Backup and Restore An Active Directory Integrated DNS Zone

Backup and Restore An Active Directory Integrated DNS Zone

In this lab, we will learn the steps to Backup and Restore an Active Directory Integrated DNS zone in windows server. DNS is one of the core components of Active Directory Domain Services. The backup of the AD integrated DNS zones is very important.

By default, DNS service stores all information such as logs, basic DNS files, and backups under the DNS folder located under “%systemdrive%/Windows/System32”.

Active Directory Integrated DNS stores its data in the Active Directory database, we can back it up by using Active Directory backup and restore it by using AD restore. The Active Directory restoration process is time-consuming and it leads to increased downtime, which impacts productivity.

Luckily, it’s possible to back up a DNS server using the DNSCMD command-line tool and PowerShell.

How to Backup the AD Integrated DNS zone:

In this lab, we will use the DNSCMD command to backup (export) yourname.local Active Directory Integrated DNS zone.

You can search for Powershell from the search bar and running it as administrator by right clicking on the Powershell icon and selecting Run as administrator.

To back up the harchit.local zone locally on a DNS server, you’d run the below command on the DNS server:

dnscmd /zoneexport harchit.local harchit.local.dns.backup

Note: harchit.local is the name of the domain controller.

This command creates a copy of the harchit.local zone to the %systemroot%/system32/harchit.local.dns.backup file.

How to Restore the AD Integrated DNS zone using the GUI method:

Disclaimer:

The following instructions shown below should never be done in a production environment; these steps are demonstrated to show the restore process with the intent of educating the reader as well as to reiterate the importance of keeping a backup.

In the DNS Manager Console, select the Forward Lookup Zones folder and right-click on the domain name. Select Delete.

Confirm the action by clicking Yes

Another warning will pop up notifying you about the changes, click Yes to proceed.

Using the File Explorer, access the dns file folder by going to: %SystemRoot%\System32\dns

After deleting the DNS file, take note of the file type of the dns backup file which was created earlier. We can rename our backup file from harchit.local.dns.backup to harchit.local.dns.

Click Yes to confirm.

You will notice that the file type has changed from BACKUP File to DNS File. This is what we will be using to restore our dns Forward Lookup Zone file.

DNS Restore

On the New Zone Wizard, Click Next.

On the Zone Type Wizard, select Primary zone and uncheck the Store the zone in Active Directory (available only if DNS server is a writable domain controller).

On the Zone Name Wizard, type the name of the zone being restored. In our case, it is harchit.local, click Next.

Rename the file from harchit.local.dns.backup to harchit.local.dns (remove the .backup extension).

On the Zone File Wizard, select the option Use this existing file and give the path of the file (our file is stored in %systemroot%/system32/dns so we have given harchit.local.dns). Click on Next.

On the Dynamic Update wizard page, select Do not allow dynamic updates and Click Next.

On the Completing the New Zone Wizard page, click Finish.

Allowing Dynamic DNS Updates from the Restored DNS File

At this point, we were able to restore the dns file, which was deleted earlier. However, it only shows that it is a Standard DNS file which requires manual updates to be done frequently. This time we will make sure that we configure the file to allow dynamic updates.

From the DNS Manager console, click on Forward Lookup Zones and right click on the dns file we have just restored (for this scenario, it’s harchit.local) then select Properties.

Click the Change button at Type: Primary field.

On the Change Zone Type page, make sure the Primary zone is selected and select the option Store the zone in Active Directory (available only if DNS server is a domain controller) and click OK.

Click Yes to confirm the change.

Select Secure only at the Dynamic updates field.

Click on Apply and OK button to convert the standard primary zone into Active Directory Integrated DNS zone.

Finally, we have Active Directory Integrated DNS Zone up and running, restored from the existing backup file.