Hyper Expert /Blog
About
Archives

HOW-TO: Configure a secondary DNS server in Windows Server 2012

We previously discussed how to install DNS role in Windows Server 2012. In this post, I will explain how to configure that dedicated DNS server as secondary DNS for redundancy.

Keep in mind that it is always a good practice to have a backup for every role you have on every server if applicable and if the resources are available.

Note: You will need access to your primary DNS server in order to finish setting up your secondary DNS

Launch your DNS Manager, can be found in your Start screen

capture_02272013_141156

Under your server name, right-click “Forward Lookup Zone”, then click on “New Zone…”

capture_02272013_141205

You will get the “New Zone Wizard” welcome screen, click Next

capture_02272013_141209

In the “Zone Type” screen, you will need to select “Secondary zone” as this will be your backup secondary DNS that will replicate from your primary DNS, click Next

capture_02272013_141214

Give your new secondary DNS zone a name, this is different than your server name, you can name it anything you want, but mostly it is a good idea to name it the same way your primary DNS is setup, or you can put your domain name

capture_02272013_141311

Now you need to put in your Primary DNS server name or IP address, this is where you tell your secondary DNS where to copy all the DNS info from. You will also need to make small adjustments to your primary DNS, we will cover that later on in this article

capture_02272013_141447

Once you put the IP address or server name, you will see the green check mark indicating that the server validated and it is ok to proceed, click Next

capture_02272013_141447

capture_02272013_141515

Lastly, verify your information and click Finish

capture_02272013_141521

Setting up the secondary DNS is done, but we are not entirely finished here, we need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwise replication will fail and you will get this big red X

capture_02272013_141552

Head over to your primary DNS server, launch DNS manager, expand Forward Lookup Zones, navigate to your primary DNS zone, right-click on it and go to Properties

capture_02272013_143042

Go to “Zone Transfers” tab, by default, for security reasons, the “Allow zone transfers:” is un-checked to protect your DNS information. We need to allow zone transfers, if you value your DNS records, you do not want to select “To any server” but make sure you click on “Only to servers listed on the Name Servers tab”

capture_02282013_081933

Head over to the “Name Servers” tab, click Add

capture_02282013_081950

You will get “New Name Server Record” window, type in the name of your secondary DNS server. it is always better to validate by name not IP address to avoid future problems in case your IP addresses change. Once done, click OK

capture_02282013_082001

You will see your secondary DNS server is now added to your name servers selection, click OK

capture_02282013_082008

Now if you head back to to your secondary DNS server and refresh, the big red X will go away and your primary zone data will populate

capture_02282013_082120

Your secondary DNS is fully setup now. You can not make any DNS changes from your secondary DNS. Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS.

/////

Hi, my name is Ali. I am a Systems Engineer. I live in the beautiful Evergreen state. I have a Bachelor degree of science in Information Technology with a handful of accompanying I.T. certificates. I also have a degree in Computer Networking. I am an Apple Certified Technician, Microsoft MCITP and a Linux expert.

23 Comments

  1. HOW-TO: Install DNS Role in Windows Server 2012 | Ali Khalidy – Blog · February 28, 2013

    […] is. – In this guide, we will only talk about installing DNS, there will be another guide detailing how to configure a secondary DNS server in Windows Server 2012 […]

    Reply
  2. HOW-TO: Add a secondary domain controller with integrated DNS in Windows Server 2012 | Ali Khalidy – Blog · March 1, 2013

    […] previously talked about how to configure a dedicated secondary DNS server in Windows Server 2012, in this article, I will show you how to configure a secondary domain controller with integrated […]

    Reply
  3. Darryl · August 1, 2013

    Great write, we have an odd situation, after setting up our new Server 2012 box we ended up with 2 entries under the DNS Manager, one is just the name itself of the server and the other is the FQDN. Is it possible to repair the system while in production? Thanks for the article.

    Reply
  4. ismath · October 2, 2013

    very help full working fine thank

    Reply
  5. James · April 17, 2014

    Hey Ali,

    Thanks for this tutorial it was helpful.
    Good luck being a Dad, takes a lot of practice.

    James

    Reply
  6. K R Shankar · July 15, 2014

    Thank to Ali…and it very useful information for IT persons……..

    Reply
  7. Francesco · August 1, 2014

    Thank you so much!! Very good article.

    Reply
  8. Peter · August 15, 2014

    Thank you, very good help here.

    Reply
  9. Rupesh · November 4, 2014

    Thanks Ali. Supreb documentation.

    Reply
  10. INSTALL DNS ROLE IN WINDOWS SERVER 2012. | IT Everything Center Share Knowledge · December 1, 2014

    […] – In this guide, we will only talk about installing DNS, there will be another guide detailing how to configure a secondary DNS server in Windows Server 2012 […]

    Reply
  11. citrix24 · April 17, 2015

    I have just one comment.. Secondary zone is a good solution if you want to use this copy of the dns zone only as a backup. In most AD deployments dns zone are stored in AD and in such cases seconday zone cannot be used.

    Reply
  12. Alexander · May 28, 2015

    Si tengo una Zona Primaria y configuro la zona secundaria cuando por cualquier razón la zona primaria falla porque el servidor falla la zona secundaria es la que tomaría momentáneamente el control de la resolución de nombres mientras el dns primario es restablecido.

    Reply
  13. Alexander · May 28, 2015

    If I have a primary zone and configure the child zone when for any reason the primary zone fails because the server fails the secondary zone is the one that momentarily take control of name resolution as the primary dns is restored.

    Reply
  14. sean · August 18, 2015

    I have 2 domain controllers. I’m adding a 3rd so I can demote/remove the oldest one. I can’t seem to get the new DNS to use either of the existing DNS servers as an authoritative zone.

    Reply
  15. Luis · August 31, 2015

    Awesome, thank you so much! This tutorial helped me a lot and hopefully my boss is impressed that I was able to re-purpose an older server as a secondary DNS server 😀

    Reply
  16. Jeff Cooper · July 5, 2016

    Hi,

    1st, my apologies if this question seems a bit dense. We had a consultant set up our AD server and I come from a Mac background.

    I have set up a secondary domain controller and it seems to be working fine (at least there a no alerts or error flags), but I’m confused about something. To get our servers and other resources to authenticate to our AD server, I set their primary DNS Server to the AD Server’s address, and bind the server to the domain. Is the “accepted” way to tell my machines where the secondary AD server is, to simply set the 2nd dns server entry to the secondary AD server’s address?

    I just want to be sure if my AD Server goes down, the machines that count on it will be able to still authenticate and log people in.

    Thanks,

    Jeff

    Reply
  17. Ezra Mosomi · July 20, 2016

    very nice and on point article keep the nice work up

    Reply
  18. rowell · November 2, 2016

    i would like to ask. the secondary dns that created, it is in the server where ad and primary dns exist?

    Reply

Would you like to share your thoughts?