Windows 2012 DNS server phase out

Question

I've got a network with 3 AD servers that also run the DNS service.

We've got a project on to migrate from Windows DNS to a new turnkey DDI solution.

I'm going through everything I can think of and manually changing its DNS client configuration to point at the new IP addresses of the new servers.

What I want to do is convert the original 3 AD/DNS servers into Forward Only servers so they send all queries to the new DNS servers, and log the inbound queries to them (so I can figure out what still needs to be changed).

I've not been able to find instructions on converting a Windows DNS server to only forward and not actually resolve queries itself.

It's a production system, so I've got to be careful about what I do to it. - for example, I can't change the IP address of the DC's.

Any ideas?

A long-running packet capture would help you sort out which clients still need to be configured. — EEAA, Apr 15 '16 at 19:00
Yeah, doing that too. I'd still like to be able to forward for the short term interim. — Tom O'Connor, Apr 15 '16 at 19:02
why not consume the old IP address when the new server is ready? -....wait a sec, forget I spoke! — Sum1sAdmin, Apr 15 '16 at 19:10
Do you still want the servers to be domain controllers afterwards? — Ryan Ries, Apr 15 '16 at 19:14
Yeah, they've got to remain Domain Controllers, which puts a bit of a fly in the ointment. Otherwise, it might be easier to change the IP of the DC's. I think that would break more stuff than fix. — Tom O'Connor, Apr 15 '16 at 19:19
I'm at a much earlier stage of a similar task - i was under the impression that so long as global forwarders were configured, and all AD DNS was correctly migrated upstream, i would then delete the zone(s) from AD. Backups & rollback plan obviously on standby. Are there any other concerns? — Andy, Apr 16 '16 at 08:46

score 2 · Accepted Answer · answered Apr 16 '16 at 16:10

2

I ended up biting the bullet.

I removed the zones from the name servers, and simultaneously swapped every client's resolver details for the new IP addresses.

Then I did the packet capture, and think I found all the sources of DNS requests.

Finally, I configured global forwarders.

It's working well so far..

answered Apr 16 '16 at 16:10

Tom O'Connor

27,440
10
72
148

Oh... I thought you had other DCs also hosting the same AD-integrated zone that you wanted to keep that way. – Ryan Ries Apr 16 '16 at 16:11
Noop. AD integrated DNS is a pile of poop that doesn't scale, it turns out. – Tom O'Connor Apr 16 '16 at 22:48
Hmmm well our opinions differ there, but that is a discussion for another time. – Ryan Ries Apr 16 '16 at 23:13
Well done. I'm keen to know if you encounter any unforseen issues – Andy Apr 17 '16 at 02:22
I'll let you know! – Tom O'Connor Apr 17 '16 at 13:29

Windows 2012 DNS server phase out

1 Answers1