• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 476
  • Last Modified:

Preferred DNS server question

Under network connections it is widely known that the ip address of the DNS server is suppose to match the ip address
found under TCP/IP properties.  
example 192.168.0.6 is the tcp/ip address of the Server named Julius
The Preffered DNS tcp/ip server address is supposed to be 192.168.0.6 according to the liturature that we have read.

Where can i find other than network connections internet protocol TCP/IP properties what is supposed to be the tcp/ip information surrounding preferred DNS server tcp/ip setting ?.?.?.? for this server named Julius?

If we have more then one domain controller, then we have more then one prefferred DNS Server tcp/ip setting.
So for Domain controller 2 we have example 10.x.x.x which is the tcp/ip address of this server named Frank.
The prefferred DNS tcp/ip server address should match this servers tcp/ip settings found under the network connections 10.x.x.x.

The main question we are asking is what is supposed to be the correct DNS prefferred tcp/ip settings for both servers?
Are they supposed to be different as mentioned above or are they supposed to be the same. if the same then which tcp/ip address are we supposed to use.

And is that only after the server has been setup? or does it take the prefferred DNS tcp/ip settings when you join the domain with the second server?

Thanks!
0
LorneBackler
Asked:
LorneBackler
3 Solutions
 
ccomleyCommented:
You misconstrue, I think.

DNS servers look up "names" (e.g. www.wizards.co.uk) and return IP addresses (e.g. 217.146.99.3).

In a Windows Domain they also resolve *local* names, and other parts of Windows Networking.

So if you just need working internet connectivity you can set your DNS server value to teh IP address of any nearby DNS server, eig. your ISP's.

But if you're in a Windows Domain and you want all the features to work as advertised, you need to be using as your DNS server (one of) your Domain Controller machines.   On a DC, the DNS server not only does all the Internet related uplooking for you but it is also tied firmly in to the Active Directory and sorts out all sorts of other problems.

This applies to the Domain Controller *itself* as well - you *can* set a DC to use a completely different DNS server but really it should point to itself.

Ideally then, if a server is a DC, its primary DNS should be itself, if a server is NOT a DC, then its primary DNS should be the IP address of a server which IS a DC. (there are more complicated possible options but let's keep it simple eh?)

Moreover, one of these servers is likely to be your DHCP server and that should give out the IPs of the DC/DNS servers as the DNS servers that the workstations should use - if you're configuring teh IP of a workstation manually, set the DNS to point to one of the DCs.

0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
To expound on ccomley,

Best practices as set forth by Microsoft in a Domain environment is for the DNS servers to do all the name resolution.  So, if you have 2 domain controllers, pick 1 of them as the preferred.  In the TCP/IP properties on that machine, put in it's own address so that it points to itself only.  On the second one, point it to the one you selected as the preferred one.  So, if you selected Julius, then both would point to Julius for DNS.  

Going further, whether you use DHCP or Static IP Addressing, all other servers and workstations will point to your internal servers only.  You would set them for Julius as Primary and Frank as the secondary.

When a request for resolution hits Julius, it will see if it holds the answer.  If it does not, it will query the Internet root servers, get the answer, add it to it's cache and return the answer to the station requesting it.  In the background, AD is updating both DNS servers so they are both up to date.
0
 
LorneBacklerAuthor Commented:
So does that mean that if julius has the setting 192.168.0.6 as the preffered dns tcp/ip service
that Frank should be 192.168.0.6 as well?

Currently Frank is also a domain controller with active directory on it and if Frank is also a domain controller then doesn't Frank have to point to his ip address of 10.x.x.x and for this domain controller Franks preffered dns tcp/ip service setting shouldn't it be 10.x.x.x or should it also be 192.168.0.6?

When setting this server up to be a domain controller under this same domain, it has to point to itself, so this is the point that needs clarification for us. it seems to be a bit confusing?

Does wins play a role in this dns name resolution? And if yes why woould it be on the domain controller that houses the DNS/GPO/FSMO and not for the other one?


0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
NJComputerNetworksCommented:
This is how I would design it:

Julius.company.local
TCP/IP Settings
IP: 192.168.0.6
DNS1: 192.168.0.6
DNS2: 10.10.10.1
(Then configure DNS server to forward to ISP DNS servers)
(Load balance your DHCP scopes so that half of clients use this server as primary DNS server and other half to use FRANK.)


Frank.company.local
TCP/IP Settings
IP: 10.10.10.1
DNS1: 10.10.10.1
DNS2: 192.168.0.6
(Then configure DNS server to forward to ISP DNS servers)
(Load balance your DHCP scopes so that half of clients use this server as primary DNS server and other half to use Julius.)

Reason I would design this like this (as per Microsoft) :  

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

Question: Why do I have to point my domain controller to itself for DNS?

Answer: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.


0
 
NJComputerNetworksCommented:
"And is that only after the server has been setup? or does it take the prefferred DNS tcp/ip settings when you join the domain with the second server?"

This is what I do for adding a DC/DNS server to the environment:

Julius is already existing...and I'm adding Server Frank:

Julius.company.local
TCP/IP Settings
IP: 192.168.0.6
DNS1: 192.168.0.6
DNS2: 10.10.10.1


1) Configure FRANK with these settings initially:
Frank
TCP/IP Settings
IP: 10.10.10.1
DNS1: 192.168.0.6

2) Join the domain and run DCPROMO on server FRANK

3) Wait for AD replication to occur

4) Install DNS service

Because you are using AD Integrated DNS, a copy of DNS database is stored in AD and will automatically be replicated to the new DC FRANK.

5) Reconfigure the IP settings of Frank to point DNS properly:

Frank.company.local
TCP/IP Settings
IP: 10.10.10.1
DNS1: 10.10.10.1
DNS2: 192.168.0.6


Done.....




0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Yes, Julius and Frank should both be pointing at the IP of Julius as the preferred server.  You can have problems if you don't point both servers to the "primary one".  Set Frank's primary DNS to Julius and then the secondary DNS entry to itself.  

OK, in the TCP/IP Properties of the NIC on Julius, you put in the IP address, Subnet and Gateway.  Then below that you put in the Primary and Secondary DNS servers.  On Julius, you will put in the same IP address in the line for the IP address and for the Primary DNS.  Leave the secondary DNS blank.

On Frank, in the TCP/IP Properties of the NIC, you put in the IP address, Subnet and Gateway.  Then below that you put in the Primary and Secondary DNS servers.  On Frank, you will put in the IP address of Julius in the line for the Primary DNS.  In the line for the secondary DNS, you will put in the same address you entered above as Frank's IP address.

On any Static servers or workstations, put Julius IP Address for the Primary DNS and Frank's for the Secondary DNS.  If you use DHCP, then in the server or scope options where you add DNS entries, just make sure Julius is listed first.  That will be the Primary.

In a purely AD domain, with newer OS's, like XP for the workstations, Wins is pretty much gone the way of the covered wagon.  Older OS's like 98 still need it as does some older applications.  You can try to run your network without it.  If it runs without problem, you don't need WINS.  If you experience issues or you have the older OS's, then you need WINS.  You can put WINS on either or both of your DC's and make either one of them primary.  It really doesn't matter there.  If you have 2 though, setup replication among them.

Don't use forwarders unless you absolutely have to. You overcomplicate life that way and it is not best practices.  You introduce a single point of failure.

Point all your workstations to the primary or "parent" DNS server.  Do not try to split the load.  This is per a MS tech and also in the link provided by NJNetworks. (NJ you may have over looked your recommendation conflicts with the link you provided.)

Question: How do I set up DNS for other domain controllers in the domain that are running DNS?

Answer: For each additional domain controller that is running DNS, the preferred DNS setting is the parent DNS server (first domain controller in the domain), and the alternate DNS setting is the actual IP address of network interface.

Use the KISS method.  Don't overcomplicate anything you don't need to.
0
 
NJComputerNetworksCommented:
(Please note that these are my opinions and I'm not trying to discredit your comments samccarthy...as there are many ways to skin a cat.)


No... infact, I am not overlooking anything.  I am disagreeing with your recommendation and backing it up with Microsoft documentation.  You are recommending what MS used to recommend in the Windows 2000 days.  This question is being asked with regards to a Windows 2003 domain.

Direct quote from Microsoft:  http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

"In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address."

This is how I would design it:

Julius.company.local
TCP/IP Settings
IP: 192.168.0.6
DNS1: 192.168.0.6
DNS2: 10.10.10.1
(Then configure DNS server to forward to ISP DNS servers)
(Load balance your DHCP scopes so that half of clients use this server as primary DNS server and other half to use FRANK.)


Frank.company.local
TCP/IP Settings
IP: 10.10.10.1
DNS1: 10.10.10.1
DNS2: 192.168.0.6
(Then configure DNS server to forward to ISP DNS servers)
(Load balance your DHCP scopes so that half of clients use this server as primary DNS server and other half to use Julius.)

"Don't use forwarders unless you absolutely have to. You overcomplicate life that way and it is not best practices.  You introduce a single point of failure."  This is not a true statement.  You can configure forwarding on both DNS servers... there is no single point of failure (and ISP's will always provide more then one DNS ISP server.  To do this, you would simple follow these steps:


1) open the DNS administrator console
2) Right click the Julius DNS server and choose properties from the drop down box
3) click the FORWARDERS tab
4) enter the ISP DNS server IP addresses in the FORWARDER area
5) Click OK to save
6) Repeat steps 1-5 for the Frank server



0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
NJ, I use MS documentation too and back up everything I say with it.   Having had issues with DNS last year with 2003, I spent 3 days with the AD and DNS experts combing through our issues and grooming the systems we were working on.

I can tell you this, from their mouths, that is what they recommend.  They stated that if you do it as you suggest, you can get into looping issues with DNS and it can wind up hosing it.

I AM using YOUR kb article titled: Frequently asked questions about Windows 2000 DNS and Windows Server 2003 DNS.

Here is the quote on forwarders.

Question: Do I need to configure forwarders in DNS?

Answer: No. By default, Windows 2000 and Windows Server 2003 DNS use the root hint servers on the Internet; however, you can configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. In most cases, when you configure forwarders, DNS performance and efficiency increases, but this configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems. The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on your Internet connection.

Here is the quote about setting UP other DC's for DNS

Question: How do I set up DNS for other domain controllers in the domain that are running DNS?

Answer: For each additional domain controller that is running DNS, the preferred DNS setting is the parent DNS server (first domain controller in the domain), and the alternate DNS setting is the actual IP address of network interface.

You do it your way, I'll do it mine.  Enough said there.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now