• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 702
  • Last Modified:

DNS configuration issue with two DC's.

Please see below for my setup. Why is DC1 only showing itself in its DNS list and DC2 shows both DC's in its DNS list? Do I have the DNS not correctly setup?

DC1 Windows Server 2000
DNS list DC1

DC2 Windows Server 2003
DNS lists both DC1 and DC2

Note: On DC2 both DNS records for DC1 and DC2 are identical.



0
stevensims
Asked:
stevensims
  • 6
  • 5
  • 3
  • +3
2 Solutions
 
mass2612Commented:
Hi,

I am not sure that I completely understand your question. Are you saying that when you look at DC1 via an ipconfig /all for example you only see DC1 listed as a DNS server?

IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.10
DNS Servers . . . . . . . . . . . : 192.168.1.1
                                    192.168.1.1

While on DC2 you see the IP for DC1 and DC2 listed under DNS servers?
0
 
brent_caskeyCommented:
I usually have both of the DNS servers in the list on both DC's

DC1 ("Primary" DNS Server)
  DNS
     DC1 (preferred)
     DC2 (alt)

DC2 ("Secondary" DNS Server)
   DNS
      DC2 (preferred)
      DC1 (alt)

However, there is a discussion on the topic here, if you want more in depth on the topic:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23090763.html

There are different ways to think about it. As long as you have your internal DNS servers in the list and not your ISP's/external , you should be ok. I would also recommend that if you have mutliple DC/DNS servers, that you list at least 2 in the DNS settings on each DC/DNS server (1 primary / 1 alternate).
0
 
ryansotoCommented:
No you DO NOT want an alternate in the server config
DC2 Windows Server 2003
DNS lists both DC1 and DC2

As stated in the link that brent gave KCTS give an explnation why.  It can create a looping effect.
Each server should point to itself for the primary and the secondary/alternate should be blank.



KCTS:I assume you mean PREFRRED not PRIMARY. Primary DNS servers are something different altogether.
Windows DNS servers should point to themselves as preferred DNS server. The Alternate DNS server should be blank - otherwise you can get "looping" occuring.

Its always a good idea to make at least one other DC a global catalog server as the others have said.

Also make sure that all clients have the address of a windows DNS server as their preferred DNS servert and the address of another windows DNS server as the alternate DNS server. Check both the DHCP options and the TCP/IP settings on the network card.

Make sure that the only place external DNS servers appear are on the Forwarding tab in DNS on the DNS servers themselves
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
Feroz AhmedSenior Network EngineerCommented:
Hi,
You have configured DNS on windows server 2003 so for that reason it is showing 2 DNS entries and where as windows server 2000 is an Old version of OS and windows server 2003 is a upgraded version for windows 2000 ,on which computer you have configured DNS and check both forward lookup zone as well as reverse lookup zone whether you have configured your DNS correctly ,i think DC2 windows 2003 is a Domain Controller so for that reason it is showing both DC1 windows 2000 and DC2 windows 2003 itself.
0
 
brent_caskeyCommented:
ryansoto,

KCTS does not know what he is talking about with the alternate DNS
0
 
stevensimsAuthor Commented:
Hi Everyone,

Both are Domain controllers. I have listed more info below. Forward and reverse lookup works with no issues.

DC1
Ipconfig setting
DNS Primary Server DC2
DNS Primary Server DC1

DC2
Ipconfig setting
DNS Primary Server DC1
DNS Secondary Server DC2

Workstations
Ipconfig settings
DNS Primary Server DC2
DNS Secondary Server DC1

DC1
Schema Master

DC2
RID master
PDC master
Infrastructure master
Domain Naming master

Both DC's are Global Catalogs
0
 
stevensimsAuthor Commented:
oops!

DC1 Ipconfig settings above should be:
DNS Primary Server DC2
DNS Secondary Server DC1
0
 
brent_caskeyCommented:
The only thing there that might cause an issue is the Global Catalog being on the Infrastructure Master role holder. That can cause some issues but, if you only have 2 DCs, you would want to keep it the way it is so that if one DC goes down, the other can handle the login requests. If you have more than 2 DCs, then it is best practice to not have the infrastructure master on the same server as a GC.

See
http://support.microsoft.com/kb/248047
http://support.microsoft.com/kb/223346

Other than that, your config looks good.

0
 
stevensimsAuthor Commented:
So should both DC's be pointing to each other? I am getting ready to add another Domain Controller DC3 and will make it the preferred DNS server. So are the settings below correct? Also note, for the moment  we use a firewall router for our DHCP IP addresses. It will also be configured to have DC3 as the preferred. (eventually I will setup the DC to run DHCP)

DC2
Preferred DC3
Alternate DC2

DC3
Preferred DC3
Alternate blank

DC1
Preferred DC3
Alternate DC2

Primary DC dont exist if the DNS is integrated in Active Directory? I have never messed with having a primary DC and a secondary DC.


0
 
mass2612Commented:
Hi,

I have always taken the DNS config on the servers in an AD integrated setup so that each AD/DNS server points to itself as the primary DNS server and the secondary to its closest well connected AD/DNS server.

Therefore
DC1 - Prim DC1, Sec DC2
DC2 - Prim DC2, Sec DC1
DC3 - Prim DC3, Sec DC2

The secondary should be whatever server it has the most reliable network connection with.
0
 
stevensimsAuthor Commented:
Wouldn't this possibly create a little bit of a problem when a machine logs in? All the workstations are going to have a preferred DNS. As soon as that machine logs in it is registered in the DNS on the preferred DC. The other two DC's wont see that until the AD replicates to them.  I am not for sure if I am right here but just throwing it out there.
0
 
mass2612Commented:
No this would not be an issue. You want each machine to try to contact its most reliable (usually via network speed) therefore an DC running AD integrated DNS should use itself primarily for internal DNS lookups and then use forwarders for extneral DNS lookups.

The clients should use the same configuration. A client in the same site as DC1 should use DC1 as the primary DNS server and the next best option for the secondary.
0
 
stevensimsAuthor Commented:
Understood. However, what if all the workstations are on the same site as the three DC"s? All of my workstations are pointing to one DC.
0
 
mass2612Commented:
If you have 3 DC's in the one site then you could load balance them by having multiple DHCP scopes as long as they are all connected with a high speed reliable network connection it will be fine.
0
 
stevensimsAuthor Commented:
Hi mass2612,

Aww true I like that idea. However, my network isnt using DHCP from the servers--it will in the future though. I am trying cleanup and make better what i currently have. I didnt set this server up in the beginning.

But right now I have a VPN/Firewall router that assigns all IP addresses. It has our DC2 listed as the preferred and DC1 listed as the alternate. SO thats why i figured that all dc's and workstations should point to the preferred DC. By the way we only have about 25 users. With this configuration you still recommend the DNS servers to point to themselves?
0
 
ryansotoCommented:
Its been my experience that you always point the DNS servers to themselves in tcpip then in the dns forwarders tab you set to your ISP.
In your DHCP scopes is where you set multiple DNS servers so if one machine is down dns can resolved by the other dns servers listed in your scope.
0
 
mass2612Commented:
I would use static settings for all servers and only have the workstations assigned automatically. That way the servers can be more easily controlled.
0
 
Chris DentPowerShell DeveloperCommented:

My unofficial recommendation would be:

Split: brent_caskey (http:#20739876), and mass2612 (http:#20791558)

Chris
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 6
  • 5
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now