DNS setting on DCs
Just what are the DNS settings on DCs (running AD integrated DNS) supposed to be? Are they supposed to use themselves with no
I have 2 DCs, each is also hosting AD integrated DNS. A few months ago, one of them had trouble: lots of Userenv 1030 and 1058 errors.
I've tried the recomended practice of leaving the DCs DNS address blank, making them to use themselves for DNS. Then the problem appeared and I entered thier own addresses for DNS, essentially the same, but it cleared the problem for a while. Now it's back again.
What's best: they use themselves for DNS, or each use the PDC for DNS, or should they use themselves as primary DNS with each other as secondary DNS?
I'm working through MS KB 887303 now. I just wondered what everyone else did.
I was told by an MS staffer that the best way is to have them all pointing to one DC on site for primary and then to themselves for secondary resolution. This way it is easier to avoid the DNS island issue when starting a DC with AD integrated DNS. This isn't supposed to be an issue on 2003 though.
but a local lookup will be much quicker. I still think it's best a primary as itself and secondary as another DC for use during boot.
Agree with @Cookie_Monster - I've always known this to be the way to do it.
If you have 1 DC then you point it at itself (don't leave it blank; set it to 127.0.0.1 - this is what will happen when you set up a new domain and let the wizard configure DNS for you)
If you have 2 then point them at each other for primary and themselves for secondary.
When you have lots, point them at another DC on the same site for primary and a DC on another site for secondary.
I think DNS island problems were mostly cleared up with Server 2003 but we had that problem years ago on 2000 Server and it was hard work getting it fixed!
Remember, the DC will actually do very little in the way of DNS lookups for itself.
Originally Posted by DMcCoy
It will service lots of requests if it's hosting the DNS role but for itself it just needs to find info about where the other DCs etc are. Once that info has been found it will be cached.
Even if it did need lots of lookups, DNS is a very lightweight protocol (watch it with Wireshark) so it's not going to mess up the network.
Oddly i was told by the same MS staffer not to use the loopback adaptor 127.0.0.1 but to use it's actual IP address but as you say the wizard sometimes sets it as the loopback address.
Thanks everyone. I'll set the problematic DC to use the other DC (the PDC) as primary DNS, and itself as secondary. I'm not convined it'll clear the problem, which I think is symptomatic of something else, though.
I've been having a few other little problems with AD not replicating. Just occasionally, not always. I thought it may be DNS related.
Have you run netdiag and dcdiag?
@srochford: thanks. I'd already tried that, and it seemed to work for a while and the problems came back. This suggests that the problem may not be DNS related at all - I may be barking up the wrong tree.
(Aside: Whenever I've had trouble with AD, the cause has alway been DNS related. A DC needs DNS to be able to find itself! Once I logged onto a 2003 PDC as domain admin, tried to access GPMC, and was told it couldn't find the DC - scary at the time. Fixed it by adding a root domain DNS entry).
@cookie_monster: I've gone with the 'point them both to the PDC' option. I'll monitor it to see if the prob comes back.
Thanks everyone. The problem's gone away now. netdiag and dcdiag showing no errors. I'm not convinced it won't come back, though!