DNS and Active Directory

[Hondy]

Hello

If you have 4 DCs what should their Network Card DNS settings be?

Should they point to themselves or should they point to each other and what would happen if you removed a DC and another one was pointing at it?

Thanks!!

 

[nevets2001uk]

Not sure if this is the optimum way to do things but we have two DCs, both with DNS installed as caching only servers which forward requests to our corporate DNS system.

We set the primary DNS on each server as themselves and the secondary as the other server.

For more than two servers go to the advanced properties of your TCP/IP connection and choose the DNS tab. Here you can supply more than two DNS servers if you wish. If each DC is also a DNS server I'd recommend setting it to use itself as the primary DNS server. That way other servers failing will not cause it any problems.

Steve G (MCSE / MCSA:Messaging)

 

[juniper911]

I concur with Nevets, set each DC to point to themselves first and then each other.

 

[Hondy]

thanks - yeh I read that they should point to themselves, which I guess that means the secondary is pretty much irrelevant then unless the DNS service stops on a particular server.

Thanks guys

 

[nevets2001uk]

It's always worth adding a secondary in my opinion. As you say the DNS service on the server may fail for some reason which would potentially cripple it's other functionality. If you have a secondary listed at least it's got somewhere to fallover to in the event of a problem and the main services can continue to function.

It's takes all of 10 seconds to enter a secondary in the properties.

Steve G (MCSE / MCSA:Messaging)

 

[Hondy]

nev - yeh i have put in a secondary, i was just clarifying in my own head that mostly there is no point. The server dies, the server dies, the only time I can think of is if the local DNS server service fails then its not much different to losing the server altogether. It just means the DC will continue to service requests - you might not even realise that the service has failed locally unless you monitor port 53 on that server.

So yes, secondary is worth doing and I have done. But if you left it out AD will survive on the remaining DC's.

Cheers guys

 

[theravager]

As long as the DCs are 2k3 with service pack 2 you will have no problems with them pointing to themselves if there is more then 1 dc. Prior to this it can cause a lot of issues and is not recommended.

NB: Service pack 1 may of fixed the issues but i am not 100%.
When you promote a dc point it to another until replication is fully completed or you will have a few issues as well.

 

[Hondy]

theravager, yes thats a good point. I was wondering about that, when you set up the DC at first, do you point DNS at the existing DC's and leave it for an hour or so then change it to point to itself? (thats what I did and seems ok)

Cheers

Paul

 

[theravager]

When you setup the first dc, there is nothing else to replicate to so there cannot be any confusion so pointing it to itself is fine.

When you setup a second and every dc afterward, point the dns to any other dc until replication has fully completed then you can change it to point to itself.

 

[58sniper]

And never set it to 127.0.0.1

Pat Richard
Microsoft Exchange MVP
Contributing author Microsoft Exchange Server 2007: The Complete Reference

 

[Hondy]

sweet, thought so - anyone hasn't seen it check out replmon in the support folder on the server CD. Great tool for AD replication.