Proper Way to set Preferred DNS Server on the Windows Domain Controllers themselves

domain-name-systemwindows-server-2012-r2

This may be a basic question, but I'm not sure how to properly phrase what I'm looking for, with a google search.

I have two Windows Server 2012 R2 domain controllers on the local network. Let's say Controller1 has an IP address of 192.168.1.1. Controller2 has an IP address of 192.168.1.2.

Our client machines on the network have Controller1 set as the preferred DNS, and Controller2 as the alternate choice.

My question is: What should the "Use the Following DNS Server Addresses" fields be set to, on the Domain controllers themselves? Currently, Controller1 has 192.168.1.1 (itself) set as the Preferred, and nothing set for the alternate. Controller2 has 192.168.1.1 set as the preferred, and 127.0.0.1 as the alternate.

This was set up a year ago, by someone who I'm not entirely sure knew what they were doing. I'm certainly no expert myself, and so I'd like to doublecheck if the current settings they had made make sense.

Thank you for your time.

Best Answer

I believe a Domain Controller's DNS servers are supposed to be other DCs then itself to avoid becoming "replication islands". Refer to https://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx.

So, in your case, DC1 would use DNS servers 192.168.1.2, 127.0.0.1 and DC2 would use DNS servers 192.168.1.1, 127.0.0.1.

Related Solutions

Windows Server 2003 DCDiag error message “delegation is broken for foo.com.foo.com on dns server”

The delegation test checks for broken delegations by ensuring that all NS records in the Active Directory domain zone in which the target domain controller resides have corresponding glue A records.

Try:

1) Setup DNS servers in TCP/IP config for your servers as folowing: own IP as primary DNS, other DC as secondary DNS (check http://support.microsoft.com/kb/825036 for details). Never use ISP (or other external) DNS as DNS server at any DC in TCP/IP settings

2) ipconfig /registerDNS on both servers

3) netdiag /fix

DNS – Optimal Order of DNS Servers for an AD Domain Controller

According to this link and the Windows Server 2008 R2 Best Practices Analyzer, the loopback address should be in the list, but never as the primary DNS server. In certain situations like a topology change, this could break replication and cause a server to be "on an island" as far as replication is concerned.

Say that you have two servers: DC01 (10.1.1.1) and DC02 (10.1.1.2) that are both domain controllers in the same domain and both hold copies of the ADI zones for that domain. They should be configured as follows:

DC01
Primary DNS   10.1.1.2
Secondary DNS 127.0.0.1

DC02
Primary DNS   10.1.1.1
Secondary DNS 127.0.0.1

Best Answer

Related Solutions

Windows Server 2003 DCDiag error message “delegation is broken for foo.com.foo.com on dns server”

DNS – Optimal Order of DNS Servers for an AD Domain Controller

Related Topic