I had a hard time formulating this question’s title, but I think I’ve stated it correctly. My question may stem from a misunderstanding, so I will explain what happened to cause me to think I might have things incorrectly setup.
The system:
There is currently a single physical Dell server running hyper-V to host all the servers in the development system. All servers are 2012 R2. The primary domain controller (also a DNS) is on this physical Dell host, along with all the other servers such as TFS, IIS, SQL, etc. There is a second PC as a client workstation and it is also running hyper-V on which there is a second domain controller (also a DNS). The LAN router is a Cisco small business router and it is configured to handle the DHCP for the system. (Another discrete physical server will be added when I can but this is the best I can do right now). Although the system is small at present, I want to set it up correctly for the future when more servers and clients are added.
What occurred:
I set all my servers to use static IP’s; all clients use dynamic IP’s. When I try to join a new server to the domain, I note that the Preferred DNS server IP on the new server must be set to point to a domain controller or the new server can’t find the domain in order to attach to the domain. That makes sense to me because the domain name has to be resolved to one of domain controllers in order to communicate for attaching. Is this a misunderstanding?
Should the preferred DNS IP be something other than one of my domain controllers?
Assuming I did not misunderstand as described above, it then occurred to me I might not be setting up DNS properly in my LAN. Since best practice tells me to have a minimum of 2 domain controllers and multiple DNS and I can certainly have more, where/who should the Preferred DNS server be? For clients using DHCP, the DNS will be set automatically. But for my static IP servers I have to point somewhere for the Preferred/Alternate DNS servers. I can only list 2 IP addresses on a given Ethernet connection, so if those 2 DNS failed for some reason, even if I had a third DNS working I will still lose local DNS, yes?
So then I thought perhaps I should be using my Cisco LAN router as the Preferred DNS server and entering every one of my LAN domain controllers in its table so that no matter how many domain controllers fail, all clients will be able to find a local DNS as long as one domain controller is alive. (This is assuming every domain controller is also a DNS). Or is it a misunderstanding to think the LAN router is a reasonable device to be the Preferred DNS?
That’s why I ask where the preferred DNS should be in a LAN that requires local name resolution. Should the Preferred DNS server be the LAN router or is there a better standard best practice to accomplish this differently?
In my Server Fault research before asking this question, I read about loopback IP’s, but I don’t understand why I need that. If I point to a Preferred DNS that lists all the DNS servers in my system and also includes a pointer to my ISP do I still need a loopback IP entered in any of the domain controller Ethernet adapter’s properties?
Best Answer
You're over thinking things a bit, but your basic understanding is correct.
You should have at least two Domain Controllers (in your scenario two should be sufficient).
The Domain Controllers should also be DNS servers and should host the AD DNS zone (this isn't a requirement but it's the easiest deployment method for DC's and DNS).
ALL domain clients (including all servers, workstations, virtual machines and the Domain Controllers themselves) should ONLY use the AD DNS servers for preferred and alternate DNS. They should NEVER use any non-AD DNS servers for DNS (never is a strong position to take but in your scenario just work from this premise).
Dump the idea of using the Cisco router for DNS. I'm not even going to try to understand how this might work. Just don't do it. If both DC/DNS servers fail simultaneously you'll have bigger things to worry about then DNS resolution.