DNS Disaster Recovery

It's simple if you're prepared

As part of my Windows NT administration routine, I've been doing disaster recovery drills on my network. Most disaster recovery is straightforward, but a few NT services require you to carefully prepare for a recovery. Dynamic Host Configuration Protocol (DHCP) is one of those services, as I explained last month; Domain Name System (DNS) is another. This month, I'll explain how to transplant DNS information from one server to another. (I'll focus on recovery of the DNS Server software that ships with NT 4.0, not third-party DNS server software for NT.)

After you set up DNS Server on an NT box, the server will have a winntsystem32dns directory. This directory contains a file with a .dns extension for each zone that you create on that server; a server has a .dns file for every zone for which it is the primary or secondary DNS server. For example, if a DNS server is authoritative for the acme.com domain, the server's winntsystem32dns directory contains an acme.com.dns file. These .dns files are ASCII files in standard Berkeley Internet Name Domain (BIND)-type format. DNS Server also installs a dns.log file and a cache.dns file in the winntsystem32dns directory. Cache.dns contains the addresses of DNS's root servers. All these files are important; they define the DNS server's functions.

DNS Booting Methods
When you back up a DNS server, you need to save all the files in the winntsystem32dns directory to a disk or a second machine. What other data does a DNS server need to function? The answer to that question depends on whether you've added a BOOT file to the system's winntsystem32dns directory.

Although the .dns files completely describe the structure of each zone the server is responsible for, they don't tell the server which zones it needs to worry about. Suppose you put a few dozen zone files (the files with the .dns extension) into the winntsystem32dns directory of an already-functional DNS server. The server wouldn't automatically use those files to resolve names from those zones. You have to tell DNS servers which zone files to use. NT's DNS Server offers two methods for identifying which zone files a server needs to use: booting from the BOOT file and booting from the Registry. DNS Server uses the latter method by default.

When a DNS server that boots from the Registry starts up, it looks to the Registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ServicesDNSZones to determine which zone files it needs to use. However, DNS servers that boot from a BOOT file (including UNIX DNS servers) don't store zone names in the Registry but in an ASCII file named BOOT. You can make a couple of Registry changes and build a BOOT file to instruct an NT DNS server to look to a BOOT file for the name of its zones.

Building a BOOT File
So far, booting from the BOOT file sounds like more work than booting from the Registry. However, putting a DNS server back together is easier if you use the BOOT file method. Therefore, to prepare for a DNS server's recovery, you need to create a BOOT file.

Create an ASCII file in winntsystem32dns, and name the file BOOT. You can use Notepad to create your BOOT file, but make sure it's an ASCII file. I've never seen Notepad create a non-ASCII file, but I've heard that Notepad can write Unicode files. DNS can't use a Unicode BOOT file. If you don't use American English, you might want to use edit.com to create your BOOT files.

After you create the BOOT file, identify the server's zones, giving each zone one line of the file. Lines that describe a zone for which the server is a primary DNS server need to start with the word primary, name the zone, and end with the name of the zone file. Use a space to separate the lines' elements. Lines that describe a secondary zone need to start with the word secondary, name the zone, include the IP address of that zone's primary DNS server, and finally name the zone file. The BOOT file must also contain a line that identifies cache.dns as the file that contains information about the root servers. This line must include the word cache, a space, a period, another space, and the filename cache.dns.

Suppose your DNS server is primary for the acme.com and retail.com domains, and the server is secondary for the apex.com domain. If apex.com's primary DNS server has the IP address 200.100.100.17, the server's BOOT file needs to contain the following information:

cache . cache.dns
primary acme.com acme.com.dns
primary retail.com retail.com.dns
secondary apex.com 200.100.100.17 apex.com.dns

The first line of this example BOOT file tells DNS that the cache.dns file contains the root information. The second and third lines tell the server that it's the primary DNS server for the acme.com and retail.com domains, and provide the server with the names of the zone files for those domains. The last line tells the server that it's a secondary DNS server for apex.com. I'm pretty sure that BOOT files aren't case-sensitive, but I always use lowercase. (The greatest thing about the Internet is that you no longer need that pesky Shift key.)

Using the BOOT File for DNS Recovery
Now, suppose your DNS server dies and you need it back up as soon as possible. You have access to the acme.com.dns, retail.com.dns, and apex.com.dns files, and you've selected an NT server to be your new DNS server. You'll have to reboot the new server during the recovery process, so choose a machine that can be down for a couple of minutes.

If the system isn't already running TCP/IP, install TCP/IP. Set the IP address of your new DNS server to the IP address of your recently deceased DNS server. If you don't want to change your new DNS machine's IP address—if, for example, the machine is your mail server—I think you can just assign the machine the dead DNS server's IP address as a second IP address. However, I've never tried making the DNS address the recovery server's second address, so I can't guarantee that this method won't cause problems.

Next, install the DNS service on the system. The installation program will tell you to reboot the system, but don't reboot yet. You need to reapply your favorite service pack and reboot after that installation. You can save time by reapplying the service pack before rebooting, and you'll have to reboot only once.

After you apply the service pack but before you reboot, look in winntsystem32. You'll see that the winntsystem32dns directory is in place. Put the failed server's .dns, dns.log, and BOOT files in winntsystem32dns. Now reboot, and DNS Server will finish its configuration. A newly installed DNS service looks around the winntsystem32dns directory and, if it finds a BOOT file in that directory, automatically uses the BOOT file to configure itself.

Disaster recovery of a DNS server is fairly easy if you've prepared properly. Just follow my steps, and you'll have an instant DNS brain transplant.