I’ve noticed few issues with my DNS resolution within my lab. After careful consideration, I eventually realised what the problem was: I had two DNS servers, both authoritative for the same domains.

Whilst you can have two DNS servers for the same domain (and in most cases you want that), you can’t have them both authoritative for the same domain.

This problem appeared as my lab kept growing, once I introduced AD into my lab network. So I then had my “legacy” network using the one DNS server, while the new (AD clients) were using the DC for DNS resolution.

So here is my scenario:

dns-mess

  • DNS recursive lookups are not triggered if the resolution fails at the master server (it makes sense!)
  • Even if you configure a secondary DNS, the DNS client process will not use the secondary DNS server – again, for the same reason
  • A secondary DNS server is used in case no reply is received (say if the actual master is down)
  • You cannot make zone transfers between two master servers for the same domain

So in many cases I ended up in a scenario where I had to point my VMs to the Windows DNS (so I can join them to AD); but because the Synology DNS server zone was more current, some DNS queries would fail.

The plan therefore, was to migrate to a master/slave architecture (as it should be!). I had to make a decision – which server to be the master?

Because AD is very “picky”, I thought it would be a bit risky to use the Synology DNS server as the master – I would have to transfer the AD related DNS records across from the windows DNS … I didn’t like that! I was having a bad vibe about this! 🙂

So here is what I migrated to:

dns-mess-4

A. “Syncing” the master DNS Server

To make the Windows DNS server as maser, I had to bring in the missing records from the Synology DNS.I first exported the records from the Synology DNS zone. Next, I used a batch file to bulk-add all the missing records, using the dnscmd command into the Windows DNS zone:

dnscmd . /RecordAdd home.cm vesxiv6-01 86400 A 192.168.1.236

dnscmd . /RecordAdd home.cm vesxiv6-02 86400 A 192.168.1.237

Unfortunately, this command was not very successful when it came to the reverse DNS records. Thankfully, I didn’t have that many as I only focused on the ones related to my vSphere environment. I added those manually.

B. Configuring Windows DNS server to do zone transfers

You need to do this for both DNS zones (forward and reverse) … Right-click on the zone name and select Properties. The rest is self explanatory from the images below:

dns-mess-05

C. Configuring the Synology DNS Server

Once I’ve transferred all the records across to the Windows DNS server, I simply deleted the existing zones and recreated them as slaves:

dns-mess-10


Once you apply the settings, the Synology DNS Server will trigger the zone transfer from the Windows DNS Server.

Going forward …

  1. New records will be added to the master DNS zone
  2. Clients will be configured with primary DNS server and Secondary DNS server pointing to the Windows 2k3 server and the Synology DNS server respectively
  3. Any issues on the clients – need to make sure the cache is cleared

Thank you,
Signature
View Rafael A Couto Cabral's profile on LinkedIn



Posted in ALL.

Comments are closed.