Whenever you make a fundamental
change to a DNS zone it’s a good idea to back it up, but how do you do that
when your DNS is Active Directory Integrated without taking a system state
backup? We’ll take a look at both AD integrated and standalone methods to get a
better understanding.
Non-AD integrated (Standalone) DNS:
If you’re running standalone DNS and
simply have a Primary/Secondary setup then performing this style of backup is
really very simple. As standard DNS zone file information is stored in
the %systemroot%\system32\dns
folder (typically C:\Windows\System32\dns). When the DNS service starts it simply loads the Zones
from these files, likewise when a change is made it creates a backup and places
it in the backup folder on the aforementioned path. It’s worth noting that only
one backup is maintained so if you make another change the previous backup is
overwritten, therefore if you make a sideways copy of these backups you can
keep a version as long as you require.
AD Integrated Zones:
As AD integrated zones are stored
within the Active Directory they do not have any files associated with
them and therefore are not backed up to the backup directory. So how do we get
it out? Using DnsCmd.exe is how!
The Microsoft example of a zone
export is as follows:
dnscmd [] /zoneexport
This looks great but here it is in a
more useful looking format:
DnsCmd DNSserver1 /ZoneExport
example.com example.com.bak
Note that the backup file you have
created will land in %systemroot%\System32\dns
How to restore AD Integrated Zones:
Warning: You should only attempt to
restore this file as a last resort as it could impact your users especially
then allowing for replication to the DNS holding DC’s.
- Hope onto the DNS Management Console and delete the zone
- Rename your zone backup to have a .dns extension, in the example above this would go from example.com.bak to example.com.dns
- Create a new zone with the FQDN of the zone you deleted, if using the New Zone Wizard be sure to uncheck the Store in Active Directory option.
- When prompted to create a new zone file or use an existing file, choose an existing file, the wizard should automatically fill in the zone FQDN with the .dns extension, this should look the same as your renamed zone file (example.com.dns)
- Complete the wizard
- Check the zone information is as per the zone before the changes
- If all is well, simply change the zone type to Active Directory Integrated.
It's done.
No comments:
Post a Comment