Windows Server 2012 R2

Configuring DNS Backup and Recovery in Windows Server 2012 R2

DNS is a core piece of AD DS infrastructure. AD DS relies heavily on DNS name resolution. When DNS Server disaster occurs, we need to restore DNS zone to a previous state as soon as possible. For this scenario, we have two options to perform this operation. First one is AD DS authoritative restore, an authoritative restore of Active Directory would take time consuming, complex and also requires the use of backups and restart of DCs. The second option is to use DNSCMD.exe command line tool to back up your zones to a text file, which is available for Windows Server 2003 (Support Tools) or natively in Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2. DNSCMD restore takes few minutes to restore a zone. It applies to both forward and reverse zones, either text-based or Active Directory-Integrated.

Here, we create scenario like this:

  • First, we backup DNS zones using DNSCMD command line tool.
  • Second ,we delete DNS zones from server for creating the disaster.
  • Finally, we restore zone from a file created with DNSCMD command.

Take a backup of zone to a text file using DNSCMD command line tool:

1. Logon to Domain Controller, Open Windows PowerShell and type the following commands to backup DNS zones.

Open Powershell





dnscmd KTM-DC01-2K12 /ZoneExport backup\

dnscmd KTM-DC01-2K12 /ZoneExport backup\

where KTM-DC01-2K12 is dnsserver name. The backup copy (text file) of the DNS Zone will be saved to
C:\Windows\System32\dns\backup folder

dnscmd Command

2. Open explorer and navigate to the C:\Windows\System32\dns\backup folder to verify its contents.

Related Post  Install an Additional Domain Controller from IFM (Install From Media)

Verify backup contents


Deleting DNS zones from our server for disaster:

1. Open DNS Manager Console.

2. Expand the KTM-DC01-2K12 node, then expand Forward Lookup Zones, select the zone, right Click and Click Delete.

delete zone

. On the DNS dialog box, Click Yes twice to remove the zone from both Active Directory and the DNS Server.

delete zone Yes

Waring to remove the zone


Use DNSCMD command line tool to restore the domain DNS zone:

1. Open DNS Manager Console.

2. Expand the Server, KTM-DC01-2K12, then right click Forward Lookup Zone and Click New Zone..


. On the New Zone Wizard, Click Next.


. On the Zone Type Wizard, select Primary zone  and Uncheck the Store the zone in Active Directory (available only if DNS server is a writeable domain controller)


On the Zone Name Wizard, type the name of the zone being restored, and click Next.


On the Zone File Wizard, select the option Use this existing file and Click Next.


Make sure the current backup of the is present in the following path,C:\Windows\System32\dns\backup .


Copy the file to the parent folder (C:\Windows\System32\dns). Rename the file from to (remove the .bkp extension). Click Yes.





7.  Now go back to the Zone File Wizard, and click Next.


On the Dynamic Update wizard page, select Allow both nonsecure and secure dynamic updates and Click Next.


On the Completing the New Zone Wizard page, Click Finish.


Make sure the is created. Then right Click the zone and select Properties.



11. On the Properties dialog page, Click the Change.. button at Type: Primary field.

Related Post  Install an Additional Domain Controller from IFM (Install From Media) in Windows Server 2012


12. On the Change Zone Type page, make sure Primary zone is selected and select the option Store the zone in Active Directory (available only if DNS server is a domain controller) and click OK.


On the DNS dialog box, Click Yes to accept the change.


On the zone Properties page, select Secure only at Dynamic updates field.


. Finally, we should have our DNS Zone up and running..



AD DS relies heavily on DNS name resolution. The above article outlines how to carry out DNS backup and recovery operations. I hope this can be largely beneficial to the users. It was my field experience during my career.

Leave a Reply

Your email address will not be published. Required fields are marked *