DNS servers should include loopback address, but not as first entry (Server 2012 BPA issue)
I'm setting up a brand new domain and forest for a company. The company has two offices, connected together with a site-to-site VPN which is pretty slow (~500kbps). The local network on each end is a gigabit network.
It's a small setup. Each site has maybe 10-15 computers.
We will have 1x Windows Server 2012 DC server at each location. The two servers will each be on their own subnets, but those subnets will be bridged together over the VPN so they will be able to talk to each other.
The Best-Practices-Analyzer is complaining because I have set the DNS on each server to just be 127.0.0.1.
"DNS servers on <adapter name> should include the loopback address, but not as the first entry"
http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx
So according to this article, I should set some OTHER DNS server to as the primary DNS server, and have 127.0.0.1 be the secondary DNS server.
Okay... but my issue is the only other DNS server I could use is the domain controller at the other location, and that server will be across the VPN, a slow and laggy link. Surely this will cause performance issues?
What do you suggest I do to set the Primary/Secondary DNS to for each of these two servers?
It's a small setup. Each site has maybe 10-15 computers.
We will have 1x Windows Server 2012 DC server at each location. The two servers will each be on their own subnets, but those subnets will be bridged together over the VPN so they will be able to talk to each other.
The Best-Practices-Analyzer is complaining because I have set the DNS on each server to just be 127.0.0.1.
"DNS servers on <adapter name> should include the loopback address, but not as the first entry"
http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx
So according to this article, I should set some OTHER DNS server to as the primary DNS server, and have 127.0.0.1 be the secondary DNS server.
Okay... but my issue is the only other DNS server I could use is the domain controller at the other location, and that server will be across the VPN, a slow and laggy link. Surely this will cause performance issues?
What do you suggest I do to set the Primary/Secondary DNS to for each of these two servers?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't see any point having loopback in DNS search order
Best practice is to have servers own IP to primary DNS server and secondary should be another Server in same site and if any other site exist then it should come to 3rd one
Why people keep looback in DNS search order is Just to avoid any issues if someone change the ip address of the DC ...So thats purely your call
How we should Configuere DNS on our DC :-->
have servers own IP to primary DNS server and secondary should be another Server in same site and if any other site exist then it should come to 3rd one
All the unused NIC's to be disabled
Valid DNS Ip from ISP to be configuered in DNS forwarders Do not configuere local DNS in forwarders
Public DNS IP's Should not be used at any NIC Card except Forwarders
Domain Controllers should not be multi-homed
Running VPN server and RRas server makes the DC multihomed refer http://support.microsoft.com/default.aspx?scid=kb;en-us;272294
If anything above is incorrect please correct it and run "ipconfig /flushdns & ipconfig /registerdns " and restart DNS service using "net stop dns & net start dns"
DNS best practices
http://technet.microsoft.com/en-us/library/cc778439(v=WS.10).aspx
Checklist: Deploying DNS for Active Directory
http://technet.microsoft.com/en-us/library/cc757116(v=ws.10)
DNS Arguments
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
Best practice is to have servers own IP to primary DNS server and secondary should be another Server in same site and if any other site exist then it should come to 3rd one
Why people keep looback in DNS search order is Just to avoid any issues if someone change the ip address of the DC ...So thats purely your call
How we should Configuere DNS on our DC :-->
have servers own IP to primary DNS server and secondary should be another Server in same site and if any other site exist then it should come to 3rd one
All the unused NIC's to be disabled
Valid DNS Ip from ISP to be configuered in DNS forwarders Do not configuere local DNS in forwarders
Public DNS IP's Should not be used at any NIC Card except Forwarders
Domain Controllers should not be multi-homed
Running VPN server and RRas server makes the DC multihomed refer http://support.microsoft.com/default.aspx?scid=kb;en-us;272294
If anything above is incorrect please correct it and run "ipconfig /flushdns & ipconfig /registerdns " and restart DNS service using "net stop dns & net start dns"
DNS best practices
http://technet.microsoft.com/en-us/library/cc778439(v=WS.10).aspx
Checklist: Deploying DNS for Active Directory
http://technet.microsoft.com/en-us/library/cc757116(v=ws.10)
DNS Arguments
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
Do not use the loopback at all in the DNS. It's not the best practice and can cause data arguments especially during troubleshooting of DNS.
You should use the server's fixed IP as its primary IP DNS server.
Then you should use another DNS server's IP as a secondary server.
Do not use outside servers or your router as one of these IP addresses.
For the basics of how DNS queries work, please feel free to read an article I wrote:
https://www.experts-exchange.com/Networking/Protocols/DNS/A_323-DNS-Troubleshooting-made-easy.html
You should use the server's fixed IP as its primary IP DNS server.
Then you should use another DNS server's IP as a secondary server.
Do not use outside servers or your router as one of these IP addresses.
For the basics of how DNS queries work, please feel free to read an article I wrote:
https://www.experts-exchange.com/Networking/Protocols/DNS/A_323-DNS-Troubleshooting-made-easy.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As this is the first DC in the forest, just add DC's DNS arresss as preferred DNS and leave secondary blank until you promote second DC.
Also make sure that PDC will be authoritative time server for entire domain. Click Here
DNS Best Practice
NOTE: Do not disable IPv6, instead you can change IPv6 properties, set it to "obtain ip address automatically" and "obtain dns server address automatically".