Monday, February 28, 2011 9:18 PM
Did a best practice analyzer scan of the DNS role in a Windows 2008 R2 domain controller and it came back with an error saying that:
"DNS servers on Local Area Connection should include the loopback address, but not as the first entry" error.
I added 127.0.0.1 as the second DNS server and re-ran the scan but the error still shows up.
What am I doing wrong?
Monday, February 28, 2011 10:11 PM
did you run ipconfig /flushdns and ipconfig /registerdns before running it again?
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Monday, February 28, 2011 10:29 PM
Thanks but no go.
Monday, February 28, 2011 10:34 PM
Hmmm..a bug perhaps?
Tuesday, March 01, 2011 6:39 AMModerator
I guess rule might be updated with SP1 released in windows 2008 R2. Installing SP1 might get rid of the error.
Take a look at below updates from Ned.
Awinish Vishwakarma| MY Blog
Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Friday, March 11, 2011 8:08 AM
Did you find out how to resolve this? I have updated to SP1 and am now getting this configuration error, RTM never complained that I had a misconfiguration. I currently have the loopback (127.0.0.1) as the 3rd DNS address after the primary and alternative DNS servers.
I've tried disabling IPv6 and giving IPv6 static DNS settings along with the loopback address.
I think it's a bug as I get the error with or without IPv6 enabled and with the loopback address defined, I also tried this in a VM with a single NIC my DCs are physical with NIC teaming configured (to rule out the teaming software).
dcdiag however works now on teamed adapters and that is nice lol, now if only BPA would spit out the results I'd prefer to see;-)
Monday, March 14, 2011 1:39 AMModeratorHi,
What the exact error message are you getting? The error message is the same as before? Please post an unedited ipconfig /all from the DC in question.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
Wednesday, April 18, 2012 9:28 PM
I know this is a really old thread, but I've found that, in a2k8 R2 environment where we've disabled IPv6, the BPA will flag not only if the loopback is missing [or is the primary] but it will ALSO flag if the server's assigned [non-loopback] address appears in the list BEFORE the loopback address.
We have 2 data centers and 2 DCs for each domain in each data center. Our standard practice was to use local address as primary, the local peer DC [same domain] as secondary and the 2 peer DCs in alternate data center [same domain] as 3rd & 4th. I have determined using the local peer DC as primary, loopback as secondary and the alternate datacenter peer DCs as 3rd & 4th will not be flaged by BPA, but am unclear if it's a good standard overall. I asked a Microsoft guy about it during an unrelated support call and he said there was nothing wrong with my configuraiton, but he also said the BPA is questionable on this point [loopback address] and he personally always used the local address as primary and ignores BPA (jeez this kind of thing drives me nuts...).
John K Landes