none
DNS settings on 2008 domain controllers

    Question

  • During power or maintenance outages, it requires us to bring down all our DC's (2) and bring them back online which can take avery long time since they are looking for each other as the primary dns servers. is this the correct way to set their dns settings? we do have a different site across a vpn with a dc as well. should we point one of our dc's to point to that first as the primary? or will that cause other issues, replication?
    Monday, April 25, 2011 5:17 PM

Answers

All replies

  • Yes, this is a common question..and there are different views of thought.  I typically point the AD servers to themselves as primary, then other DNS servers as secondary. 

    DNS Client Settings for Active Directory Domain Controllers
    http://www.anitkb.com/2010/06/dns-client-settings-for-active.html


    Visit: anITKB.com, an IT Knowledge Base.
    Monday, April 25, 2011 5:56 PM
  • Hello,

    you said that you have two DCs.

    Let's suppose that:

    • DC1: 192.168.0.2
    • DC2: 10.0.0.2

    For DC1, put:

    • primary: 10.0.0.2
    • secondary: 192.168.0.2 then 127.0.0.1

    For DC2, put:

    • primary: 192.168.0.2
    • secondary: 10.0.0.2 then 127.0.0.1

    Once done, restart netlogon and all should be okay.

    For client computers/member servers, let thm point to both DCs as DNS servers.

    For public DNS servers, configure them as forwarders.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

    Monday, April 25, 2011 6:03 PM
  • thats how they are currently setup but if i have to power both down then turn one on at a time...it takes forever for them to come up
    Monday, April 25, 2011 6:16 PM
  • I thought there would be repl. problems with that? huh


    I don't see a problem.

    By proceeding like that, you will avoid AD replication problems due to DNS problems (I suppose that there is no connectivity problems and the port 53 is not blocked.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

    Monday, April 25, 2011 6:27 PM
  • sorry..for your post i had posted this response:
    thats how they are currently setup but if i have to power both down then turn one on at a time...it takes forever for them to come up
    Monday, April 25, 2011 7:13 PM
  • There is no problem also because the DC will try to update its DNS records on the primary DNS server that is set. If this is not possible then it will try to update its DNS records on the secondaty DC which is the DC itself.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

    Monday, April 25, 2011 7:15 PM
  • There is no end to discussion, whether the DNS should point to itself or another DNS server. Some says when it points to itself there is race condition between AD & dns service.

    Take a look at below link & esp look for this What is ... in below links.

    DNS recommendations from Microsoft 

    What is Microsoft's best practice for where and how many DNS servers exist? What about for configuring DNS client settings on DC’s and members?

    http://awinish.wordpress.com/2011/03/08/dns-recommendations-from-microsoft/

     

    Regards


    Awinish Vishwakarma| MY Blog

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, April 26, 2011 12:36 PM
    Moderator
  • As I mentioned earlier, I agree with Awinish...this topic has been discussed many times on this forum.  There doesnt appear to be a right/wrong answer.  Each design has its own advantages and disadvantages.  You'll need to take in the information and apply the solution that best fits your needs.

     


    Visit: anITKB.com, an IT Knowledge Base.
    Tuesday, April 26, 2011 1:56 PM
  • Alright, thanks guys. thats what I figuered anyway.
    Tuesday, April 26, 2011 2:51 PM