In this Video we will: 

• Describe Secondary Zones
• Explain why you would deploy a Secondary Zone
• Then we will utilize what we have learned and create a Secondary Zone.
• And finally, we will test the Zone
• At the end of this lecture you will have a thorough understanding of Secondary Zones
• You will know how to create, configure and test your Secondary Zone  

Prerequisites: You must have access to or have installed in your lab the following: 

• One Windows 2016 Server with Active Directory installed and promoted to a domain controller (DNS installs automatically).
• One member server with Windows 2016 server and DNS installed. This server must be joined to the domain. (Join this machine to the domain just like you would any other computer) 
• Or two VM’s, one configured as a Domain Controller and one configured as a member server. 

AdequatePermissions will be needed.

• To configure a DNS server that is not running as domain controller, you must be a member of the Administrators group for that computer.
• To configure a DNS server that is running on a domain controller, you must be a member of the DNS Administrators, Domain Administrators, or Enterprise Administrators group

Describe a Secondary Zone 

• It is a read only copy of a primary Zone
• Changes cannot be made directly on the secondary server, only on the Master that holds the zone.
• A secondary zone can be a copy of an Active Directory integrated zone.
• Cannot be stored in Active Directory
• In order for the secondary server to receive a copy of the zone, the master zone must be configured to allow zone transfers.
• Secondary zones are supported on non-Microsoft DNS, will work with Linux and Unix.

Why would you Deploy Secondary Zones? 

• Enhances redundancy
• If the server hosting the Primary copy is unavailable, this server will be available for use by the clients in its place.

Creating a Secondary Zone 

Open Server Manager, then DNS Manager 

I am currently working from server SVR-US-DNS1.

I have created a brand new forward lookup zone called money.com.

Right now, SVR-US-DNS1 has the primary copy of those records from MONEY.COM in its data base.  

What if we want a secondary copy of that information on some other DNS server for backup purposes.

To accomplish this, we will need a second DNS server. I have a member server, that has been joined to the domain. The server has DNS installed but has not been promoted to a domain controller.  

Right click DNS, Connect to the DNS member server, type SVR-US-JD

Here we have SVR-US-DNS1 and the member server SVR-US-JD displayed.

Currently we do not have a copy of money.com on SVR-US-JD

The goal is to create a copy of money.com under SVR-US-JD.

To accomplish this: Right click on the forward lookup zone under SVR-US-JD click next, New Zone, the new zone wizard opens, click next, select Secondary Zone, next

Under Zone name - Type money.com (which will be a secondary for money.com)

Click next

Master DNS server – To understand what server they are talking about here, you can ask yourself these questions. What is the server’s IP address that contains the zone money.com. Or where is the secondary getting the copy of its information? In this case, the master server is SVR-US-DNS1. I type 192.168.0.10. (Always verify the IP address on the VM, from TCPIP Properties) Click next, finish

Now we have a secondary zone called money.com on our second server.

When I click on money.com there is an error message that says the Zone has not been loaded.

Sign up to access the rest of this lesson

You must either log in or sign up to access this lesson.

Sign In Sign Up