Windows Secondary DNS Server 2008 R2

[julio.fuent]

Hello all,

I have a question regarding DNS Server.

Can I use my AD, DC server (2008) as secondary dns server and a linux server as my primary dns. Or must be my primary DNS server the DC on my network ?

Thank you so much.

 

[Genx87]

I think if you have zone transferring on you can use the Linux DNS to host the AD partitions. But why go through the hassle?

 

[drebo]

Yeah, why would you want to do that?

Just have the linux be the secondary if you really must have a linux DNS server for whatever reason.

 

[imagoon]

Yeah, why would you want to do that?

Just have the linux be the secondary if you really must have a linux DNS server for whatever reason.

I wouldn't even do that. Windows doesn't switch the DNS servers unless it stops responding. Once it flips to Linux, all the SRV records and the like that Windows DNS maintains for the Domain would be missing.

The Linux DNS would need to either zone transfer all of the extended information or it shouldn't be used or use a conditional forwarder from the Windows DNS servers. Also the Linux DNS can cause issues when machines in the environment boot and attempt to register with DNS...

I know BIND can be finagled in to working but I recall it is a project. Look at the mess the Samba project has to even get it to work partially.

 

[julio.fuent]

Hello everybody thank you for your answers.

The reason that I think to do this way: ( Linux Primary, DC secondary ) is for reduce traffic to the DC server. So every dns query will go to the linux server and if the linux is down then the dns query will go to the DC server.

Also as imagoon said the SRV records I have to set manually on the linux box. If I have the linux as secondary and the DNS service on the DC is down then the SRV does not replicate on the linux.

So guys, what do you recommend for this scenario ?

1- DC as Primary, Another Windows as secondary.
2- DC as Primary, Linux as secondary.
3- Linux as Primary, DC as secondary.
4- Linux as Primary, Linux as secondary.

Thank you so much guys.

 

[IndyColtsFan]

Hello everybody thank you for your answers.

The reason that I think to do this way: ( Linux Primary, DC secondary ) is for reduce traffic to the DC server. So every dns query will go to the linux server and if the linux is down then the dns query will go to the DC server.

Also as imagoon said the SRV records I have to set manually on the linux box. If I have the linux as secondary and the DNS service on the DC is down then the SRV does not replicate on the linux.

So guys, what do you recommend for this scenario ?

1- DC as Primary, Another Windows as secondary.
2- DC as Primary, Linux as secondary.
3- Linux as Primary, DC as secondary.
4- Linux as Primary, Linux as secondary.

Thank you so much guys.

#1

You do have multiple DCs, right?

 

[Genx87]

Hello everybody thank you for your answers.

The reason that I think to do this way: ( Linux Primary, DC secondary ) is for reduce traffic to the DC server. So every dns query will go to the linux server and if the linux is down then the dns query will go to the DC server.

Also as imagoon said the SRV records I have to set manually on the linux box. If I have the linux as secondary and the DNS service on the DC is down then the SRV does not replicate on the linux.

So guys, what do you recommend for this scenario ?

1- DC as Primary, Another Windows as secondary.
2- DC as Primary, Linux as secondary.
3- Linux as Primary, DC as secondary.
4- Linux as Primary, Linux as secondary.

Thank you so much guys.

How much traffic are you expecting? Even then I think it would make more sense to setup a secondary DNS server using 08 if you think traffic will be so much it will bog down the 08 box.

Edit: I want to reiterates others in this thread. It isnt worth the effort.

 

[julio.fuent]

#1

You do have multiple DCs, right?

I have just 1 DC.

 

[julio.fuent]

How much traffic are you expecting? Even then I think it would make more sense to setup a secondary DNS server using 08 if you think traffic will be so much it will bog down the 08 box.

Edit: I want to reiterates others in this thread. It isnt worth the effort.

I have around 150 pc, and the cellphones for the users, tablets.

 

[drebo]

I have just 1 DC.

Then it's pointless.

You'd be far better setting up a secondary DC and run AD integrated DNS on it.

 

[drebo]

I have around 150 pc, and the cellphones for the users, tablets.

That's nothing.

 

[seepy83]

Deploy another DC. You have built an AD domain for 150 client PCs, and an unknown (to us) number of servers. You should want a second DC for backup anyway.

 

[julio.fuent]

Ok, so In my scenario is OK the primary DNS server on my DC.

And my secondary DNS server ? on other Windows Server ?

Thank you so much...

 

[theevilsharpie]

Unless you're serving thousands upon thousands of computers, a modern server is not going to get bogged down with DNS traffic. If you are serving that many computers, you should be using multiple domain controllers that are also acting as DNS servers.

To answer your question, yes, you can use BIND as a DNS server for Active Directory. BIND may support the secure DDNS process that Windows uses, but you'd have to do that research yourself. If DDNS doesn't working properly or in a secure manner, you can create the necessary resources records manually.

Now, just because you can doesn't mean that you should. Your life will be much less stressful if you just use a Microsoft DNS server.

 

[seepy83]

Ok, so In my scenario is OK the primary DNS server on my DC.

And my secondary DNS server ? on other Windows Server ?

Thank you so much...

You want it on another DC. Google AD Integrated DNS.

 

[julio.fuent]

Unless you're serving thousands upon thousands of computers, a modern server is not going to get bogged down with DNS traffic. If you are serving that many computers, you should be using multiple domain controllers that are also acting as DNS servers.

To answer your question, yes, you can use BIND as a DNS server for Active Directory. BIND may support the secure DDNS process that Windows uses, but you'd have to do that research yourself. If DDNS doesn't working properly or in a secure manner, you can create the necessary resources records manually.

Now, just because you can doesn't mean that you should. Your life will be much less stressful if you just use a Microsoft DNS server.

Right now I am using BIND on my network serving as Primary DNS server on a Linux Server and I have AD DC as secondary DNS server.

Both are work very well, the DC with secondary DNS server connects to BIND and update its zone very well.

My big question was if I am doing the right way or if I have a problem with my design.

I am more to the open source project and I have this question regarding windows network.

Because for example: Microsoft Windows DC must be the primary DNS server on your network instead a linux server. If is so I can set up DNS windows server instead BIND.

thank you so much.

 

[imagoon]

I agree with Drebo. 150pcs and DNS = nothing. You should have 2 DC's for 150 PCs anyway. For AD, AD integrated DNS is the way to go.

 

[julio.fuent]

I agree with Drebo. 150pcs and DNS = nothing. You should have 2 DC's for 150 PCs anyway. For AD, AD integrated DNS is the way to go.

Thank you so much.

So, You guys recommend that set up another windows server as secondary AD and DC. and the DNS primary and secondary on each windows server.

So this is the way that I will take.

Thank you again for all your help.

 

[IndyColtsFan]

I have around 150 pc, and the cellphones for the users, tablets.

That isn't much. However, what is a big deal is that you only have 1 DC. You MUST add another. Please tell me you're doing system state backups on your DC.

 

[Emulex]

for everything but your own local domain, you should forward the requests on to say opendns or google (or both).

With windows 2012 , you could in theory run just 1 as long as you have a rapid restore and the RPO (time to restore) is acceptable.

Remember - never run other functions on an AD Server. Perhaps Print share and read-only file share.

But at $995 a pop, plus cal's I can understand the cost versus function.

Windows 2012 DC can run in a VM and be cloned which is dream come true for most smb.

If you do it right, dynamic dns, dhcp, lease reservations, ipv6, you will find 2012 server is even better with redundant dhcp now

But really, if you are cool with being down for an hour or two, and have a solid backup/restore plan, and want to run one 2012 AD server, go for it. It is your business.

If you do setup a 2nd AD server, remember the roles are not auto-split. DNS perhaps, dhcp and FSMO roles definitely NOT.