Should all domain controllers be listed in DNS (and where)?
When I took over this school the servers were in a bit of a mess. One was failing and the other had failed.
When I got things back up and running there were all kinds of nasties in the DNS. I cleared out anything I thought shouldn't be there and brought in a second domain controller.
It seems to be doing it's job ok but every so often there's an error in the event log. I had originally put it down to problems with Windows Server 2003 64 bit edition and a compatibility issue.
But looking in the DNS I find entries for this DC in all areas where the other DC is.
Only one of the servers handles DNS, so should all these entries for the second DC also be in the same place, or should the only entry be in the forward and reverse look up zones alongside all the other machines on the network?
Ideally I'd like to introduce a new DC to see what gets added where, then decomission the 64 bit horror, but no funds or equipment are available to do this.
All DCs should technically run DNS in AD integrated mode to allow for full redundancy of the service, If the other DC is running DNS it should be in all the same places that the working one is, if not it will probably only have some host (A) records in there.
If both servers are domain controllers, then both should be running DNS in AD integrated mode (recommended). It is possible however to run DNS not AD integrated, but not many people have good reason to do this.
Both servers should also be setup as Global Catalogs to simplify your setup. You also have the option of adding DHCP redundancy, but this is optional and wouldn't affect your current setup.
Speaking of DHCP, both your DNS servers should be listed, then any external DNS servers. Each of your servers however should look to themselves as the primary DNS (using a static IP configuration).
Rebooting a workstation and typing ipconfig /all from a command prompt should display both DNS servers.