Under Windows NT, DNS was a nice service to have on your server for resolving TCP/IP addresses, but it wasn’t necessary. When Microsoft introduced Active Directory and Windows 2000, DNS became an essential service. If you’ve already deployed DNS on your network, you can save a lot of time and effort in your Windows Server 2003 deployment by migrating that information. Here’s how.

TechProGuild articles appearing on LockergnomeThis article is from TechProGuild,
TechRepublic’s premium online brand dedicated to providing network
administrators and support professionals with proven, real-world solutions to
today’s toughest IT problems. TechProGuild members have access to
this and other solutions-oriented original technical content, as well as over
250 IT-related books, monthly PDF newsletters, and free featured downloads from
the TechRepublic Catalog. Discover additional articles like this and more by
becoming a TechProGuild member. Sign
up for a 30-day free trial and join TechProGuild today!

Your options

There are two different ways you can migrate your DNS to Windows Server 2003—although one is definitely better than the other. Your available options are:

  • Manually copying the zone data files
  • Manually performing a zone transfer

It is recommended that you manually initiate a zone transfer to transfer the zone data from the old server to the new Windows Server 2003 DNS server, as it usually results in fewer errors. Should you decide to go ahead and manually copy the zone data files, you need to manually verify the integrity of the zones. As well, you cannot directly migrate to an Active Directory-integrated zone when you manually copy the zone data files—Active Directory-integrated zones do not use the standard zone data files that you would be able to copy from one location to another. If you are currently using standard zones and your long-range goal is to move to Active Directory-integrated zones, you will be able to do so after migrating the zone data using either available method.

Zone transfers

The easiest, and most preferred method, to migrate your DNS zone data is to manually imitate a zone transfer from the DNS server you are replacing to your new Windows Server 2003 DNS server. But what does this really entail? What must you do ahead of time?

You first should determine what type of DNS system you are migrating from. Is it a Windows NT 4.0 or UNIX BIND system that uses only standard DNS zone servers? Or is it a Windows 2000 Server-based system that is currently operating with an Active Directory-integrated zone? Migrating Active Directory-integrated zones is a simple task—just add the new server to the Name Servers tab of the zone properties and ensure that the new server is authorized to perform zone replication with the zone. Once DNS is operating properly on the new Windows Server 2003, you can then remove it from the Windows 2000 Server, if desired.

If you are migrating from a system that uses standard DNS zones, things get a little more complicated—but don’t worry, it’s still quite easy. The first thing to remember about zone transfers is how the standard DNS zone servers are arranged. Standard DNS zones operate in a single master arrangement where only one DNS server has the master writable copy of the DNS zone data. All other servers have read only copies. The two types of standard zone servers you may encounter are:

  • Standard primary server: This server is the one that holds the one and only master writable copy of the zone data file. The zone data file is then replicated (via zone transfer) to all configured secondary zone servers using the standard zone data file text format. This server must make all the changes that must be made to the zone data file.
  • Standard secondary server: This server holds a read-only copy of the zone data file in standard zone data file text format. Secondary zones can be created and used for many reasons, but the most common reason is to provide increased performance and redundancy for the DNS zone. Secondary zones are commonly seen in locations such as screen subnets (the DMZ) or in remote offices connected to the central office over a low-speed WAN link.

So, as you might suspect, in order to migrate your DNS zone data to a Windows Server 2003 computer, you will need to have a functioning standard primary server. You will also need to make the new Windows Server 2003 DNS server a standard secondary server in that zone by creating a new standard secondary zone on that server. Once this has been done, you will need to configure the standard primary server to allow zone transfers with the new Windows Server 2003 computer.

To create a new standard secondary zone, right-click on the Forward Lookup Zones node in your DNS console, as seen in Figure A.

Figure A
You will need to first create a standard secondary zone.

Be careful to select a secondary zone. Also be careful to specify the correct zone name (it must be spelled exactly the same as it is on the other DNS server) and the IP address of the DNS server hosting the zone file. When you are done, you will see your new zone in the Forward Lookup Zones node of the DNS console. To start the zone transfer, right-click on the new standard secondary zone and select Transfer From Master, as seen in Figure B.

Figure B
Now you can transfer the zone data over to the new DNS server.

Once you have verified that the new standard secondary zone is functioning properly, you can decommission the existing primary zone server. You will now need to quickly change the secondary zone into a primary zone. For even better performance and security, you should consider making it Active Directory-integrated. Either way, you will need to right-click on the zone node and open the Properties dialog box. On the General tab, click the Change button in the Type area. This will open the dialog box seen in Figure C, allowing you to change the zone into a standard primary zone or an Active Directory-integrated zone, as desired. You will be prompted to confirm your decision.

Figure C
Here you can change the zone into an Active Directory-integrated zone.

If you change the zone into an Active Directory integrated zone, it will, by default, be configured to not use dynamic updates. From the General tab of the zone Properties dialog box, you should change this setting as soon as you can to Secure Only to allow the greatest flexibility and security of your zone data.

Alternatively, you can perform the zone transfer method from the command line using the following command:
dnscmd ServerName /ZoneRefresh ZoneName

Again, you will need to have the standard primary zone server available and the secondary zone already created on the new Windows Server 2003 server before performing the zone transfer. You can, of course, create the standard secondary zone on your Windows Server 2003 DNS server from the command line as well by issuing this command:
dnscmd ServerName /ZoneAdd ZoneName /Secondary MasterIPaddress… [/file FileName

You can specify multiple IP addresses by separating them with a comma. The FileName value must be the exact file name of the standard primary zone, just the same as when you are creating the zone via the DNS console.

Manually copying zone data

Should you still want to manually copy your zone data, you can locate it in the following locations:

  • Windows NT 4.0 Server: %systemroot%\system32\dns
  • Windows 2000 Server: %systemroot%\system32\dns
  • Windows Server 2003: %systemroot%\system32\dns

If you are copying a BIND DNS zone file, Table A provides you with the naming conventions used by BIND DNS and Windows Server 2003 DNS.
Table A


UNIX file name

Windows Server 2003
file name

Boot file

named.boot Boot
Forward lookup zone file db.domain_name
Reverse lookup zone file db.IP_network_forward_notation

Thus, the forward lookup zone data file for the mcseworld.local zone would be named db.mcseworld.local on the BIND server and would need to be renamed to mcseworld.local.dns on the Windows Server 2003 computer. If the zone data was for the IP address range of 192.168.100.x, then the BIND server reverse lookup file would be db.192.168.100 and would need to be renamed to 100.168.192.in-addr.arpa.dns on the Windows Server 2003 computer.

Wrap up

That’s about all there is to migrating your Windows NT 4.0 or Windows 2000 Server DNS zones to a new Windows Server 2003 computer. As long as you execute the process in the steps I’ve outlined here, you should encounter no problems.

[William C. Schmied]