Secondary DNS setup

Agix · External Since: Jul 19, 2007 Posts: 1

Hi there. I have two Windows 2000 Servers at my organisation. Both of
them are set up to be DNS servers, one a primary with AD integrated
zones, the other exclusively which is exclusively secondary zones.

I have a number of concerns.

All my clients get their DNS server address via DHCP. So they use my
primary server as DNS, if that fails, they have the secondary one
listed second in the list. This makes sense of course. It provides me
with redundancy should the primary server go down and still make the
network functional -> i.e. internet access. However, I have two custom
zones, clarifysolutions.co.uk and facebook.com, that I route myself,
facebook to a notice page on my own server saying its blocked, and the
other is our domain. This is so our SSL certificate for webmail works
on our internal domain, css.local.

However, whilst the css.local domain seems to replicate fine, the two
other zones seem to refuse to transfer across to the secondary zone.

Second only to this is, when I am creating the secondary zones, my
primary server doesn't show up in the list of DNS servers, i have to
type it by IP. Why is this?

Herb Martin · External Since: Dec 31, 2006 Posts: 392

"Agix" <ignoranceisbliss DeleteThis @gmail.com> wrote in message
news:1184860032.079681.61150@w3g2000hsg.googlegroups.com...
> Hi there. I have two Windows 2000 Servers at my organisation. Both of
> them are set up to be DNS servers, one a primary with AD integrated
> zones, the other exclusively which is exclusively secondary zones.

If the "other" is a DC then you should be using AD Integrated zones
there too -- the zones are copied to the "other" DCs anyway in 2000,
and this is the default 2003.

> I have a number of concerns.
>
> All my clients get their DNS server address via DHCP. So they use my
> primary server as DNS, if that fails, they have the secondary one
> listed second in the list.

Perfectly normal: Preferred and Alternate

> This makes sense of course. It provides me
> with redundancy should the primary server go down and still make the
> network functional -> i.e. internet access. However, I have two custom
> zones, clarifysolutions.co.uk and facebook.com, that I route myself,

Zones don't Route -- you can ONLY resolve their names through DNS.

> facebook to a notice page on my own server saying its blocked, and the
> other is our domain. This is so our SSL certificate for webmail works
> on our internal domain, css.local.
>
> However, whilst the css.local domain seems to replicate fine, the two
> other zones seem to refuse to transfer across to the secondary zone.

You have mangled something in the setup them. Perhaps you have not
configured the Primary zone holder to allow Zone Transfers in the
Zone Properties.

> Second only to this is, when I am creating the secondary zones, my
> primary server doesn't show up in the list of DNS servers, i have to
> type it by IP. Why is this?

Normal. When you create a primary zone/server it never automatically
picks any additional DNS servers for that zone.

This also jibes with the possibility that you didn't allow zone transfers,
since one way to set that option is with "allow replication to all DNS
servers in name servers tab.".

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

Kevin D. Goodknech1 · External Since: Jun 20, 2004 Posts: 1397

Read inline please.

In news:1184860032.079681.61150@w3g2000hsg.googlegroups.com,
Agix <ignoranceisbliss.RemoveThis@gmail.com> typed:
> Hi there. I have two Windows 2000 Servers at my organisation. Both of
> them are set up to be DNS servers, one a primary with AD integrated
> zones, the other exclusively which is exclusively secondary zones.
>
> I have a number of concerns.
>
> All my clients get their DNS server address via DHCP. So they use my
> primary server as DNS, if that fails, they have the secondary one
> listed second in the list. This makes sense of course. It provides me
> with redundancy should the primary server go down and still make the
> network functional -> i.e. internet access. However, I have two custom
> zones, clarifysolutions.co.uk and facebook.com, that I route myself,
> facebook to a notice page on my own server saying its blocked, and the
> other is our domain. This is so our SSL certificate for webmail works
> on our internal domain, css.local.
>
> However, whilst the css.local domain seems to replicate fine, the two
> other zones seem to refuse to transfer across to the secondary zone.
>
> Second only to this is, when I am creating the secondary zones, my
> primary server doesn't show up in the list of DNS servers, i have to
> type it by IP. Why is this?

Are you talking about when you click the "Browse" button?
The only servers you will see when you click the browse button are the
Servers you have added to the Console.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================