Hyper Expert /Blog

HOW-TO: Configure a secondary DNS server in Windows Server 2012

We previously discussed how to install DNS role in Windows Server 2012. In this post, I will explain how to configure that dedicated DNS server as secondary DNS for redundancy.

Keep in mind that it is always a good practice to have a backup for every role you have on every server if applicable and if the resources are available.

Note: You will need access to your primary DNS server in order to finish setting up your secondary DNS

Launch your DNS Manager, can be found in your Start screen


Under your server name, right-click “Forward Lookup Zone”, then click on “New Zone…”


You will get the “New Zone Wizard” welcome screen, click Next


In the “Zone Type” screen, you will need to select “Secondary zone” as this will be your backup secondary DNS that will replicate from your primary DNS, click Next


Give your new secondary DNS zone a name, this is different than your server name, you can name it anything you want, but mostly it is a good idea to name it the same way your primary DNS is setup, or you can put your domain name


Now you need to put in your Primary DNS server name or IP address, this is where you tell your secondary DNS where to copy all the DNS info from. You will also need to make small adjustments to your primary DNS, we will cover that later on in this article


Once you put the IP address or server name, you will see the green check mark indicating that the server validated and it is ok to proceed, click Next



Lastly, verify your information and click Finish


Setting up the secondary DNS is done, but we are not entirely finished here, we need to tell our primary DNS that it is ok for this secondary DNS to pull information from it. Otherwise replication will fail and you will get this big red X


Head over to your primary DNS server, launch DNS manager, expand Forward Lookup Zones, navigate to your primary DNS zone, right-click on it and go to Properties


Go to “Zone Transfers” tab, by default, for security reasons, the “Allow zone transfers:” is un-checked to protect your DNS information. We need to allow zone transfers, if you value your DNS records, you do not want to select “To any server” but make sure you click on “Only to servers listed on the Name Servers tab”


Head over to the “Name Servers” tab, click Add


You will get “New Name Server Record” window, type in the name of your secondary DNS server. it is always better to validate by name not IP address to avoid future problems in case your IP addresses change. Once done, click OK


You will see your secondary DNS server is now added to your name servers selection, click OK


Now if you head back to to your secondary DNS server and refresh, the big red X will go away and your primary zone data will populate


Your secondary DNS is fully setup now. You can not make any DNS changes from your secondary DNS. Secondary DNS is a read-only DNS, Any DNS changes have to be done from the primary DNS.


Hi, my name is Ali. I am a Systems Engineer. I live in the beautiful Evergreen state. I have a Bachelor degree of science in Information Technology with a handful of accompanying I.T. certificates. I also have a degree in Computer Networking. I am an Apple Certified Technician, Microsoft MCITP and a Linux expert.


  1. HOW-TO: Install DNS Role in Windows Server 2012 | Ali Khalidy – Blog · February 28, 2013

    […] is. – In this guide, we will only talk about installing DNS, there will be another guide detailing how to configure a secondary DNS server in Windows Server 2012 […]

  2. HOW-TO: Add a secondary domain controller with integrated DNS in Windows Server 2012 | Ali Khalidy – Blog · March 1, 2013

    […] previously talked about how to configure a dedicated secondary DNS server in Windows Server 2012, in this article, I will show you how to configure a secondary domain controller with integrated […]

  3. Darryl · August 1, 2013

    Great write, we have an odd situation, after setting up our new Server 2012 box we ended up with 2 entries under the DNS Manager, one is just the name itself of the server and the other is the FQDN. Is it possible to repair the system while in production? Thanks for the article.

  4. ismath · October 2, 2013

    very help full working fine thank

  5. James · April 17, 2014

    Hey Ali,

    Thanks for this tutorial it was helpful.
    Good luck being a Dad, takes a lot of practice.


  6. K R Shankar · July 15, 2014

    Thank to Ali…and it very useful information for IT persons……..

  7. Francesco · August 1, 2014

    Thank you so much!! Very good article.

  8. Peter · August 15, 2014

    Thank you, very good help here.

  9. Rupesh · November 4, 2014

    Thanks Ali. Supreb documentation.

  10. INSTALL DNS ROLE IN WINDOWS SERVER 2012. | IT Everything Center Share Knowledge · December 1, 2014

    […] – In this guide, we will only talk about installing DNS, there will be another guide detailing how to configure a secondary DNS server in Windows Server 2012 […]

  11. citrix24 · April 17, 2015

    I have just one comment.. Secondary zone is a good solution if you want to use this copy of the dns zone only as a backup. In most AD deployments dns zone are stored in AD and in such cases seconday zone cannot be used.

  12. Alexander · May 28, 2015

    Si tengo una Zona Primaria y configuro la zona secundaria cuando por cualquier razón la zona primaria falla porque el servidor falla la zona secundaria es la que tomaría momentáneamente el control de la resolución de nombres mientras el dns primario es restablecido.

  13. Alexander · May 28, 2015

    If I have a primary zone and configure the child zone when for any reason the primary zone fails because the server fails the secondary zone is the one that momentarily take control of name resolution as the primary dns is restored.

  14. sean · August 18, 2015

    I have 2 domain controllers. I’m adding a 3rd so I can demote/remove the oldest one. I can’t seem to get the new DNS to use either of the existing DNS servers as an authoritative zone.

  15. Luis · August 31, 2015

    Awesome, thank you so much! This tutorial helped me a lot and hopefully my boss is impressed that I was able to re-purpose an older server as a secondary DNS server 😀

  16. Jeff Cooper · July 5, 2016


    1st, my apologies if this question seems a bit dense. We had a consultant set up our AD server and I come from a Mac background.

    I have set up a secondary domain controller and it seems to be working fine (at least there a no alerts or error flags), but I’m confused about something. To get our servers and other resources to authenticate to our AD server, I set their primary DNS Server to the AD Server’s address, and bind the server to the domain. Is the “accepted” way to tell my machines where the secondary AD server is, to simply set the 2nd dns server entry to the secondary AD server’s address?

    I just want to be sure if my AD Server goes down, the machines that count on it will be able to still authenticate and log people in.



  17. Ezra Mosomi · July 20, 2016

    very nice and on point article keep the nice work up

  18. rowell · November 2, 2016

    i would like to ask. the secondary dns that created, it is in the server where ad and primary dns exist?


Would you like to share your thoughts?