIC>IP configurations. These are private servers, with forwarders > > being my ISP's 2 DNS servers. > > You must ONLY use there the INTERNAL DNS server(s) which can resolve > your internal & domain names and addresses. > > > On my original DNS server I've had NIC>IP dns > > servers set to itself as Preferred, and one of my ISP's servers as > > Alternate. > > That is incorrect and will cause you TROUBLE although it may appear to > work some of the time. > > Remove all external servers from the NIC->IP properties. Use the DNS > server to forward to these external servers if that is your intention. > > No internal DNS Client (regular client, DC, DNS Server, etc) may use > an external DNS Server on the NIC->IP properties. > > > On my second DNS server, that I've just added, I have the same addresses > > in > > NIC>IP dns servers: my original DNS server is the preferred, an ISP's dns > > server is alternate. That has caused no problems that I've heard of. Is > > it > > correct? Thanks for the advice. > > No. It is not correct. It WILL cause problems; intermittent and difficult > to troubleshoot problems. > > -- > Herb Martin, MCSE, MVP > http://www.LearnQuick.Com> (phone on web site) > > > |
|
"MC Murphy" <MCMurphy[ at ]discussions.microsoft.com> wrote in message
news:3CE279E8-9DB8-4F60-A052-ACFB47987A87[ at ]microsoft.com...
[Quoted Text] > I've looked through zone properties, all zones are AD-integrated, and my 2
> DNS servers are looking at the same zones. I did manage to get that
> right.
Excellent -- generally if you leave it alone, only installing/configuring
the DNS
server ITSELF (not the zones) on the second and subsequent DCs then the
zone which are AD Integrated auto-populate.
This is because they are being replicated through AD anyway.
> For NIC>IP I'll give every computer, including my two DNS servers, my two
> DNS servers' private addresses as preferred and alternate DNS servers.
CORRECT.
> The
> only reference to my ISP's public dns servers will be in my domain's
> Forwarder IP Address List in my two dns server configurations. Thanks.
CORRECT.
You are very welcome -- pass on the help to others. Many people are
confused on this issue so it is a very common place you can help your
friends.
Part of the problem is that if you "use" the external (ISP) DNS servers
on your internal clients it may not "break" right away but will instead
cause intermittent and difficult to detect problems for those who do not
understand this common problem.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
> "Herb Martin" wrote:
>
>>
>> "MC Murphy" <MCMurphy[ at ]discussions.microsoft.com> wrote in message
>> news:A1481123-DBEC-4639-84C0-6FB78F363989[ at ]microsoft.com...
>> > In the DNS Console on both DC's, each looking at both DC's, the Forward
>> > Lookup Zones (standard and its _msdcs counterpart) and the Reverse
>> > Lookup
>> > Zone are of type Acive Directory-Integrated Primary, and are Running;
>> > same
>> > info; gotta be they are both looking at the same zones in the AD. I
>> > tried
>> > initially to create a Primary DNS Server, that's what I remember from
>> > the
>> > MOC2277 class; but was prompted for info and kept running into "zone
>> > already
>> > exists" errors. I tried Secondary at some point, but frankly would
>> > have
>> > trouble now saying exactly which set of steps I tried got me through;
>> > that's
>> > why I say "muddled". I knew what I wanted - AD-inegrated, and I'm
>> > pretty
>> > confident I got there, but I know there's a smoother way.
>>
>> You can easily check the Zone Properties (for each zone) in the General
>> tab -- upper area is the Zone type (Primary, AD Integrated, Secondary,
>> or Stub are the choices) and the button to change it.
>>
>> > FOr my NIC>IP configurations. These are private servers, with
>> > forwarders
>> > being my ISP's 2 DNS servers.
>>
>> You must ONLY use there the INTERNAL DNS server(s) which can resolve
>> your internal & domain names and addresses.
>>
>> > On my original DNS server I've had NIC>IP dns
>> > servers set to itself as Preferred, and one of my ISP's servers as
>> > Alternate.
>>
>> That is incorrect and will cause you TROUBLE although it may appear to
>> work some of the time.
>>
>> Remove all external servers from the NIC->IP properties. Use the DNS
>> server to forward to these external servers if that is your intention.
>>
>> No internal DNS Client (regular client, DC, DNS Server, etc) may use
>> an external DNS Server on the NIC->IP properties.
>>
>> > On my second DNS server, that I've just added, I have the same
>> > addresses
>> > in
>> > NIC>IP dns servers: my original DNS server is the preferred, an ISP's
>> > dns
>> > server is alternate. That has caused no problems that I've heard of.
>> > Is
>> > it
>> > correct? Thanks for the advice.
>>
>> No. It is not correct. It WILL cause problems; intermittent and
>> difficult
>> to troubleshoot problems.
>>
>> --
>> Herb Martin, MCSE, MVP
>> http://www.LearnQuick.Com
>> (phone on web site)
>>
>>
>>
|
|
|