If you're running an older version of Windows DNS services or some other DNS service on your network and you want to deploy Active Directory, Scott Lowe says migrating to Windows Server 2008's DNS services should be the first step in your plans.
Until Windows 2000 Server and Active Directory entered the scene, DNS was an optional Windows component. Although DNS has always been necessary at some level in the IP world, Windows-only environments running Active Directory require this service in order to function. Technically, even though Active Directory used to be able to use other DNS services to operate, using Windows Server's built-in DNS services to provide the best overall integration capabilities and results in fewer issues.
If you're running an older version of Windows DNS services or some other DNS service on your network and you want to deploy Active Directory, migrating to Windows Server 2008's DNS services should be the first step in your plans. In this article, I will discuss ways in which you can achieve this goal.
DNS migration options
There are two ways you can migrate your DNS services to Windows Server 2008 -- although one is definitely better than the other. Your available options are:
- Manually copying the zone data files.
- Manually performing a zone transfer.
It is recommended that you manually initiate a zone transfer to transfer the zone data from the old server to the new Windows Server 2008 DNS server, as it usually results in fewer errors and is more complete. If you decide to go ahead and manually copy the zone data files, you need to manually verify the integrity of the zones. Also, you cannot directly migrate to an Active Directory-integrated zone when you manually copy the zone data files; Active Directory-integrated zones do not use the standard zone data files that you can copy from one location to another. If you are currently using standard zones and your long-range goal is to move to Active Directory-integrated zones, you will be able to do so after migrating the zone data using either available method.Zone transfers
The easiest, and preferred method, to migrate your DNS zone data is to manually imitate a zone transfer from the DNS server you are replacing to your new Windows Server 2008 DNS server. But what does this really entail? What must you do ahead of time?You first should determine what type of DNS system you are migrating from. Is it a Windows-based DNS or a UNIX BIND system that uses only standard DNS zone servers? Or is it a Windows 2000/2003 Server-based system that is currently operating with an Active Directory-integrated zone? Migrating Active Directory-integrated zones is a simple task -- just add the new server to the Name Servers tab of the zone properties and ensure that the new server is authorized to perform zone replication with the zone. Once DNS is operating properly on the new Windows Server 2008, you can remove it from the older Windows server, if desired. Figure A gives you a look at the Name Servers tab on an Active Directory-integrated zone on a server running Windows Server 2008.
Windows Server 2008 Name Servers tab
If you are migrating from a system that uses standard DNS zones, things get a little more complicated -- but not horribly difficult. The first thing to remember about zone transfers is how the standard DNS zone servers are arranged. Standard DNS zones operate in a single master arrangement where only one DNS server has the master writable copy of the DNS zone data; all other servers have read-only copies. The two types of standard zone servers you may encounter are:
- Standard primary server: This server is the one that holds the one and only master writable copy of the zone data file. The zone data file is then replicated (via zone transfer) to all configured secondary zone servers using the standard zone data file text format. This server must make all the changes that must be made to the zone data file.
- Standard secondary server: This server holds a read-only copy of the zone data file in standard zone data file text format. Secondary zones can be created and used for many reasons, but the most common reason is to provide increased performance and redundancy for the DNS zone. Secondary zones are commonly seen in locations such as screen subnets (the DMZ) or in remote offices connected to the central office over a low-speed WAN link.
In order to migrate your DNS zone data to a Windows Server 2008 computer, you will need to have a functioning standard primary server; you will also need to make the new Windows Server 2008 DNS server a standard secondary server in that zone by creating a new standard secondary zone on that server. Once this is done, you will need to configure the standard primary server to allow zone transfers with the new Windows Server 2008 computer.
To create a new standard secondary zone, follow these steps:
- Right-click the Forward Lookup Zones node in your DNS console.
- From the shortcut menu, choose New Zone.
- On the Zone Type page of the New Zone Wizard, select Secondary Zone (Figure B).
The Zone Type pageOn the Zone Name page (Figure C), specify the Zone Name, exactly as it exists on the other DNS server.
Provide the zone name that should be added to your DNS server.In order to transfer the zone file, you need to specify the name or IP address of the server that holds the master zone file. Specify the name or IP address in the Master DNS Servers page of the New Zone Wizard (Figure D).
The IP address of the master DNS server for this domain.If you get an error indicating that the transfer could not take place and your master server is running Windows, make sure that the server to which you're attempting to transfer the zone is allowed to initiate the transfer. On the server with the master records, right-click the zone and choose Properties. On the Zone Transfers tab, provide the IP address of the server on which you just created a secondary zone and click OK. Afterwards, on the target server, right-click the new secondary zone and select Transfer From Master (Figure E).
Manually initiate the zone transfer if it fails the first time.Once the transfer completes, check the zone on the new server and see if your DNS records made their way to the new server. Once you verify that the new standard secondary zone is functioning properly, you can decommission the existing primary zone server if you like. You will now need to quickly change the secondary zone into a primary zone. For even better performance and security, you should consider making it Active Directory-integrated. Either way, you will need to right-click the zone node and open the Properties dialog box. On the General tab, click the Change button in the Type area. This will open the dialog box seen in Figure F, allowing you to change the zone into a standard primary zone or an Active Directory-integrated zone, as desired. You will be prompted to confirm your decision. (In Figure F, the option to integrate the new zone into Active Directory is not enabled because my test server is not joined to a domain.)
Change the new zone to a primary zone.
If you change the zone into an Active Directory-integrated zone, it will, by default, be configured to not use dynamic updates. From the General tab of the Zone Properties dialog box, you should change this setting as soon as you can to Secure Only to allow the greatest flexibility and security of your zone data.Manual zone transfer steps
Alternatively, you can perform the zone transfer method from the command line using the following command:
dnscmd ServerName /ZoneRefresh ZoneName
Again, you will need to have the standard primary zone server available and the secondary zone already created on the new Windows Server 2008 server before performing the zone transfer. You can create the standard secondary zone on your Windows Server 2008 DNS server from the command line as well by issuing this command:
dnscmd ServerName /ZoneAdd ZoneName /Secondary MasterIPaddress
You can specify multiple IP addresses by separating them with a comma. The FileName value must be the exact file name of the standard primary zone, just the same as when you are creating the zone via the DNS console.Manually copying zone data
For all versions of Windows since Windows NT 4.0, if you still want to manually copy your zone data, you can locate the raw files at %systemroot%\system32\dns.If you are copying a BIND DNS zone file, Table A provides you with the naming conventions used by BIND DNS and Windows Server 2008 DNS. Table A
|Description||UNIX file name||Windows Server 2008 file name|
|Forward lookup zone file||db.domain_name||domain_name.dns|
|Reverse lookup zone file||Db.IP_network_forward_notation||IP_network|
Thus, the forward lookup zone data file for the example.com zone would be named db.example.com on the BIND server and would need to be renamed to example.com.dns on the Windows Server 2008 computer. If the zone data was for the IP address range of 192.168.100.x, then the BIND server reverse lookup file would be db.192.168.100 and would need to be renamed to 100.168.192.in-addr.arpa.dns on the Windows Server 2008 computer.
This is about all there is to migrating your older Windows Server-based DNS zones to a new Windows Server 2008 computer. As long as you execute the process in the steps outlined here, you should have no problems.
Related TechRepublic resources
- Enable DNS server role on Windows Server 2008 core
- How do I... Install and configure a DNS server in Windows Server 2008?
- DNS timestamp field offers an easy view for Active Directory records