Mar 5, 2016

How to Migrate DNS servers from Linux to Windows (Part 1)

This is the first article of a two-part series on migrating BIND name servers running Linux to Windows Server DNS servers. In this article, I am going to walk you through the steps to migrate off a Linux box for DNS and migrate services to a Windows Server 2012 R2 computer.
I am doing this currently for one of my customers who is hosting their DNS on an out of date Red Hat Linux server. We are then using a third party to manage the DNS traffic and our master server provides zone updates to those machines and does not serve any public traffic.


Introduction

A properly functioning Domain Name Services (DNS) infrastructure is essential for Active Directory environments. The simplest way of course to set up DNS name servers with Active Directory is to install and configure the DNS Server role on your Windows Server domain controllers. For various reasons however, some organizations already have deployed or may choose to deploy Linux name servers running the Berkeley Internet Name Daemon (BIND) implementation of DNS.

Linux BIND servers are lightweight and fast name servers that are easy to manage if you have basic knowledge of Linux administration, and provided they're running modern versions of BIND they're also interoperable with Active Directory domain controllers. In larger organizations there may also be political reasons for keeping your existing BIND servers instead of migrating them to Windows Server DNS. For example, the administrators of your current DNS infrastructure may be unwilling to relinquish their control over DNS to Active Directory admins. And when two companies merge or an acquisition occurs, existing cultures of Linux and Windows Server administration may clash.

 

Preparing the Linux box

On the Linux box we need to ensure that zone transfers to the new Windows boxes are allowed.
Edit the named.conf file, which in this server’s case is located in /etc/named. For each of the domains that we wish to migrate to the new server we should check that there is a line, which is written like this example:
allow-transfer { 192.168.1.8; };







 Figure 1: Step 1 of migrating a Linux BIND name server to a Windows Server DNS server.

This grants permission to this DNS server to allow a zone transfer to another box. Any current secondary servers will need to be here and we need to add the IP of our server. Once we have added the IP address of our new Windows Server 2012 R2 server for each domain, we are ready to move on to the next step of preparing the Windows Server.

 

Preparing the Windows Server

Install Windows, name the box and give it an IP address. The IP you give it should match what you configured in Linux for the allow transfer.

Next add the DNS Server role to the server, once it is added, open the DNS console.

Figure 2: Step 2 of migrating a Linux BIND name server to a Windows Server DNS server.

Right-click on Forward Lookup Zones and then add the first domain. In my first example I am using carttan.ca:

Figure 3: Step 3 of migrating a Linux BIND name server to a Windows Server DNS server.

Click Next:
Figure 4: Step 4 of migrating a Linux BIND name server to a Windows Server DNS server.

Click on Secondary Zone and click Next:

Figure 5: Step 5 of migrating a Linux BIND name server to a Windows Server DNS server.

Enter in the DNS name for the zone you are creating. Then click Next:

Figure 6: Step 6 of migrating a Linux BIND name server to a Windows Server DNS server.

Enter in the IP Address of the Master DNS server, press enter and then when it goes green, click Next. If it doesn’t go green, then there is an issue and check the Linux server:

Figure 7: Step 7 of migrating a Linux BIND name server to a Windows Server DNS server.

Click Finish to close the wizard and return to the DNS Manager console:


Figure 8: Step 8 of migrating a Linux BIND name server to a Windows Server DNS server.

Check that the records are coming across properly.
Repeat these steps for each and every domain that needs to be migrated.

Promoting the Windows Server to Primary Master for the DNS Zone

Right click on the Zone and go to properties to convert from Secondary to Master Server:
Figure 9: Step 9 of migrating a Linux BIND name server to a Windows Server DNS server.

Click on Change:


Figure 10: Step 10 of migrating a Linux BIND name server to a Windows Server DNS server.

Click on Primary Zone and click OK.
Next click on the Zone Transfers tab:

Figure 11: Step 11 of migrating a Linux BIND name server to a Windows Server DNS server.

Click on Allow Zone Transfers and click on Only To The Following Servers. Click Edit and enter the information for the servers you want to be secondary servers. These will be the servers you direct internet traffic to. These could be secondary servers hosted anywhere. I have also configured my firewall to allow DNS traffic to these servers only.

Next we will configure the Start of Authority record. We need to change the primary server. Here we will use one of our external responding servers as our primary. Also set the Responsible person and be sure to increment the serial number once you are complete with the changes:

Figure 12: Step 12 of migrating a Linux BIND name server to a Windows Server DNS server.

 

Setting up the Secondary DNS Servers

Install Windows, name the box and give it an IP address.

Next add the DNS Server role to the server, once it is added, open the DNS console. This should be familiar as these are the steps we’ve already completed with setting up the master DNS server:

Figure 13: Step 13 of migrating a Linux BIND name server to a Windows Server DNS server.

Right-click on Forward Lookup Zones and then add the first domain. Again, in my example, I am using carttan.ca:

Figure 14: Step 14 of migrating a Linux BIND name server to a Windows Server DNS server.

Click Next:






Figure 15: Step 15 of migrating a Linux BIND name server to a Windows Server DNS server.

Click on Secondary Zone and click Next. The steps to follow are identical to what we first completed when we setup the first Windows Server prior to making it a master server.

Check that the records are coming across properly. Repeat these steps for each domain that needs to be migrated.

Create a new record for your external DNS servers. These need to be addresses that are externally routable (which I have not used in my example here), next add them into your DNS servers in the Name Servers tab removing the one server that is listed for internal. In my example I only have one server showing up now:

Figure 16: Step 16 of migrating a Linux BIND name server to a Windows Server DNS server.

As you can see in the above example, there is no mention of ns1.carttan.ca which is the master server for these domains. Next let’s turn off DNS resolution for any domain which we do not host. Right click on the name of the server and go to the advanced tab. Check Disable recursion:

Figure 17: Step 17 of migrating a Linux BIND name server to a Windows Server DNS server.

The final steps to complete are changing your internet registration files so that the DNS servers are pointed to the new external servers.

 

Conclusion

In the second article of this two-part series we'll examine some other issues associated with migrating DNS from BIND to Windows Server and will provide some additional resources on the topic.


Post a Comment

 
TECH SUPPORT © 2012 - Designed by INFOSBIRD