An alternate strategy for DNS server backup

Since Active Directory is completely dependent on the domain name system (DNS), it is critically important to back up your DNS servers on a regular basis.

Microsoft's preferred method for backing up a DNS server is to perform a system state backup. Although this technique does work, it's an all-or-nothing proposition. This means that if you are having DNS problems and you choose to restore the system state, then you will also end up restoring the Registry, Active Directory database and a number of other components.

Fortunately, it's possible to back up your DNS server independently using two alternate methods. However, you must choose the method that corresponds to the type of zone that you are backing up.

Primary and secondary zones

Backing up primary and secondary zones is simple, because the zone information is stored within a text file. All you have to do is use the XCOPY command to backup the DNS folder. The command looks like this: This command tells Windows to copy everything found in the \Windows\System32\DNS folder to C:\backup\dns. The /Y switch at the end basically just tells the command to go ahead and do its thing without prompting you to make sure that it is OK.

Restoring the primary and secondary zone information is just as easy. You would simply copy the files from the \backup\DNS folder to the %SYSTEMROOT%\system32\dns folder.

Active Directory integrated zones

Backing up an Active Directory integrated zone is a bit trickier because the zone information is stored in the Active Directory rather than in a text file. Fortunately, Microsoft provides us with a command-line tool called DNSCMD.EXE that can get the job done.

DNSCMD.EXE is a part of the Windows Support Tools. The Windows Support Tools are not installed by default, but you can install them by running the SUPTOOLS.MSI

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Domain Name System (DNS) Domain Name System (DNS) Guide DNS troubleshooting tips for Active Directory How the DC locator works in Active Directory For Active Directory performance gains, delegate the _MSDCS DNS zone Best practices for DNS structure design DNS best practices: Making AD rock-solid Name resolution in DNS Configuring DNS server properties Preventing DNS registration of certain SRV records How do I create a secondary DNS server? Microsoft Active Directory Backup and Restore How to build redundancy in Active Directory replication Diamonds are forever, but not Active Directory backups How do I add a backup domain controller in Windows NT? Tools for quick recovery of deleted Active Directory objects Active Directory disaster recovery: Protecting the enterprise from the administrator Creating Active Directory replicas from backup tapes How to use Install from Media to restore a domain controller Chapter of the Week: Active Directory Cookbook for Windows Server 2003 and Windows 2000 -- Chapter 16, 'Backup, recovery, DIT maintenance and deleted objects' Unable to restore critical information after moving user accounts via LDIF Tips for Active Directory DC backups Microsoft Windows Data Backup and Protection Microsoft Hyper-V: Best practices for performance, backups and management Working with snapshots in Microsoft Hyper-V Self-healing NTFS keeps admins one step ahead of data corruption The efficacy of backup-as-a-service solutions Using WBAdmin to create backups in Windows Server 2008 Breaking down the Windows Server Backup tool for Windows 2008 Moving dynamic disks to a new Windows server Developing a solid Windows Server 2008 backup and recovery strategy Backing up virtual servers: Top methods for Windows machines Backup and recovery for data migrated to networked storage Microsoft Windows Data Backup and Protection Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cold/warm/hot server  (SearchWindowsServer.com) Dolly  (SearchWindowsServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

file that's located in the \Support\Tools folder on your Windows Server 2003 installation disk. Once you have installed the Windows Support Tools, open a Command Prompt window and navigate to the \Program Files\Support Tools folder. You can run all of the commands you need from this location.

First, export the zone information to a file you can back up. For example, suppose you were interested in backing up the DNS information for CONTOSO.COM. In such a situation, the export command would look like this: When you run this command, the /zoneexport switch tells DNSCMD.exe that you want to export zone information for the specified zone (Contoso.com) to a backup file. The backup file will be placed in the %systemroot%\system32\dns\backup folder, and will be named Contoso.com.dns.bak.

The one thing you need to know about the export command is that it will not overwrite any previously existing backup files. Therefore, make sure that no files with the specified name already exist in the backup directory, or the command won't work.

As you can see, creating a backup isn't very difficult, but restoring the backup is a little bit trickier. That's because you can't just tell the DNSCMD command to restore the file as an Active Directory integrated zone. Instead, you have to tell DNSCMD to create a primary zone based on your backup file. Once you have done that, you can convert the primary zone to an Active Directory integrated zone.

The first thing you need to do is move the backup file that you created from the %systemroot%\system32\dns\backup folder to the %systemroot%\system32\dns folder. This allows DNSCMD to discover the backup file. After doing so, run the following command: In the command above, the /zoneadd switch tells DNSCMD that you want to create a new zone. The /Primary switch indicates that you are creating a primary zone. You then used the /File switch and the name of your backup file to indicate which file you want to create the new zone from.

The /LOAD switch in this command is very important. It tells DNSCMD to load the zone information from the file that was just specified. Had you omitted the /LOAD switch, DNSCMD would have created a new zone file and overwritten the contents of the backup file.

Now that you have created a new primary zone, you need to convert the zone to an Active Directory integrated zone. To do so, just use this command: Once you enter this command, you're all set. However, secure dynamic updates for the zone are not enabled by default. If you want to enable secure dynamic updates, then you must enter the following command: [TABLE]

Rate this Tip To rate tips, you must be a member of SearchWindowsServer.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.