DNS AD Integrated - What should each servers DNS be pointed to?
-
Thursday, May 03, 2012 12:25 AMFairly straightforward question. If I have a DC/DNS with AD Integrated zones and I want to load a second DC/DNS server that would contain the same replicated zones. I would initially set the new servers preferred DNS server to the first DC/DNS, install AD/DNS and wait for it to load the zones. Once this is done would I change the preferred DNS server on the new server to itself, or leave it pointed to the original server?
All Replies
-
Thursday, May 03, 2012 1:55 AM
Good question, and there is still debate on this topic. Each option has its advantage and disadvantage. My preference is to point the server to itself for DNS.
Here is a summary regarding this topic: http://www.itgeared.com/articles/1046-dns-client-settings-for-active/
Guides and tutorials, visit ITGeared.com.
- Proposed As Answer by Ace Fekay [MCT]MVP Thursday, May 03, 2012 4:15 AM
- Marked As Answer by tpullins Thursday, May 03, 2012 5:48 PM
-
Thursday, May 03, 2012 4:22 AM
And my preference is to point to a replica on the same subnet or site, and itself second, but if its the only DC/DNS in a site, such as a remote site, then I set itself as first, and set a replica at HQ as second. Oh yea, I'll remove the loopback, too, even if the BPA doesn't like it.
So it goes to show, as Jorge pointed out, this has been discussed and argued among the Microsoft engineers since the AD beta days in 1999.
In addition to Jorge's blog, here's some additional info
==================================================================
==================================================================
Domain Controllers and using the Loopback (127.0.0.1) Address:
DNS - Use itself as first entry?
Quoted from Ned Pyle's post in the following link below:
"The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller."Friday Mail Sack: Saturday Edition, by Ned Pyle, MSFT, 17 Jul 2010 11:06 AM
Scroll down to Question: Question: What is Microsoft's best practice for where and how many DNS servers exist? What about for configuring DNS client settings on DC’s and members?
Answer: It depends on who you ask. :-) We in MS have been arguing this amongst ourselves for 11 years now. [sic] (Note: it's 13 years now)
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx.
DNS: DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers
"This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan." Updated: October 15, 2010.
"... if the DNS server is also a domain controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller."
http://technet.microsoft.com/en-us/library/dd378900(WS.10).aspx
http://technet.microsoft.com/en-us/library/ff807362(ws.10).aspxAce Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Thursday, May 03, 2012 5:39 PM
Thank you. As far as the loopback I am using it's actual assigned IP address and not 127.0.0.1 but I'm not sure if that matters. The DC's are in different sites so I think I will set them to themselves first and the opposite DC as the secondary.
-
Thursday, May 03, 2012 8:27 PMGlad to be of assistance!
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
.png)
