locked
DNS for Global Subnets RRS feed

  • Question

  • Any best practices for DNS setup

    Have 6 DCs with 6 subnets all connected over VPN tunnels. Right now have primary DC for that site as DNS server and then secondary is our global HQ. 3rd is public DNS

    Thoughts?

    Thursday, December 14, 2017 7:46 PM

Answers

  • Hi ,

    As Evgenij Smirnov said, we should configure external DNS address as forwarders to forward DNS queries.

    For your reference:
    Configure a DNS Server to Use Forwarders
    https://technet.microsoft.com/en-us/library/cc754941%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396


    In addition ,In a multi DC scenario, I would point it to a random other DC and then to himself.

    If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.

    The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself, or points to itself first for name resolution, this can cause a delay during startup. For this reason, use CAUTION when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.

    DC1 is configured to use other DC for preferred DNS and itself for alternate DNS.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by WestWes Friday, December 15, 2017 2:40 PM
    Friday, December 15, 2017 2:11 AM

All replies

  • Hi, Mixing public and AD based DNS servers is bad practice. You should use DNS forwarders on your DCs instead. Apart from that, yes, put two or three DCs in and make sure that the local one is among them. The order isn’t as important with modern Windows versions as it was back then.

    Evgenij Smirnov

    I work @ msg services ag, Berlin -> http://www.msg-services.de
    I blog (in German) @ http://it-pro-berlin.de
    my stuff in PSGallery --> https://www.powershellgallery.com/profiles/it-pro-berlin.de/
    Exchange User Group, Berlin -> http://exusg.de
    Windows Server User Group, Berlin -> http://www.winsvr-berlin.de
    Mark Minasi Technical Forum, reloaded -> http://newforum.minasi.com

    Thursday, December 14, 2017 10:31 PM
  • Hi ,

    As Evgenij Smirnov said, we should configure external DNS address as forwarders to forward DNS queries.

    For your reference:
    Configure a DNS Server to Use Forwarders
    https://technet.microsoft.com/en-us/library/cc754941%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396


    In addition ,In a multi DC scenario, I would point it to a random other DC and then to himself.

    If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.

    The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself, or points to itself first for name resolution, this can cause a delay during startup. For this reason, use CAUTION when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.

    DC1 is configured to use other DC for preferred DNS and itself for alternate DNS.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by WestWes Friday, December 15, 2017 2:40 PM
    Friday, December 15, 2017 2:11 AM
  • Excellent. Thank you both. 
    Friday, December 15, 2017 2:40 PM