LorneBackler
asked on
Preferred DNS server question
Under network connections it is widely known that the ip address of the DNS server is suppose to match the ip address
found under TCP/IP properties.
example 192.168.0.6 is the tcp/ip address of the Server named Julius
The Preffered DNS tcp/ip server address is supposed to be 192.168.0.6 according to the liturature that we have read.
Where can i find other than network connections internet protocol TCP/IP properties what is supposed to be the tcp/ip information surrounding preferred DNS server tcp/ip setting ?.?.?.? for this server named Julius?
If we have more then one domain controller, then we have more then one prefferred DNS Server tcp/ip setting.
So for Domain controller 2 we have example 10.x.x.x which is the tcp/ip address of this server named Frank.
The prefferred DNS tcp/ip server address should match this servers tcp/ip settings found under the network connections 10.x.x.x.
The main question we are asking is what is supposed to be the correct DNS prefferred tcp/ip settings for both servers?
Are they supposed to be different as mentioned above or are they supposed to be the same. if the same then which tcp/ip address are we supposed to use.
And is that only after the server has been setup? or does it take the prefferred DNS tcp/ip settings when you join the domain with the second server?
Thanks!
found under TCP/IP properties.
example 192.168.0.6 is the tcp/ip address of the Server named Julius
The Preffered DNS tcp/ip server address is supposed to be 192.168.0.6 according to the liturature that we have read.
Where can i find other than network connections internet protocol TCP/IP properties what is supposed to be the tcp/ip information surrounding preferred DNS server tcp/ip setting ?.?.?.? for this server named Julius?
If we have more then one domain controller, then we have more then one prefferred DNS Server tcp/ip setting.
So for Domain controller 2 we have example 10.x.x.x which is the tcp/ip address of this server named Frank.
The prefferred DNS tcp/ip server address should match this servers tcp/ip settings found under the network connections 10.x.x.x.
The main question we are asking is what is supposed to be the correct DNS prefferred tcp/ip settings for both servers?
Are they supposed to be different as mentioned above or are they supposed to be the same. if the same then which tcp/ip address are we supposed to use.
And is that only after the server has been setup? or does it take the prefferred DNS tcp/ip settings when you join the domain with the second server?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So does that mean that if julius has the setting 192.168.0.6 as the preffered dns tcp/ip service
that Frank should be 192.168.0.6 as well?
Currently Frank is also a domain controller with active directory on it and if Frank is also a domain controller then doesn't Frank have to point to his ip address of 10.x.x.x and for this domain controller Franks preffered dns tcp/ip service setting shouldn't it be 10.x.x.x or should it also be 192.168.0.6?
When setting this server up to be a domain controller under this same domain, it has to point to itself, so this is the point that needs clarification for us. it seems to be a bit confusing?
Does wins play a role in this dns name resolution? And if yes why woould it be on the domain controller that houses the DNS/GPO/FSMO and not for the other one?
that Frank should be 192.168.0.6 as well?
Currently Frank is also a domain controller with active directory on it and if Frank is also a domain controller then doesn't Frank have to point to his ip address of 10.x.x.x and for this domain controller Franks preffered dns tcp/ip service setting shouldn't it be 10.x.x.x or should it also be 192.168.0.6?
When setting this server up to be a domain controller under this same domain, it has to point to itself, so this is the point that needs clarification for us. it seems to be a bit confusing?
Does wins play a role in this dns name resolution? And if yes why woould it be on the domain controller that houses the DNS/GPO/FSMO and not for the other one?
This is how I would design it:
Julius.company.local
TCP/IP Settings
IP: 192.168.0.6
DNS1: 192.168.0.6
DNS2: 10.10.10.1
(Then configure DNS server to forward to ISP DNS servers)
(Load balance your DHCP scopes so that half of clients use this server as primary DNS server and other half to use FRANK.)
Frank.company.local
TCP/IP Settings
IP: 10.10.10.1
DNS1: 10.10.10.1
DNS2: 192.168.0.6
(Then configure DNS server to forward to ISP DNS servers)
(Load balance your DHCP scopes so that half of clients use this server as primary DNS server and other half to use Julius.)
Reason I would design this like this (as per Microsoft) :
http://support.microsoft.com/default.aspx?scid=kb;en-us;291382
Question: Why do I have to point my domain controller to itself for DNS?
Answer: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.
Julius.company.local
TCP/IP Settings
IP: 192.168.0.6
DNS1: 192.168.0.6
DNS2: 10.10.10.1
(Then configure DNS server to forward to ISP DNS servers)
(Load balance your DHCP scopes so that half of clients use this server as primary DNS server and other half to use FRANK.)
Frank.company.local
TCP/IP Settings
IP: 10.10.10.1
DNS1: 10.10.10.1
DNS2: 192.168.0.6
(Then configure DNS server to forward to ISP DNS servers)
(Load balance your DHCP scopes so that half of clients use this server as primary DNS server and other half to use Julius.)
Reason I would design this like this (as per Microsoft) :
http://support.microsoft.com/default.aspx?scid=kb;en-us;291382
Question: Why do I have to point my domain controller to itself for DNS?
Answer: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.
"And is that only after the server has been setup? or does it take the prefferred DNS tcp/ip settings when you join the domain with the second server?"
This is what I do for adding a DC/DNS server to the environment:
Julius is already existing...and I'm adding Server Frank:
Julius.company.local
TCP/IP Settings
IP: 192.168.0.6
DNS1: 192.168.0.6
DNS2: 10.10.10.1
1) Configure FRANK with these settings initially:
Frank
TCP/IP Settings
IP: 10.10.10.1
DNS1: 192.168.0.6
2) Join the domain and run DCPROMO on server FRANK
3) Wait for AD replication to occur
4) Install DNS service
Because you are using AD Integrated DNS, a copy of DNS database is stored in AD and will automatically be replicated to the new DC FRANK.
5) Reconfigure the IP settings of Frank to point DNS properly:
Frank.company.local
TCP/IP Settings
IP: 10.10.10.1
DNS1: 10.10.10.1
DNS2: 192.168.0.6
Done.....
This is what I do for adding a DC/DNS server to the environment:
Julius is already existing...and I'm adding Server Frank:
Julius.company.local
TCP/IP Settings
IP: 192.168.0.6
DNS1: 192.168.0.6
DNS2: 10.10.10.1
1) Configure FRANK with these settings initially:
Frank
TCP/IP Settings
IP: 10.10.10.1
DNS1: 192.168.0.6
2) Join the domain and run DCPROMO on server FRANK
3) Wait for AD replication to occur
4) Install DNS service
Because you are using AD Integrated DNS, a copy of DNS database is stored in AD and will automatically be replicated to the new DC FRANK.
5) Reconfigure the IP settings of Frank to point DNS properly:
Frank.company.local
TCP/IP Settings
IP: 10.10.10.1
DNS1: 10.10.10.1
DNS2: 192.168.0.6
Done.....
Yes, Julius and Frank should both be pointing at the IP of Julius as the preferred server. You can have problems if you don't point both servers to the "primary one". Set Frank's primary DNS to Julius and then the secondary DNS entry to itself.
OK, in the TCP/IP Properties of the NIC on Julius, you put in the IP address, Subnet and Gateway. Then below that you put in the Primary and Secondary DNS servers. On Julius, you will put in the same IP address in the line for the IP address and for the Primary DNS. Leave the secondary DNS blank.
On Frank, in the TCP/IP Properties of the NIC, you put in the IP address, Subnet and Gateway. Then below that you put in the Primary and Secondary DNS servers. On Frank, you will put in the IP address of Julius in the line for the Primary DNS. In the line for the secondary DNS, you will put in the same address you entered above as Frank's IP address.
On any Static servers or workstations, put Julius IP Address for the Primary DNS and Frank's for the Secondary DNS. If you use DHCP, then in the server or scope options where you add DNS entries, just make sure Julius is listed first. That will be the Primary.
In a purely AD domain, with newer OS's, like XP for the workstations, Wins is pretty much gone the way of the covered wagon. Older OS's like 98 still need it as does some older applications. You can try to run your network without it. If it runs without problem, you don't need WINS. If you experience issues or you have the older OS's, then you need WINS. You can put WINS on either or both of your DC's and make either one of them primary. It really doesn't matter there. If you have 2 though, setup replication among them.
Don't use forwarders unless you absolutely have to. You overcomplicate life that way and it is not best practices. You introduce a single point of failure.
Point all your workstations to the primary or "parent" DNS server. Do not try to split the load. This is per a MS tech and also in the link provided by NJNetworks. (NJ you may have over looked your recommendation conflicts with the link you provided.)
Question: How do I set up DNS for other domain controllers in the domain that are running DNS?
Answer: For each additional domain controller that is running DNS, the preferred DNS setting is the parent DNS server (first domain controller in the domain), and the alternate DNS setting is the actual IP address of network interface.
Use the KISS method. Don't overcomplicate anything you don't need to.
OK, in the TCP/IP Properties of the NIC on Julius, you put in the IP address, Subnet and Gateway. Then below that you put in the Primary and Secondary DNS servers. On Julius, you will put in the same IP address in the line for the IP address and for the Primary DNS. Leave the secondary DNS blank.
On Frank, in the TCP/IP Properties of the NIC, you put in the IP address, Subnet and Gateway. Then below that you put in the Primary and Secondary DNS servers. On Frank, you will put in the IP address of Julius in the line for the Primary DNS. In the line for the secondary DNS, you will put in the same address you entered above as Frank's IP address.
On any Static servers or workstations, put Julius IP Address for the Primary DNS and Frank's for the Secondary DNS. If you use DHCP, then in the server or scope options where you add DNS entries, just make sure Julius is listed first. That will be the Primary.
In a purely AD domain, with newer OS's, like XP for the workstations, Wins is pretty much gone the way of the covered wagon. Older OS's like 98 still need it as does some older applications. You can try to run your network without it. If it runs without problem, you don't need WINS. If you experience issues or you have the older OS's, then you need WINS. You can put WINS on either or both of your DC's and make either one of them primary. It really doesn't matter there. If you have 2 though, setup replication among them.
Don't use forwarders unless you absolutely have to. You overcomplicate life that way and it is not best practices. You introduce a single point of failure.
Point all your workstations to the primary or "parent" DNS server. Do not try to split the load. This is per a MS tech and also in the link provided by NJNetworks. (NJ you may have over looked your recommendation conflicts with the link you provided.)
Question: How do I set up DNS for other domain controllers in the domain that are running DNS?
Answer: For each additional domain controller that is running DNS, the preferred DNS setting is the parent DNS server (first domain controller in the domain), and the alternate DNS setting is the actual IP address of network interface.
Use the KISS method. Don't overcomplicate anything you don't need to.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Best practices as set forth by Microsoft in a Domain environment is for the DNS servers to do all the name resolution. So, if you have 2 domain controllers, pick 1 of them as the preferred. In the TCP/IP properties on that machine, put in it's own address so that it points to itself only. On the second one, point it to the one you selected as the preferred one. So, if you selected Julius, then both would point to Julius for DNS.
Going further, whether you use DHCP or Static IP Addressing, all other servers and workstations will point to your internal servers only. You would set them for Julius as Primary and Frank as the secondary.
When a request for resolution hits Julius, it will see if it holds the answer. If it does not, it will query the Internet root servers, get the answer, add it to it's cache and return the answer to the station requesting it. In the background, AD is updating both DNS servers so they are both up to date.