It is recommended that at least two DNS servers be used to host a Domain Name System (DNS) zone. Having at least two servers hosting a
zone provides a highly available and fault-tolerant solution for host name resolution. If your DNS server has one or more standard,
primary zones, it is highly recommended that you deploy a secondary DNS server that will be used to host standard, secondary zones.
For directory-integrated, primary zones, secondary servers can be used and are supported but not required for this purpose. For example,
two DNS servers running on Active Directory Domain Controllers (DCs) can be redundant primary servers for a zone (Active Directory
Integrated Zones). Domain Controllers running the DNS service hosting Active Directory Integrated zones can provide the same benefits as
adding a secondary server while also providing additional benefits such as increased security and reliability.
Secondary servers can also be used to offload DNS query traffic in areas of the network where a zone is heavily queried. In addition, if a
primary server is unavailable, a secondary server can provide the same name resolution service for the hosted zone(s) while the primary
server is available.
If you add a secondary server, one design option is to locate the server as close as possible to clients that have a high
demand for host name resolution. Also, you may consider placing secondary servers on remote subnets that are connected using slower or
unreliable WAN links. This design provides a local DNS server so that clients are not required to cross the WAN link for name
resolution. In addition, a WAN link failure would not impact host name resolution in this scenario.
Because the primary server always maintains the master copy of the zone, a secondary server relies on DNS zone transfer processes to
obtain updated zone information. The secondary DNS server stores its copy of the zone as a READ-ONLY copy. If you do deploy secondary
servers across the WAN, you should consider the traffic associated with zone transfers in your bandwidth requirements.
Add a Scecondary Zone via the Wizard
To add a secondary server to a zone using the Windows interface:
- Click Start, point to Administrative Tools, and then click DNS.
- In the console, click the appropriate DNS server.
- On the Action menu, click New Zone.
- Follow the instructions in the New Zone Wizard.
- When you reach the step to add the zone, select Secondary zone as the zone type.
- When prompted, provide the host name/IP address of the primary DNS server you are transferring the zone from.
Add A Secondary Zone via Command Line
To add a secondary server to a zone using the command line. At a command prompt, type the following command, and then press ENTER:
Dnscmd ServerName /ZoneAdd ZoneName /Secondary MasterIPaddress... [/file
Here is an example...
Dnscmd ns1.itgeared.com /zoneadd ns2.itgeared.com /secondary 192.168.0.1
Specifies the host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the
local computer, you can also type a period (.).
Specifies the fully qualified domain name (FQDN) of the secondary zone that you are adding. The zone name must be the same as
the name of the primary zone from which the secondary zone is created.
Specifies one or more IP addresses for the secondary zone master servers, from which it copies zone data.
Specifies the name of the file to use for creating the secondary zone.
Allow Zone Transfers
Note: On the DNS server hosting the primary zone, you must configure the zone to "Allow Zone Transfers", otherwise, the secondary server
will not be able to load the zone.
Recommended Books & Training Resources