Tech Line

DNS Backups Without the Baggage

How to back up DNS independent of the System State.

Chris: I have seen that several Windows network service databases such as WINS and DHCP can be backed up independently of the system state. I'd like to do something similar with my DNS zone data, but haven’t found a tool or script to do the job. Can you help?
— Anonymous

Anonymous: While at times I love Microsoft’s concept of the System State, sometimes it reminds me of my wife. When I start one task, I often hear her start a sentence with "While you’re at it..." You can go ahead and fill in the sentence, as I’m sure you’ve heard something similar. This weekend, while mowing the lawn I heard "While you’re at it, why don’t you re-caulk the tub in the bathroom?" This question, of course, got me to thinking about the Windows System State (I hope I’m not alone out there in my twisted way of thinking!). After all, if you want to back up your DNS configuration, the OS says "While you’re at it, why don’t you back up DHCP, the Registry, the Event Logs, blah, blah, blah ...." While backing up and restoring your entire system configuration can be helpful in terms of completely rebuilding a failed system with all system files intact, many administrators want the flexibility to selectively back up individual parts of the system state.

Tech Help—Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the MCPmag.com editors at mailto:editor@mcpmag.com; the best questions get answered in this column; MCPmag.com baseball caps go to the published submitter.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

With DNS, backing up primary and secondary zones independent of the system state is a pretty simple process. You can use the xcopy command to back up all zone text files on a DNS server. This command would back up the contents of the default DNS folder to the "D:\backups\dns" folder:

xcopy %systemroot%\system32\dns d:\backups\dns /y

Unfortunately, the process isn’t as simple for Active Directory-integrated DNS zones. For these zones, the support tool dnscmd.exe can get the job done. To back up any DNS zone with dnscmd.exe, you just need to use the /zoneexport switch with the command. To back up the MCPmag.com zone locally on a DNS server, you'd run:

dnscmd /zoneexport mcpmag.com backup\mcpmag.com.dns.bak

This command writes a copy of the mcpmag.com zone to the %systemroot%\system32\dns\backup\mcpmag.com.dns.bak file. Note that the command doesn't overwrite existing files, so if you’re including it with a backup script, be sure to move the file to an alternate location after the export completes, or to rename or delete the current backup file before you run a new dnscmd /zoneexport job.

If you need to re-create a new zone from the export file, you’ll find that you can do this by using dnscmd.exe with the /zoneadd switch. The only catch with this approach is that if you’re looking to recover an AD-integrated zone, you need to add the zone as a primary first and then convert it to AD-integrated. For example, to recover my mcpmag.com zone, I'd run:

dnscmd /zoneadd mcpmag.com /primary /file mcpmag.com.dns.bak /load

Here, note that the backup file needs to reside in the %systemroot%\system32\dns folder for it to be properly discovered. Use the /load switch to tell the command to load the configuration from the existing file. Without it, the command will create a new zone data file that will overwrite the contents of the backup file.

After adding the zone to the DNS server, you can convert it to an AD-integrated zone by running:

dnscmd /zoneresettype mcpmag.com /dsprimary

At this point, you can then enable secure dynamic updates for the zone by running:

dnscmd /config mcpmag.com /allowupdate 2

This command configures the zone to accept only secure dynamic updates, as specified by the allowupdate value of 2 (use 0 to specify No dynamic updates, 1 for nonsecure and secure dynamic updates).

As an alternative, you may want to take a look at the DNS Dump script written by Microsoft MVP and technical trainer Dean Wells. You can download this script at http://www.reskit.net/DNS/dnsdump.cm_. Note that you will need to rename the downloaded file to dnsdump.cmd for it to execute properly. For help on using the tool, after you've downloaded and renamed the file, from the command shell navigate to the directly when the dnsdump.cmd file exists and run dnsdump /?. Not only will this tool back up a DNS zone, but it will also back up the complete configuration of a DNS server (yes, Registry values too!), as well as all primary, secondary, and AD integrated zones in one operation. This is accomplished by running dnsdump with the "export" option.

While the System State backup is always an option for DNS and should still be performed at regular intervals, dnscmd.exe or dnsdump.cmd should provide the DNS backup flexibility you’re looking for.

[Chris Wolf has just released Virtualization: From the Desktop to the Enterprise (Apress) and welcomes your virtualization questions for this column. —Editors]

About the Author

Chris Wolf is a Microsoft MVP for Windows --Virtual Machine and is a MCSE, MCT, and CCNA. He's a Senior Analyst for Burton Group who specializes in the areas of virtualization solutions, high availability, storage and enterprise management. Chris is the author of Virtualization: From the Desktop to the Enterprise (Apress), Troubleshooting Microsoft Technologies (Addison Wesley), and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).learningstore-20/">Troubleshooting Microsoft Technologies (Addison Wesley) and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).

comments powered by Disqus

SharePoint Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.