DC DNS Settings
-
@Romo said in DC DNS Settings:
https://technet.microsoft.com/en-us/library/dd378900(WS.10).aspx
Interesting, this goes against MS' DNS certification requirements in the past.
-
@scottalanmiller said in DC DNS Settings:
@Romo said in DC DNS Settings:
Just found this in technet:
The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.
https://technet.microsoft.com/en-us/library/dd378900(WS.10).aspx
But it says if "only to itself", of course we would never say to skip having the secondary.
Yes but it also says
The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.
It's really confusing.
Even dell has it like that http://www.dell.com/support/article/us/en/04/SLN155801/en
In a larger environment, at least two domain controllers at each physical site should be DNS servers. This provides redundancy in the event that one DC goes offline unexpectedly. Note that domain-joined machines must be configured to use multiple DNS servers in order to take advantage of this.
If multiple DCs are configured as DNS servers, they should be configured to use each other for resolution first and themselves second. Each DC's list of DNS servers should include its own address, but not as the first server in the list. If a DC uses only itself for resolution, it may stop replicating with other DCs. This is obviously not an issue in a domain with only one DC. -
@Romo said in DC DNS Settings:
@scottalanmiller said in DC DNS Settings:
@Romo said in DC DNS Settings:
Just found this in technet:
The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.
https://technet.microsoft.com/en-us/library/dd378900(WS.10).aspx
But it says if "only to itself", of course we would never say to skip having the secondary.
Yes but it also says
The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.
It's really confusing.
Even dell has it like that http://www.dell.com/support/article/us/en/04/SLN155801/en
In a larger environment, at least two domain controllers at each physical site should be DNS servers. This provides redundancy in the event that one DC goes offline unexpectedly. Note that domain-joined machines must be configured to use multiple DNS servers in order to take advantage of this.
If multiple DCs are configured as DNS servers, they should be configured to use each other for resolution first and themselves second. Each DC's list of DNS servers should include its own address, but not as the first server in the list. If a DC uses only itself for resolution, it may stop replicating with other DCs. This is obviously not an issue in a domain with only one DC.Yeah, apparently there is an islanding issue that can happen. Their wording is definitely not good.
-
So I should not change my DNS servers settings then?
Primary: Second Dns
Secondary: 127.0.0.1 -
@Romo said in DC DNS Settings:
So I should not change my DNS servers settings then?
Primary: Second Dns
Secondary: 127.0.0.1Apparently not.
-
-
Looks like I got the question wrong
-
Always pointed it to itself, as the primary ... Also, doesn't Microsoft itself recommend this as a Best Practice ?
-
So, does it really seem like we're all doing it wrong?
That DC1 should have DC2 listed as its primary DNS server? And DC1 secondary?
-
@BRRABill I have two DCS,
DC1 has DC2 as primary and itself as secondary. Then for DC2, DC1 is primary and itself secondary. -
@brianlittlejohn said in DC DNS Settings:
@BRRABill I have two DCS,
DC1 has DC2 as primary and itself as secondary. Then for DC2, DC1 is primary and itself secondary.Seems like that is what is now recommended. Though all the first few posters did not have it set up that way, and that is apparently not the way MS used to recommend.
-
@BRRABill said in DC DNS Settings:
I do the same, itself as primary.
But it seemed like there were a lot of people on the Internet with the opposite.
Of course, they aren't the geniuses here at ML.
I take it back, my servers were NOT set up like this.
Not that anyone cares. Just wanted to set the record straight.
-
I have been doing the Primary points to other DNS and secondary to itself for over 5 years, and probably more like 15.
-
@Dashrender said in DC DNS Settings:
I have been doing the Primary points to other DNS and secondary to itself for over 5 years, and probably more like 15.
Me, too. Never an issue.
I wish we could have figured out why MS seems to be recommending it.
-
Adding to this:
I've also always point the primary to 127.0.0.1 and secondary to the secondary controller. If no secondary controller, then a public DNS.
-
@fuznutz04 said in DC DNS Settings:
Adding to this:
I've also always point the primary to 127.0.0.1 and secondary to the secondary controller. If no secondary controller, then a public DNS.
Funny there are so many ways to do this that don't break it.
-
@BRRABill said in DC DNS Settings:
@fuznutz04 said in DC DNS Settings:
Adding to this:
I've also always point the primary to 127.0.0.1 and secondary to the secondary controller. If no secondary controller, then a public DNS.
Funny there are so many ways to do this that don't break it.
That don't break it.... right away.
-
So here is a quesiton. When you first add a secondary DC/DNS, do you go back to the original DC and update the DNS on the NIC? Or do you leave the original pointing only to 127.0.0.1?