2003 Preferred DNS Server 127.0.0.1 or 192.x

no,, b/c in either case, the server will be looking to itself for DNS name resolution right?

Check out here for more infos.

Frequently asked questions about DNS and Windows 2003
http://support.microsoft.com/kb/291382

10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413

SystmProg - so it has to 192.x the 127.0x will create problems ?

Yes. DNS Server service won't be able to find authoritative DNS server for the AD-Domain you create.

Think logically how a computer finds DNS server for the zone. The answer is using the DNS server which is configured in TCP/IP property. Otherwise this computer can't assume that authoritative DNS server for this Zone is 192.x.

What's wrong with using 127.0.0.1? The DNS resolver still finds its own DNS Server service that way. I fail to see any difference between 127.0.0.1 and the server's own IP address. In fact, to be picky, the loopback address is resolved slightly quicker than the bound IP address.

It is kind of like this... Best practice is to have a reverse lookup zone as well for DNS but it is not required for AD operation.  But....  Good design would say something different.  As far as the local dns server having 127.0.0.1 as the primary dns server address you can do it, but I would not do this in any enterprise.  It will cause service location problems for more than just authoritative dns server IP.


-D-

I've installed 6 or 7 Windows Server2003 as a DC thus far and every one of them automatically configured DNS and set 127.0.0.1 as the IP for the primary DNS server.  None of these servers have had any DNS errors in their event logs and none of these networks have any DNS related problems.  But, I sometimes used 192.x.y.z with the old Server2000 installs and that did cause a bit of a timing issue since it seemed to run a service before another was finished and occasionally gave me some kind of DNS error in the logs --- the server and network still functioned, but with those errors in the log.  I assume the network was queried for 192.x.y.z (which took time to resolve), but was not queried for 127.0.0.1 (since that was loopback).  Since MS sets 127.0.0.1 automatically when creating AD on Server2003, I just leave it...

Ok try that in a real environment of 3000 machines or more..  I think the result would be different or better yet split your domian across routers...  Again best practice may not hurt you on a small scale but may bite you in the @zz later.   I have installed 100's of servers and best practice rules the day.  Put in the IP address of the active network connection of the DNS server and be assured no problems wwill result due to configuration issues.


-D-

Not to discredit dimante, but setting up a Server2003 as the only server in the forest would make it the most authoritative DNS server on the network and for the AD, and would thus be the primary DNS server by default.  Microsoft actually configures 127.0.0.1 on your network card's DNS primary IP when you follow the AD setup wizard in Server2003.  In other words, the wizard puts that in for you.  You don't enter the IP address.  The wizard puts that in for you.  You don't have to enter it.  You can change it if you wish, but why?  If you're DC is the forest's only server and there are no other DNS servers around, then the IP address would be the IP of the server's NIC.  Since 127.0.0.1 refers to the loopback, I believe no resolution is required and is thus more efficeint.  While entering 192.x.y.z (or whatever IP) will likely work (as in my Server2000 domains), I believe there is a resolution time that might present timing issues and maybe give you DNS errors in the logs.  Of course, if there is another server handling DNS on the network  --  use that IP address instead!!  But, I use and recommend 127.0.0.1 instead of the actual IP of the NIC when there's only one server and it's a DC of the forest.  I've had my Server2003's going for almost 2 years now with no DNS issues using 127.0.0.1...

Well with that train of thought if you went through the AD wizard in server 2000 you would get domainname.domainname.local but it is not right is it ;-)  AD setup also does not set up a RDNS lookup zone  Do you think that is ok in all implementations?  All we are trying to point out is there is a definate difference in out of the box generic AD setup and properly configured.  I would love to see a DCDIAG and NETDIAG from your AD ;-)  Also in your analogy if your server was indeed root then if your clients are connected to the internet they must not be able to resolve anything and cannot get to websites.  The root you refer to is the "." zone on a DNS server.  If you have that in there you must not be connected to the internet on the network or even worse you have an internet DNS server set up on your clients as a secondary which has the client exposing internal network information to the Internet.  And don't worry about discrediting me.  I have been a Microsoft MCSE for years and know from experience leaving things M$ default is almost certainly going to lead to problems in the future.


My 2 cents

-D-

I have several of my Server2003 DC's behind ISA servers (schools) and all workstations get to internet through the ISA servers (setup as non-DC).  The Server2003 DC's still have 127.0.0.1 as the IP for their primary DNS -- not the ISA IP address.  The workstations have the DC actual IP as their primary DNS while their gateway IP is the ISA server IP.  I have no problem with this setup.  Been installing networks since 1987.  Should I have a problem with my 127.0.0.1??  If so, why haven't I seen it??  I also seem to remember that Server2000 domain setups did not automatically configure the DNS IP on the NIC for me -- I think I had to do it myself and would thus have to choose between the loopback or not.  One more note -- I've heard some good techs say use the actual IP and others say use the loopback -- seems to be two different philosophies.  I've used both, and I've had occasional DNS errors when using the actual IP's.  But, I've never had DNS errors (yet) when using the loopback.  Go figure...

Windows 2000 did have a few problems with the use of the loopback for the preferred DNS server, such as RAS or VPN clients receiving that address for their preferred DNS server, etc. Windows 2003 seems to have overcome those problems though, as the Microsoft "Step-by-Step guide to a Common Infrastructure for Windows Server 2003 Deployment" specifies using the loopback address as the preferred DNS server.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/domcntrl.mspx

Personally, I use the proper DNS address as the preferred DNS server entry, but for me that is due to old habits and the problems I have seen caused in Win2k from the use of the loopback address.

You do not have a DNS server with a "." zone in it resolving any urls outside your domain.  If the server thinks it is authoritative for the "." zone and a request comes in for www.aol.com your server (will not have the record) and return nothing.  If your DNS server is set up this way how do your clients resolve outside host names?  Anyway back to the original question:

Does it make any difference to the enterprise ?

It absolutely does in enterprise size networks, period.

http://support.microsoft.com/?kbid=254715 (RAS commonly used in enterprise class networks)


I respect the fact that you have been installing networks since 1987 but know this I have also deployed AD with all BIND DNS servers and no AD DNS at all.  So I understand what works best for a sucessful deployment. So what you say is true to a degree you can use 127.0.0.1 But in other networks as described in the link above problems can result from doing it.

-D-

dimante,

I read your KB article 254715 and it refers to a quirk with Server2000 and RAS.  I suspect that is the only time it shows it's head and is probably fixed in Server2003 (although I don't really know for sure without checking).  However, the technet article listed by Rastinan2002 (step 17 under "Configuring Your Server as a Domain Controller") does state we should use the loopback address 127.0.0.1 instead of the NIC's actual IP as the primary/preferred DNS (as I do).  However, I have seen scenerios where the book is wrong and our experience is the better choice.  Take care...

Don't be so sure about things that are *fixed* in server 2003 sp1 actually causes more problems than were fixed I think LOL.  You take care also.

-D-