Two Windows DNS servers on the same LAN segment.

Nico Kadel-Garcia nkadel at verizon.net
Sat Aug 23 20:45:38 UTC 2003


George wrote:

> I am not a DNS guru and have only just begun using Windows 2000 Server
> DNS.  I have also been maintaining the records for our Unix based DNS
> server.  I was wondering if it is ok to have two Windows 2000 Server
> systems, both running, DNS server services.  They will both have the

Certainly, if you install BIND instead of using an NT Server based 
software of any kind. Microsoft has a history of ignoring all sorts of 
RCS's and standards in trying to provide various servers, and 
administering NT Servers is not a task for the faint of heart. Merely 
restoring one from backup can cost you a year's growth in a single night.

Seriously, take a hardware server of half the capacity, slap a Linux or 
*BSD* on it, and have yourself a much more stable, flexible, and secure 
server for DNS.

> exact same Zones, Aliases, Records, etc.  Active Directory is also
> running on these systems.  It sounds reasonable to guess that two
> Windows Servers could be active, but I just wanted to ask before I
> assumed so.  Seems I remember hearing somewhere about primary and
> secondary, but was not sure how that fit into the current Windows 2000
> environment.  Thanks to all.

OK. One is usually a "Primary Domain Controller", or "PDC", which 
handles user accounts, authentication, and publishes various information 
for your *Windows* Domain. This "Windows Domain" has absolutely nothing 
to do with your DNS domain except by whatever local convention you use. 
You're going to have to keep those very, very separate in your mind and 
in your understanding of your configurations.

The "Backup Domain Controller", or "BDC", is another NT Server stashing 
  recent information from the PDC in case someone can't reach it or if 
they reach the BDC first. It's supposed to act as a slave, updating 
automatically, similar to the way DNS masters and slaves are supposed to 
act.

There are a couple of big, common booby traps with Microsoft machines 
and DNS. First, turn *off* dynamic DNS on every client on your network 
unless you specifically decide to support it.  It will fill your DNS 
server logs voluminously with failures to register the hostnames.

Second, turn *off* the "participate in master browser election* settings 
in all your Windows clients based on DOS (Win95, Win98, WinME, etc.) and 
in any other servers that offer this setting (Samba servers, for 
example). It will just break things, confusing the registration of 
Windows machine names (which is *DISTINCT* from DNS names, remember 
this!) and reporting back out of date data from whichever master browser 
answers instead of from the PDC or BDC (or maybe from a WINS server, go 
look that one up, but your WINS server is usually your PDC).

Now, go over to comp.protocols.smb and start asking questions there 
about Windows services. And bring aspirin and maybe some Scotch, you may 
need it...


More information about the bind-users mailing list