secondary DNS updating

Archived from groups: microsoft.public.win2000.dns (More info?)

How can I stop a secondary DNS zone from updating. I would like to create a
secondary DNS zone so all the SRV records are pulled over to the remote DNS
server. But since I am using NAT, I would like to delete all the A records
and add only the ones that need to be added (ie Servers) and add them with
the outside address. Is there a way to make sure the secondary DNS zone is
not updated at ALL?

Thanks
Dev
6 answers Last reply
More about secondary updating
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    news:C5D35F4C-4352-41C0-8761-9C5C1140BD8A@microsoft.com...
    > How can I stop a secondary DNS zone from updating. I would like to create
    a
    > secondary DNS zone so all the SRV records are pulled over to the remote
    DNS
    > server.

    Make it a Primary.

    That answers your question, but I am not
    sure if it will accomplish your real goal.

    > But since I am using NAT, I would like to delete all the A records
    > and add only the ones that need to be added (ie Servers) and add them with
    > the outside address. Is there a way to make sure the secondary DNS zone is
    > not updated at ALL?

    It's not a secondary unless it does zone transfer
    from a master -- Primaries don't do that so you
    can use a secondary to "prime" a (shadow) zone
    initially and then make it a Primary to break the
    replication.
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    As Herb mentions, this really isn't a secondary. Usually, in cases like
    these, a different server is used for external zones and the A records are
    added manually with the external addresses. They can have the same DNS
    Domain names but never be aware of one another.

    --
    Ryan Hanisco
    MCSE, MCDBA
    FlagShip Integration Services
    Chicago, IL

    "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    news:C5D35F4C-4352-41C0-8761-9C5C1140BD8A@microsoft.com...
    > How can I stop a secondary DNS zone from updating. I would like to create
    > a
    > secondary DNS zone so all the SRV records are pulled over to the remote
    > DNS
    > server. But since I am using NAT, I would like to delete all the A records
    > and add only the ones that need to be added (ie Servers) and add them with
    > the outside address. Is there a way to make sure the secondary DNS zone is
    > not updated at ALL?
    >
    > Thanks
    > Dev
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    Since I need the SRVs to help with establishing a trust. Can I create a
    secondary zone on the DNS server in the remote domain. Then convert it to a
    primary with SOA being the DNS server of the remote domain so there are no
    updates from my domain? Once that is done, I can remove all the IP addresses
    and re-populate with the correct IPs?

    Thanks
    Dev

    "Ryan Hanisco" wrote:

    > As Herb mentions, this really isn't a secondary. Usually, in cases like
    > these, a different server is used for external zones and the A records are
    > added manually with the external addresses. They can have the same DNS
    > Domain names but never be aware of one another.
    >
    > --
    > Ryan Hanisco
    > MCSE, MCDBA
    > FlagShip Integration Services
    > Chicago, IL
    >
    > "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    > news:C5D35F4C-4352-41C0-8761-9C5C1140BD8A@microsoft.com...
    > > How can I stop a secondary DNS zone from updating. I would like to create
    > > a
    > > secondary DNS zone so all the SRV records are pulled over to the remote
    > > DNS
    > > server. But since I am using NAT, I would like to delete all the A records
    > > and add only the ones that need to be added (ie Servers) and add them with
    > > the outside address. Is there a way to make sure the secondary DNS zone is
    > > not updated at ALL?
    > >
    > > Thanks
    > > Dev
    >
    >
    >
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    news:47D4BAE3-413C-4833-B122-FCCFA8639353@microsoft.com...
    > Since I need the SRVs to help with establishing a trust. Can I create a
    > secondary zone on the DNS server in the remote domain. Then convert it to
    a
    > primary with SOA being the DNS server of the remote domain so there are no
    > updates from my domain? Once that is done, I can remove all the IP
    addresses
    > and re-populate with the correct IPs?

    Yes, you CAN.

    If may not do what you (really) wish to accomplish
    but the principle is valid.

    I frequently setup new AD domains this way, by
    initially basing them on the CURRENT DNS that
    was in use before AD was (to be) installed.
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thank Herb..

    My main problem is I am trying to trust two different domains in two
    different forests. I am going through a firewall that is NATing one side.
    When I try and create the trust it can not find the domain, yet I can ping
    the remote DCs and I can do a NET SEND to the domain with success. So if you
    have any ideas on what I can try, I would greatly appreciate it.

    Thanks
    Dev

    "Herb Martin" wrote:

    > "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    > news:47D4BAE3-413C-4833-B122-FCCFA8639353@microsoft.com...
    > > Since I need the SRVs to help with establishing a trust. Can I create a
    > > secondary zone on the DNS server in the remote domain. Then convert it to
    > a
    > > primary with SOA being the DNS server of the remote domain so there are no
    > > updates from my domain? Once that is done, I can remove all the IP
    > addresses
    > > and re-populate with the correct IPs?
    >
    > Yes, you CAN.
    >
    > If may not do what you (really) wish to accomplish
    > but the principle is valid.
    >
    > I frequently setup new AD domains this way, by
    > initially basing them on the CURRENT DNS that
    > was in use before AD was (to be) installed.
    >
    >
    >
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    news:F5C8BF33-88DB-4A27-A9FF-16A3EBCA1097@microsoft.com...
    > Thank Herb..
    >
    > My main problem is I am trying to trust two different domains in two
    > different forests.

    That has nothing to do with such DNS schemes.
    (really)

    Trusts between domains from different forests actually
    require NetBIOS name resolution which pratically means
    that you need WINS Server(s) if you have more than one
    subnet (as you do.)

    > I am going through a firewall that is NATing one side.

    What does this have to do with wishing to split your DNS
    for the domains?

    All internal DNS servers (i.e., internal to your networks)
    should provide the SAME answers.

    The only "split" (or Shadow) DNS in most cases should
    be between what you show on the Internet and what you
    show to your domain computers.

    > When I try and create the trust it can not find the domain, yet I can ping
    > the remote DCs and I can do a NET SEND to the domain with success. So if
    you
    > have any ideas on what I can try, I would greatly appreciate it.

    That is a NetBIOS issue.

    Have ALL of the DCs in all (involved) domains register
    with the same WINS database.
Ask a new question

Read More

Internet Explorer Microsoft DNS Servers Windows