Help - Is it possible to have a backup DNS server

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
marcoi

marcoi

Well-Known Member
Apr 6, 2013
1,533
289
83
Gotha Florida
I currently have a WS2012R2 Essentials VM running at home. It has AD and DNS on it. All the computers connecting to it (windows based) are on it's domain. When ever i need to stop the server to do work, i lose DNS and it makes working with server names impossible since nothing there to respond with ip address.

My questions is, how can i setup a 2nd backup dns server on the network. It can be another VM running on some other box.

Side note, I currently have Sophos 9 UTM as home router/firewall app.

Thanks
 
J

j_h_o

Active Member
Apr 21, 2015
644
180
43
California, US
The DNS is integrated with Active Directory, so you need to spin up another VM and also promote it as a domain controller for your network.

Install another VM with 2012R2 Essentials, static it's IPs, then promote it as an additional domain controller. Then update your DHCP scope (I assume this is on your UTM, right?) to have this 2nd DC's IP as a DNS server as well, for the scope.

There is overhead in having an additional DC; you then have to deal with (potential) replication issues, FSMO roles, etc., but in general, it should "just" work out of box.

Per 10 cool new features in Windows Server 2012 R2 Essentials and Download Windows Server 2012 R2 Products and Editions Comparison from Official Microsoft Download Center 2012R2 Essentials supports this.
 
  • Like
Reactions: marcoi
marcoi

marcoi

Well-Known Member
Apr 6, 2013
1,533
289
83
Gotha Florida
It appear that the second server should be standard version not essential based on what I found online. I'm going to use standard for my testing.
 
K D

K D

Well-Known Member
Dec 24, 2016
1,439
320
83
30041
When using Essentials, that is the only server that can be a Domain controller (and DNS). If you need more than one, you will have to use Standatd or DC and install the essentials role. This way you are not limited to one server.
 
marcoi

marcoi

Well-Known Member
Apr 6, 2013
1,533
289
83
Gotha Florida
I have Essentials as my one DC, I want standard to act as a replica or backup so when i turn off essentials the rest of my network devices can still work.
 
N

nitrobass24

Moderator
Dec 26, 2010
1,087
131
63
TX
You do not need it to be a domain controller for DNS. Just install the DNS server role and update your NS records and zone transfer settings.


Sent from my iPhone using Tapatalk
 
  • Like
Reactions: wildchild
N

nitrobass24

Moderator
Dec 26, 2010
1,087
131
63
TX
Potential licensing implications. Depending on the size of your AD you could require significantly more resources. I don't know enough about your environment to say you shouldn't, but the advice earlier in the thread was factually incorrect.

Just pointing out that you can make things simple if you want.


Sent from my iPhone using Tapatalk
 
marcoi

marcoi

Well-Known Member
Apr 6, 2013
1,533
289
83
Gotha Florida
this is my home lab, and i have a few licenses left over from my technet subscription days that i can use. I been doing enough home lab re-do of hardware and software that having a second AD/DNS server running on a standalone esxi host would make my life easier. :)

Current progress, i have ws2012r2 std installed and patching it now. Next is setting Server name and joining it to the domain. I got to still find the steps on how to make it act as backup AD and DNS server though.
 
P

PigLover

Moderator
Jan 26, 2011
3,186
1,545
113
marcoi said:
I currently have a WS2012R2 Essentials VM running at home. It has AD and DNS on it. All the computers connecting to it (windows based) are on it's domain. When ever i need to stop the server to do work, i lose DNS and it makes working with server names impossible since nothing there to respond with ip address.

My questions is, how can i setup a 2nd backup dns server on the network. It can be another VM running on some other box.

Side note, I currently have Sophos 9 UTM as home router/firewall app.

Thanks
Click to expand...
If I understand you correctly - you have AD services and you have DNS. Both are served by the same server today and you've licensed it in a way where you are only allowed to have one while remaining "license compliant", but the cost of upgrading the license to something more flexible is prohibitive for a home/lab user.

The core problem is that when this server fails you lose both AD and DNS. You can live without AD (because your clients cache credentials and know how to work offline - or perhaps some clients don't care about AD at all) but losing DNS makes all kinds of things fail.

Its kindof a PITA, but this is what I did:

I use my pfSense router as the primary DNS for everything, using the default DNS resolver. I advertise the router as DNS in DHCP and set it manually in everything that is static. In the resolver I do a "domain override" for the AD domain (home.<mydomain>.com pointing to the DC). I also add a second Domain Override for the domain controller search domain so that hosts can always find the domain controller directly (_msdcs.home.<mydomain>.com also pointing to the DC). Finally, for specific hosts that are static on my home network I added Host Overrides (BlueIris.home.<mydomain>.com, etc).

This way if I lose the DC I only lose AD services and the locally registered hostnames for the AD hosts. But DNS still resolves normally for everything else.
 
marcoi

marcoi

Well-Known Member
Apr 6, 2013
1,533
289
83
Gotha Florida
PigLover said:
The core problem is that when this server fails you lose both AD and DNS. You can live without AD (because your clients cache credentials and know how to work offline - or perhaps some clients don't care about AD at all) but losing DNS makes all kinds of things fail.
Click to expand...
This is my main issue. Licensing isnt per se since I have licensing from technet and this is a home lab. The main issue (that i can determine) is you can't have two essentials servers running in the same environment due to licensing requirements of essential. So the work around is setup the second server using the standard flavor which doesnt have that limitation.

If the above fails, ill be looking into using sophos as the primary dns in similar fashion to how you setup pfsense.
 
vl1969

vl1969

Active Member
Feb 5, 2014
634
76
28
I believe that Essential Licence only give you right to have one(1) AD/DC only. you can not have other AD/DC on network as that violates the EULA. if you need 2 or more you have to run Standard on all or risk problems later.
that is unless the rules changed somehow.
 
marcoi

marcoi

Well-Known Member
Apr 6, 2013
1,533
289
83
Gotha Florida
vl1969 said:
I believe that Essential Licence only give you right to have one(1) AD/DC only. you can not have other AD/DC on network as that violates the EULA. if you need 2 or more you have to run Standard on all or risk problems later.
that is unless the rules changed somehow.
Click to expand...
I think that might have been true with 2012 essentials, not 2012 r2 essentials. R2 still needs to be primary AD, but it should allow additional AD if the version is ws2012 r2 standard.

This forum posts, mentions replica sites are allowed.
Licensing issue with Windows Server 2012 R2 Essential

I couldnt find the exact EULA for r2 essentials to confirm though.
I will take a snapshot of each vm before trying anything out, in case the time boom warnings start.
 
You must log in or register to reply here.
Top Bottom