Windows Thread, DNS setting on DCs in Technical; Hello,
Just what are the DNS settings on DCs (running AD integrated DNS) supposed to be? Are they supposed to ...
22nd July 2008, 12:47 PM #1
DNS setting on DCs
Just what are the DNS settings on DCs (running AD integrated DNS) supposed to be? Are they supposed to use themselves with no
I have 2 DCs, each is also hosting AD integrated DNS. A few months ago, one of them had trouble: lots of Userenv 1030 and 1058 errors.
I've tried the recomended practice of leaving the DCs DNS address blank, making them to use themselves for DNS. Then the problem appeared and I entered thier own addresses for DNS, essentially the same, but it cleared the problem for a while. Now it's back again.
What's best: they use themselves for DNS, or each use the PDC for DNS, or should they use themselves as primary DNS with each other as secondary DNS?
I'm working through MS KB 887303 now. I just wondered what everyone else did.
Last edited by OverWorked; 22nd July 2008 at 12:49 PM.
Reason: added a bit
22nd July 2008, 01:07 PM #2
I was told by an MS staffer that the best way is to have them all pointing to one DC on site for primary and then to themselves for secondary resolution. This way it is easier to avoid the DNS island issue when starting a DC with AD integrated DNS. This isn't supposed to be an issue on 2003 though.
Last edited by cookie_monster; 22nd July 2008 at 01:17 PM.
Thanks to cookie_monster from:
OverWorked (23rd July 2008)
22nd July 2008, 01:19 PM #3
but a local lookup will be much quicker. I still think it's best a primary as itself and secondary as another DC for use during boot.
22nd July 2008, 01:19 PM #4
Agree with @Cookie_Monster - I've always known this to be the way to do it.
If you have 1 DC then you point it at itself (don't leave it blank; set it to 127.0.0.1 - this is what will happen when you set up a new domain and let the wizard configure DNS for you)
If you have 2 then point them at each other for primary and themselves for secondary.
When you have lots, point them at another DC on the same site for primary and a DC on another site for secondary.
I think DNS island problems were mostly cleared up with Server 2003 but we had that problem years ago on 2000 Server and it was hard work getting it fixed!
22nd July 2008, 01:26 PM #5
Remember, the DC will actually do very little in the way of DNS lookups for itself.
Originally Posted by DMcCoy
It will service lots of requests if it's hosting the DNS role but for itself it just needs to find info about where the other DCs etc are. Once that info has been found it will be cached.
Even if it did need lots of lookups, DNS is a very lightweight protocol (watch it with Wireshark) so it's not going to mess up the network.
22nd July 2008, 01:27 PM #6
Thanks to Diello from:
OverWorked (23rd July 2008)
22nd July 2008, 01:34 PM #7
Oddly i was told by the same MS staffer not to use the loopback adaptor 127.0.0.1 but to use it's actual IP address but as you say the wizard sometimes sets it as the loopback address.
22nd July 2008, 01:53 PM #8
Thanks everyone. I'll set the problematic DC to use the other DC (the PDC) as primary DNS, and itself as secondary. I'm not convined it'll clear the problem, which I think is symptomatic of something else, though.
I've been having a few other little problems with AD not replicating. Just occasionally, not always. I thought it may be DNS related.
22nd July 2008, 02:10 PM #9
Have you run netdiag and dcdiag?
23rd July 2008, 11:16 AM #10
@srochford: thanks. I'd already tried that, and it seemed to work for a while and the problems came back. This suggests that the problem may not be DNS related at all - I may be barking up the wrong tree.
(Aside: Whenever I've had trouble with AD, the cause has alway been DNS related. A DC needs DNS to be able to find itself! Once I logged onto a 2003 PDC as domain admin, tried to access GPMC, and was told it couldn't find the DC - scary at the time. Fixed it by adding a root domain DNS entry).
@cookie_monster: I've gone with the 'point them both to the PDC' option. I'll monitor it to see if the prob comes back.
Thanks everyone. The problem's gone away now. netdiag and dcdiag showing no errors. I'm not convinced it won't come back, though!
By Steven in forum Wireless Networks
Last Post: 22nd February 2008, 01:34 PM
By Norphy in forum Thin Client and Virtual Machines
Last Post: 6th February 2007, 01:35 PM
By timbo343 in forum Windows
Last Post: 3rd January 2007, 06:16 PM
By browolf in forum Windows
Last Post: 18th October 2006, 12:06 PM
By tickmike in forum Windows
Last Post: 10th August 2006, 10:12 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)