Thursday, April 18, 2013

How to take DNS server backup in an AD environment



If you are an Active direc­tory admin, there is no need to men­tion the impor­tance of DNS. A DNS sever is poten­tially the sin­gle point of fail­ure in an AD envi­ron­ment… where an inter­rup­tion of its ser­vice or cor­rup­tion of any DNS records can bring the whole ser­vice down. This demands the need for a proper backup strat­egy for DNS servers.

Most pre­ferred method for tak­ing back up of DNS server is to do a sys­tem state backup. But this can­not be use­ful in many cases as it requires you to restore AD, Reg­istry set­tings, DNS etc. while busi­ness require­ment only needs you to restore the DNS server.

Also there may be cases where the sys­tem state restore cat­a­log may be cor­rupted and you could not restore it. Per­son­ally, I have faced sit­u­a­tions where the clients are com­plain­ing about cor­rupt sys­tem state back­ups where the users are not able to restore the DNS data using it. So it is always best to keep an inde­pen­dent backup of DNS server along with your nor­mal sys­tem state backup.

Before men­tion­ing how these inde­pen­dent back­ups can be taken for DNS servers, it’s worth men­tion­ing about dif­fer­ent AD zones in an AD environment.

Pri­mary and Sec­ondary zones.
Active direc­tory inte­grated zone.

Microsoft rec­om­mends using Active direc­tory inte­grated zone in DNS servers on an AD envi­ron­ment.
Now let’s check how inde­pen­dent back­ups can be taken on DNS server.

Pri­mary and sec­ondary zones:

Here the zone infor­ma­tion will be stored in plain text files. The backup and restore process is pretty straight for­ward where you can take a copy of text file con­tain­ing the zone infor­ma­tion using XCOPY.
The below com­mand can be used to backup.

XCOPY %SYSTEMROOT%\system32\dns c:\backup\dns /y


To restore the pri­mary and sec­ondary zone infor­ma­tion, you only need to sim­ply copy the files from the

\backup\DNS folder to the %SYSTEMROOT%\system32\dns folder

Active Direc­tory inte­grated zones:

You may be aware that the zone infor­ma­tion for Active Direc­tory inte­grated zone will be stored in AD data­base rather than as a text file. So the first step in tak­ing the backup is to export the zone infor­ma­tion to a file.

DNSCMD /zoneexport test.com backup\test.com.dns.bak

The backup file will be placed in the %systemroot%\system32\dns\backup folder, and will be named test.com.dns.bak.

You can use the backup file just cre­ated to restore the AD inte­grated zone if needed. How­ever, the restore process is bit more complex.

The restora­tion is a 2 step process.

a. You need to cre­ate a pri­mary zone by using the backup file you have cre­ated ear­lier.
b. Converting the pri­mary zone to AD inte­grated zone.

Before per­form­ing the first step, you need to copy the backup file you had cre­ated to 
%systemroot%\system32\dns folder from the backup loca­tion. Now, exe­cute the fol­low­ing com­mand.

DNSCMD /zoneadd test.com /primary /file test.com.dns.bak /load

The above com­mand will setup a pri­mary zone in the DNS server using the zone infor­ma­tion in the file test.com.dns.bak

Now, you need to con­vert the pri­mary DNS zone you just cre­ated to an AD inte­grated zone. You can use the fol­low­ing com­mand for that.

DNSCMD /zoneresettype test.com /dsprimary

Done!!

Note: If you want to enable secure dynamic updates, then you must enter the fol­low­ing command:

DNSCMD /config test.com /allowupdate 2

As a gen­eral back up guide­line is always a best prac­tice to test the integrity of the backup files at reg­u­lar inter­vals by doing test restores on any test network.

Thanks
R.karthikeyan
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Share this

Labels

WINDOWS SERVER (22) Windows (20) IIS (15) Interview questions (10) TFS (9) Troubleshooting Tips (9) Fortigate Firewall (8) SQL (8) Backup (6) Team Foundation Server (6) Webserver (6) Windows Administration Task (6) Microsoft certification (5) Virtualization (5) ADDS (4) Active Directory (4) FTP (4) PHP (4) SQL 2012 (4) SQL Server (4) server (4) DBA (3) MSSQL (3) Networking (3) Offer (3) Webhosting (3) Windows 8 (3) 74-409 (2) Agile Methodology (2) Apache (2) CLI Commands (2) DNS (2) Dedicated server (2) Difference between Active and Passive Connection Mode (2) Fortinet (2) GPO (2) IIS8 (2) IPAddress (2) IPV6 (2) MVA (2) Microsoft News (2) NAT (2) Software Development (2) TFS2013 (2) Uncategorized Post (2) XAMPP (2) firewall Administration. (2) powershell (2) .htaccess (1) ALM (1) Agile vs Scrum Difference (1) Blogging TIPS (1) CPanel (1) Command for Administrator (1) DC (1) DHCP (1) Domain joining nano server (1) Exam 74-409 (1) Excel TIps (1) File server (1) Fortigate Firewall HA (1) Fortigate Firmware Upgrade (1) Free Exam 70-740 (1) Free Voucher (1) Generation2 VM (1) Group Policy (1) HP (1) HP ILO IP CHange (1) HP OA IP Change (1) HP Proliant Servers (1) HTTP to HTTPS (1) Hyper-V (1) IAS (1) IIS Server hardening (1) ILO (1) Install dll (1) MCSA 2016 (1) Microsoft Virtual Academy (1) Microsoft file sharing Port (1) Migration (1) MySQL (1) NPS (1) Nano server (1) Network Drive (1) OA (1) Plesk Panel (1) Ports (1) Ports for windows file sharing (1) RADIUS (1) RDP (1) Remote Desktop Connection (1) SCRUM (1) SQL ErrorLog (1) SQL TEMPDB (1) Second Shot (1) Server 2012 (1) Startup Parameters (1) TEMPDB Movement (1) TIPS (1) Team Foundation Server 2013 (1) Temp profile. (1) Troubleshooting DNS (1) URL Rewriting (1) VDOM (1) VPS (1) VSS (1) Virtual Labs (1) Visual Studio (1) Visual Studio 2012 (1) Visual Studio 2013 (1) Visual source safe (1) Waterfall Model vs Agile Methodology (1) Windows 2016 (1) Windows 7 (1) Windows Server 2012 (1) Windows command line (1) XP (1) certification path (1) exam (1) free online courses (1) protocols/ports for windows file sharing on a firewall (1) sql error (1) what features has been installed in your SQL Server (1) windows 2012 (1) windows Time Service (1) work item types difference (1)

E-Books

Blogger Gadgets