How to configure DNS with Neverfail Heartbeat V5.2.2 and Prior in a WAN environment

Follow

Summary

This Knowledgebase article provides information about how to configure DNS with Neverfail Heartbeat V5.2.2 and Prior in a WAN environment.  Neverfail Heartbeat is designed to integrate with DNS technology where the DNS is itself integrated with the Active Directory. Neverfail recommends that Heartbeat is installed in an Active Directory Integrated DNS environment.


More Information

Neverfail Heartbeat is designed to integrate with DNS technology where the DNS is itself integrated with the Active Directory. For more information about Neverfail and DNS integration, please refer to the Related Information below. Domain Name System (DNS) provides efficient name resolution and interoperability with standards-based technologies. Deploying DNS in your client/server infrastructure enables resources on a TCP/IP network to locate other resources on the network by using host name-to-IP address resolution and IP address-to-host name resolution. The Active Directory service requires DNS for locating network resources.

Active Directory Integrated Environments

Neverfail recommends that Heartbeat be installed in an Active Directory Integrated DNS environment.

In a standard DNS zone, there can be one Primary and multiple Secondary DNS servers. The Primary will be the Start of Authority (SOA) server for that zone and the other servers will be Secondary. When adding a new host record (e.g. new server is added into the zone) the record will be inserted only in the Primary DNS server. The information will be available on the Secondary servers during the replication process between the Primary and Secondary servers.

In an AD Active Directory Integrated DNS environment, all servers are updated within the AD through multi-master replication (a change on any one server will be replicated to all other Active Directory databases).

For instructions on how to convert to an Active Directory Integrated DNS environment, please see the Related Information below.

In very rare cases, DNS environment issues might occur when a switchover is performed in a WAN.  This may occur because the new public IP address will not be registered in the DNS servers by the Neverfail DNSUpdate tool. The Neverfail DNSUpdate tool will only issue a dnscmd /zonerefresh command (the DNS server will be flagged as Secondary) instead of a deletion and addition of the new host record. This can cause service interruption to users that are having to setup Secondary servers for name resolution servers because they do not have the latest modifications in the environment. The workaround for this issue requires a manual edit of the Start scripts in order to maintain up-to-date host records. The edited Start scripts will delete the obsolete records from the Forward and Reverse Lookup Zone and add the new host record on the wrongly flagged Secondary DNS servers.

Procedure

During a switchover in a WAN implementation, multiple DNS servers are updated during execution of the DNSUpdate command, but one or more servers are not updated because they are recognized by the DNSupdate tool as Secondary DNS servers.

  1. Determine detected Secondary servers using the DNSUpdate -d switch (the -d switch enables the debug mode) and look in the output for the below section.
  2. updateSecondaries

    Update secondary DNS servers

  3. If you see /zonerefresh commands on various DNS servers, you will then need to manually modify the Start scripts of both servers located at <install location>\R2\Scripts. After the DNSUpdate command add for each detected Secondary DNS server the following 4 commands replacing {…} with the appropriate value:

Echo NFCMD doExecuteAsUser {domain admin name} {domain name} "dnscmd {DNS server IP} /RecordDelete {fqdn}

{netbios machine name} A {machine IP to remove} /f" {protected application name} start

Echo NFCMD doExecuteAsUser {domain admin name} {domain name} "dnscmd {DNS server IP} /RecordDelete

{reverse zone name} {server IP truncated} PTR {fully qualified machine name} /f" {protected application name} start

Echo NFCMD doExecuteAsUser {domain admin name} {domain name} "dnscmd {DNS server IP} /RecordAdd {fqdn}

{netbios machine name} {TTL} A {machine IP to add}" {protected application name} start

Echo NFCMD doExecuteAsUser {domain admin name} {domain name} "dnscmd {DNS server IP} /RecordAdd {reverse

zone name} {server IP truncated} {TTL} PTR {fully qualified machine name} " {protected application name} start

For more information about manually adding DNS scripts and examples, see Knowledgebase article #389 - 'How to use the Neverfail Heartbeat utility DNSUpdate.exe (DNS)'.

Non-Active Directory Integrated Environments

Recommendation

Neverfail recommends that if the current environment is not Active Directory integrated, that migration to Active Directory integrated be performed prior to installing any Neverfail solution. Please see 'Related Information' below for Microsoft Knowledge Base articles for procedures on how to migrate to an Active Directory integrated environment.


Applies To

Neverfail Heartbeat V5.2.2 and Prior


Related Information

Knowledgebase article #238 - 'Neverfail Heartbeat, Integrated DNS, and Active Directory'
Knowledgebase article #362 - 'How to Create Neverfail Heartbeat Scripts Manually'

Microsoft Knowledge Base articles:
http://support.microsoft.com/kb/198437 - How to Convert DNS Primary Server to Active Directory Integrated (Win2000 Svr)
http://support.microsoft.com/default.aspx?scid=kb;en-us;816101 - How To Convert DNS Primary Server to Active Directory Integrated (Win2003 Svr)
http://support.microsoft.com/kb/828263 - DNS query responses do not travel through a firewall in Windows Server 2003

KBID-814

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.