none
What should be the IP Address of Primary Domain and Secondary Domain Controller?

    Question

  • Hi Guys,

    I read that if you are creating a new domain you can put the loopback ip of 127.0.0.1 or the same static assigned to that server.

    example only:

    primary dns:

    ip: 192.168.0.2

    sm: 255.255.255.0

    gw: 192.168.0.1

    DNS1: 127.0.0.1
    DNS2: 192.168.0.2

    Now my question is what is the IP in DNS of the Secondary Domain do I have to put the IP of the Primary Domain Controller?

    ip: 192.168.03

    sm: 255.255.255.0

    gw: 192.168.0.1

    dns: 192.168.0.2 ----> IP OF THE PRIMARY DOMAIN CONTROLLER

    dns2:127.0.0.1 --> loopback ip of the primary domain controller

    Is that the correct settings?

    Thank you.

     
    Saturday, August 6, 2016 12:28 AM

Answers

  • Avoid usage of loopback address as primary DNS server address on NICs on AD DCs which are also running the DNS service per https://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396.  You are not required to use a loopback, and I personally do not.  The below example gives you a good “mesh” topology in the event on DC becomes unavailable.

    Primary Domain Controller (192.168.0.2):  

    DNS1: 192.168.0.2  

    DNS2: 192.168.03  

    Second Domain Controller  (192.168.0.3): 

    DNS1:  192.168.03  

    DNS2:  192.168.0.2

    FYI:  This thread belongs in the "Directory Services" forum.


    Best Regards, Todd Heron | Active Directory Consultant



    • Edited by Todd Heron Saturday, August 6, 2016 12:49 AM
    • Marked as answer by rm_beginner Saturday, August 6, 2016 12:59 AM
    • Unmarked as answer by rm_beginner Saturday, August 6, 2016 12:59 AM
    • Marked as answer by rm_beginner Saturday, August 6, 2016 12:59 AM
    • Unmarked as answer by rm_beginner Saturday, August 6, 2016 1:47 AM
    • Marked as answer by rm_beginner Saturday, August 6, 2016 2:16 AM
    Saturday, August 6, 2016 12:43 AM

All replies

  • Avoid usage of loopback address as primary DNS server address on NICs on AD DCs which are also running the DNS service per https://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396.  You are not required to use a loopback, and I personally do not.  The below example gives you a good “mesh” topology in the event on DC becomes unavailable.

    Primary Domain Controller (192.168.0.2):  

    DNS1: 192.168.0.2  

    DNS2: 192.168.03  

    Second Domain Controller  (192.168.0.3): 

    DNS1:  192.168.03  

    DNS2:  192.168.0.2

    FYI:  This thread belongs in the "Directory Services" forum.


    Best Regards, Todd Heron | Active Directory Consultant



    • Edited by Todd Heron Saturday, August 6, 2016 12:49 AM
    • Marked as answer by rm_beginner Saturday, August 6, 2016 12:59 AM
    • Unmarked as answer by rm_beginner Saturday, August 6, 2016 12:59 AM
    • Marked as answer by rm_beginner Saturday, August 6, 2016 12:59 AM
    • Unmarked as answer by rm_beginner Saturday, August 6, 2016 1:47 AM
    • Marked as answer by rm_beginner Saturday, August 6, 2016 2:16 AM
    Saturday, August 6, 2016 12:43 AM
  • Thank you. 
    Saturday, August 6, 2016 12:53 AM
  • I read your link and there is link https://support.microsoft.com/en-us/kb/945765 says 

    Domain Controller boots up slowly when pointing to itself as the only DNS server"

    Resolution
    To resolve this issue, point the Domain Controller to at least two DNS servers. 

    Option 1: Point it to use a remote DNS server as the preferred DNS server, and use itself as the secondary DNS server.

    Option 2: Point to itself as the preferred DNS server, and use another DNS server as the secondary DNS server. 

    You may refer to the documents listed in the "More Information" section about the best practices for DNS setting.

    In the answer that you gave is this affects my server?

    • Edited by rm_beginner Saturday, August 6, 2016 1:44 AM
    Saturday, August 6, 2016 1:44 AM
  • in your link that you gave https://support.microsoft.com/en-us/kb/2001093

    given Example customer scenarios 

    • Multiple domain controllers in an Active Directory site that are simultaneously rebooted
      • A two-domain controller domain is deployed in the same data center.
      • The DNS server role is installed on both domain controllers, and it hosts AD-integrated copies of the _msdcs.<forest root domain> and Active Directory domain zones.
      • DC1 is configured to use DC2 for preferred DNS and itself for alternate DNS.
      • DC2 is configured to use DC1 for preferred DNS and itself for alternate DNS.

        ********************
      • it is talking about [[[[[[preferred]]]]]]] DNS to be use by DC1 is to use by DC2 
      • it is talking about [[[[[[preferred]]]]]]] DNS to be use by DC2 is to use by DC1 
      • So in my analysis the sequence should be like this in preferred am I correct? is there any effect if I use the below settings by changing the preferred?.

      Primary Domain Controller (192.168.0.2):  

      DNS1: 192.168.0.3  

      DNS2: 192.168.02  

      Second Domain Controller  (192.168.0.3): 

      DNS1:  192.168.02  

      DNS2:  192.168.0.3

    Saturday, August 6, 2016 1:55 AM
  • TOPIC: 

    DNS: DNS servers on <adapter name> should include the loopback address, but not as the first entry




    Impact

    If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners. 

    The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself, or points to itself first for name resolution, this can cause a delay during startup. For this reason, use CAUTION when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.

    Resolution

    Configure adapter settings to add the loopback IP address to the list of DNS servers on all active interfaces, but "not" as the first server in the list.

    Configure network adapters on this DNS server to use the loopback address (127.0.0.1, 0:0:0:0:0:0:0:1, or ::1) as one of the DNS servers, but not as the first DNS server on the list. If the loopback address is configured as the first DNS server, then configure another DNS server first.

    Thanks


    • Edited by rm_beginner Saturday, August 6, 2016 2:54 AM
    Saturday, August 6, 2016 2:54 AM