JSI Tip 5312. When you change your DNS Active Directory-integrated zone type to secondary, it changes back to Active Directory-integrated when you restart?

The subject behavior occurs when your stop and start the DNS service or restart your domain controller.

A domain controller that is running the DNS service has Active Directory-integrated DNS zones. When you modify the zone type in DNS Manager, the zone type reverts to Active Directory-integrated when the service starts.

To resolve this issue, use a member server for the secondary server for the DNS zone, or use the following workaround:

1. Use DNS Manager to change the zone back to secondary.

2. Open the Active Directory Users and Computers snap-in.

3. On the View menu, press Advanced Features.

4. Expand the System object and press MicrosoftDNS.

5. Delete the zone file object with the secondary zone name. This will prevent Active Directory from being aware of the secondary zone, so it will NOT change it back to Active Directory-integrated.

6. If you did NOT perform step 5 on the the domain controller that hosts the secondary DNS zone, you must wait for Active Directory replication to occur.

7. Stop and start the DNS service.

From the Windows 2000 Resource Kit

If you are using Active Directory, use directory-integrated storage for your zones.

In an integrated zone, domain controllers for each of your Active Directory domains correspond in a direct one-to-one mapping to DNS servers. When you troubleshoot DNS and Active Directory replication problems, the same server computers are used in both topologies, which simplifies planning, deployment, and troubleshooting.

Using directory-integrated storage also simplifies dynamic updates for DNS clients that are running Windows 2000. When you configure a list of preferred and alternate DNS servers for each client, you can specify servers that correspond to domain controllers that are located near each client. If a client fails to update with its preferred server because the server is unavailable, the client can then try an alternate server. When the preferred server becomes available, it loads the updated, directory-integrated zone that includes the updates that the client made.

If you are not using Active Directory integration, correctly configure your clients and understand that a standard primary zone becomes a single point of failure for dynamic updates and for zone replication.

Standard primary zones are required to create and manage zones in your DNS namespace if you are not using Active Directory. In this case, a single-master update model applies, with one DNS server designated as the primary server for a zone. Only the primary server, as determined in the SOA record properties for the zone, can process an update to the zone.

For this reason, make sure that this DNS server is reliable and available. Otherwise, clients cannot update their A or PTR resource records.

Consider using secondary or caching-only servers for your zones to offload DNS query traffic.

Secondary servers can be used as backups for DNS clients, but they can also be used as the preferred DNS servers for legacy DNS clients. For mixed-mode environments, this enables you to balance the load of DNS query traffic on your network and, thus, reserve your DNS-enabled primary servers for Windows 2000-based clients that need primary servers to perform dynamic registration and updates of their A and PTR resource records.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.