Why can't I replicate DNS zones to non-DC DNS servers?

domain-name-system domain replication active-directory domain-controller
8,342

Solution 1

AD-integrated DNS zones (the kind that replicate via AD) can only exist on domain controllers, as their data source is a directory partition that's read from the local system - directory services replication can't happen to a system that doesn't have directory services available.

A non-DC DNS server's zones are stored locally on the individual system - you can use zone transfers (secondary zones) to get copies of zones on another system, but you can't make changes on that system - this might not be the kind of behavior you're interested in.

Solution 2

Why can't the zone be replicated to all DNS servers?

When the zone is AD integrated, then the zone is stored in the AD. A stand alone machine doesn't have a copy of the AD.

What can I do to make this zone replicate to my dedicated DNS server?

Adjust the zone transfer permissions on the zone, and setup your stand-alone server as a secondary, with one or many of your AD server as the master.

You can either explicitly list your server on the domain controller that are allowed to tranfer, or choose the less secure option and just permit any machine to do zone transfers.

Zone transfer dialog

Share:
8,342

Related videos on Youtube

Yarsh
Author by

Yarsh

I enjoy writing hardcore OO data-structures in native C++.

Updated on September 18, 2022

Comments

  • Yarsh
    Yarsh over 1 year

    I've installed Windows Server 2008R2 Enterprise Edition with SP1 on two computers:
    1) My primary domain controller.
    2) A dedicated DNS server.

    My DNS server is not a domain controller, but it has been joined to the domain successfully.

    However, the main forward lookup zone does not replicate to the DNS server (presumably because it is not a domain controller).

    When I open the DNS Manager on my domain controller, and open the replication settings for this zone, I see this:

    "Change Zone Replication Scope Dialog Box"

    There are no options available to replicate to all DNS servers, regardless whether they are domain controllers.
    1) Why can't the zone be replicated to all DNS servers?
    2) What can I do to make this zone replicate to my dedicated DNS server?
    3) Can I safely resolve this by creating this forward lookup zone on my dedicated DNS server, and configuring this new zone to replicate back to my domain controller?

    Thanks in advance!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cannot connect Windows 7 machine to windows 2003 domain
Will the DNS Forward Lookup Zone recreate itself if I delete it?
Can't connect to domain controller
Cannot rename a computer on a domain
Windows Domain Controller/DNS Failure
Active Directory Multi Site. Choose nearest DCs into Linux/Not-Microsoft applications
How to change Active Directory Forest name
Windows Clients connecting to DC in wrong site?
Exchange 2010 don't see its PDC (same machine)
Mutli-DC Environment DNS Error 4015