+ Post New Thread
Results 1 to 12 of 12
Windows Server 2008 R2 Thread, What should your DC's point to for DNS in Technical; Hi, Just a quick question. We have 3 Domain Contorllers here. All 3 are DNS servers. On the DNS setting ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,092
    Thank Post
    891
    Thanked 1,741 Times in 1,501 Posts
    Blog Entries
    12
    Rep Power
    456

    What should your DC's point to for DNS

    Hi,

    Just a quick question.

    We have 3 Domain Contorllers here. All 3 are DNS servers. On the DNS setting what on each on the servers NIC what should they point to? Should they only point to themselves or should they point to each other?

    Thanks

  2. #2
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,987
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    107
    I use primary to loopback eg 127.0.0.1 and secondary one of the other servers. I think you could add the third via one of the advanced tabs.

  3. #3
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,546
    Thank Post
    363
    Thanked 264 Times in 216 Posts
    Rep Power
    101
    Themselves, Unless you have two servers doing DNS for the same subnet, then i point them at each other, for example i have 22 Vlans here, 10 of which have their own DNS and DHCP servers, each points at itself but the clients are set to pickup multiple DNS servers via DHCP, so if one dies it should fall back to the other (not actually had a chance to test this in practice ¬_¬) but on our infrastructure Vlan we have a PDC and a BDC that both point to themselves primary and each other as secondary.

    That said, everyone has their own way of doings things so wether mine is the correct or just a different way of doing things is another matter altogether

    To be honest it doesn't hurt to have them set to point at each other, but it also doesn't hurt not to, I'd say there is no right or wrong just different ways of setting up failover.

  4. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    Point to themselves first, then each other:

    Server1: 192.168.1.1, 192.168.1.2, 192.168.1.3

    Server2: 192.168.1.2, 192.168.1.1, 192.168.1.3

    Server3: 192.168.1.3, 192.168.1.1, 192.168.1.2

    This is presuming all three are DNS servers of course!

  5. #5

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,640
    Thank Post
    925
    Thanked 1,340 Times in 819 Posts
    Blog Entries
    1
    Rep Power
    448
    DC1:
    127.0.0.1
    DC2
    DC3

    DC2:
    127.0.0.1
    DC1
    DC3

    DC3:
    127.0.0.1
    DC1
    DC2

    Thats roughly what I would use.

  6. Thanks to ZeroHour from:

    mac_shinobi (5th August 2011)

  7. #6
    chrisbrown's Avatar
    Join Date
    Aug 2010
    Location
    Melbourne, Australia
    Posts
    103
    Thank Post
    2
    Thanked 16 Times in 14 Posts
    Rep Power
    17
    I asked this very question of an MCT, he told me that they should look at *other* DCs first:

    DC1 should look like: 2,3,1
    DC2 should look like: 3,1,2
    DC3 should look like: 2,1,3

    However I've just put the word out to some friends on Twitter, we'll see what comes back.

  8. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    Quote Originally Posted by chrisbrown View Post
    I asked this very question of an MCT, he told me that they should look at *other* DCs first:

    DC1 should look like: 2,3,1
    DC2 should look like: 3,1,2
    DC3 should look like: 2,1,3

    However I've just put the word out to some friends on Twitter, we'll see what comes back.
    That doesn't really make any sense. If all your servers are in different locations and the link between them goes down, pointing to itself first makes a lot of sense If your servers are pointing to each other and the link goes down, you're going to get a lot of DNS errors.

  9. #8
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,987
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    107
    I have heard of that method before and I don't agree with it either. The reasoning used to be that the network client started before the local DNS server service and would therefore not be able to use the local server for a while. This is really only in the case in much older versions of Windows server and these days with 2008 etc there is background zone loading where it doesn't have to wait for the whole zone to be loaded to service clients. Again though this is only an issue on very big zones.

  10. #9

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,847
    Thank Post
    3,361
    Thanked 1,061 Times in 981 Posts
    Rep Power
    366
    Quote Originally Posted by ZeroHour View Post
    DC1:
    127.0.0.1
    DC2
    DC3

    DC2:
    127.0.0.1
    DC1
    DC3

    DC3:
    127.0.0.1
    DC1
    DC2

    Thats roughly what I would use.
    +1 to this from me - not just if the link goes down if DNS Servers are in different locations but also if the place you are working at whether a school or otherwise has to change ip range then if you use loopback address then changing ip range won't or shouldnt make any difference because the DNS Servers are pointing to themselves first before anything else.

    I think that is correct - could be wrong

  11. #10

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,117
    Thank Post
    598
    Thanked 1,054 Times in 811 Posts
    Blog Entries
    15
    Rep Power
    471
    Whoever that MCT is want's shooting - the above reasons are very correct. What's more, MS's own documentation for AD etc all tell you to use localhost as the first DNS server. Even the install wizard for AD tells you that, I believe!

  12. #11

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,817
    Thank Post
    272
    Thanked 1,138 Times in 1,034 Posts
    Rep Power
    350
    Quote Originally Posted by ZeroHour View Post
    DC1:
    127.0.0.1
    DC2
    DC3

    DC2:
    127.0.0.1
    DC1
    DC3

    DC3:
    127.0.0.1
    DC1
    DC2

    Thats roughly what I would use.
    Yup Same as this - although to add something else into the mix how many dc's/Dns servers should people be having? I know it depends on total pcs but thought i would ask anyway.

    if needs be i will create another thread.

    I personally have around 900 clients and 2 dc's - one physical and 1 Virtual.

  13. #12

    Join Date
    Dec 2007
    Posts
    873
    Thank Post
    90
    Thanked 165 Times in 140 Posts
    Rep Power
    49
    Domain controller with DNS installed

    On a domain controller that also acts as a DNS server, Microsoft recommends that you configure the domain controller's DNS client settings according to these specifications:

    If the server is the first and only domain controller that you install in the domain, and the server runs DNS, configure the DNS client settings to point to that first server's IP address. For example, you must configure the DNS client settings to point to itself. Do not list any other DNS servers until you have another domain controller hosting DNS in that domain.

    During the DCPromo process, you must configure additional domain controllers to point to another domain controller that is running DNS in their domain and site, and that hosts the namespace of the domain in which the new domain controller is installed. or if using a 3rd-party DNS to a DNS server that hosts the zone for that DC's Active Directory domain. Do not configure the domain controller to utilize its own DNS service for name resolution until you have verified that both inbound and outbound Active Directory replication is functioning and up to date. Failure to do so may result in DNS “Islands”.

    After you have verified that replication has completed successfully, DNS may be configured on each Domain Controller in either of two ways, depending on the requirements of the environment. The configuration options are:

    Configure the Preferred DNS server in TCP/IP properties on each Domain Controller to use itself as Primary DNS Server.

    Advantages:
    Ensures that DNS queries originating from the Domain Controller will be resolved locally if possible. Will minimize impact of Domain Controller’s DNS queries on the network

    Disadvantages:
    Dependant on Active Directory replication to ensure that DNS zone is up to date. Lengthy replication failures may result in an incomplete set of entries in the zone.

    Configure all Domain Controllers to use a centralized DNS server as their Preferred DNS Server.

    Advantages:
    Minimizes the reliance on Active Directory replication for DNS zone updates of Domain Controller locator records. This includes faster discovery of new or updated Domain Controller locator records, as replication lag time is not an issue.
    Provides a single authoritative DNS server, which may be useful when troubleshooting Active Directory replication issues

    Disadvantages:
    Will more heavily utilize the network to resolve DNS queries originating from the Domain Controller
    DNS name resolution may be dependant on network stability; loss of connectivity to the Preferred DNS server will result in failure to resolve DNS queries from the Domain Controller. This may result in apparent loss of connectivity, even to locations that are not across the lost network segment.

    A combination of the two strategies is possible, with the remote DNS server set as Preferred DNS server, and the local Domain Controller set as Alternate (or vice versa).
    While this strategy has many advantages, there are factors that should be considered before making this configuration change:

    The DNS client does not utilize each of the DNS servers listed in TCP/IP configuration for each query. By default, on startup the DNS client will attempt to utilize the server in the Preferred DNS server entry. If this server fails to respond for any reason, the DNS client will switch to the server listed in the alternate DNS server entry. The DNS client will continue to use this alternate DNS server until:

    It fails to respond to a DNS query, or:

    The ServerPriorityTimeLimit value is reached (15 minutes by default). For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    286834 (The DNS Client service does not revert to using the first server in the list ) The DNS Client service does not revert to using the first server in the list.


    Source: Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

  14. Thanks to MYK-IT from:

    ZeroHour (6th August 2011)

SHARE:
+ Post New Thread

Similar Threads

  1. What do YOU want a VLE to do for you?
    By vlegeek in forum Virtual Learning Platforms
    Replies: 5
    Last Post: 15th March 2009, 10:04 PM
  2. For Information - What are your pay scales?
    By ninjabeaver in forum Educational IT Jobs
    Replies: 3
    Last Post: 5th February 2008, 05:54 PM
  3. Replies: 41
    Last Post: 6th November 2007, 05:59 PM
  4. What is your school policy for pupils who access porn?
    By woody in forum School ICT Policies
    Replies: 24
    Last Post: 8th November 2005, 10:47 PM
  5. What's your Minimum Spec for XP
    By mark in forum Windows
    Replies: 17
    Last Post: 30th June 2005, 09:42 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •