Do I need to install DNS on my backup Domain Controller?

Posted on 2009-02-23
Last Modified: 2012-08-13
Hi all,
I am building a domain controller for the first time and my question is:
Do I need to install Active Directory or DNS on my backup domain controller or does my Primary Domain Controller have an option to copy everything to my backup DC?
Will it also need the same static IP?

Thanks much
Question by:techin4
    LVL 12

    Assisted Solution

    You can run DNS on your DC only. Any member server on the domain can also be a replication partner for AD as well (which is never a bad idea in my opinion).

    Author Comment

    Hi Michaelgoldsmith,

    So I should run DNS only on my Primary DC and NOT on my Backup DC?

    LVL 7

    Accepted Solution

    First and foremost....I see many people use the terms PDC and BDC.  A server is either a domain controller or it isn't.  Don't be confused by the FSMO role terminology.  Second, I couldn't disagree more with the other comment.  It is typically best if you do install DNS on any DC that you wish (especially if you have a large network).  Furthermore, if the DNS server will be pounded to death, it should be on it own set of servers.  All DC's replicate traffic via FRS, and now in 2008, via DFS.  The only other options to think about are where to place global catalogs and the other FSMO roles.
    LVL 12

    Expert Comment

    I don't see any harm in running DNS on both servers.

    If you run DNS on both servers, you will need to set your DHCP options to hand out both DNS servers in case one goes down.
    LVL 7

    Expert Comment

    Absolutely correct...
    LVL 4

    Assisted Solution

    In my opinion you always want to have DNS installed on your DC's unless you have very specific reasons not to.  The DNS installation should be a part of the Active Directory setup when you run DCPROMO.  There is no downside in most instances and many benefits to replicating DNS to other DC's.  As michael pointed out you want to make sure your DCHP server is set to hand out the IP addresses of both servers hosting DNS so if one were to fail then you would still be able to authenticate clients (ie. Login).

    If you want to go a little further to make it foolproof, divide the DHCP scope across the two servers.  Essentially you setup DHCP identically on both DC's, same DNS servers, same reservations (if needed), same everything except the scope of addresses to be handed out.

    Say you are on a 192.168.10.X network with a subnet mask of so you have IP addresses available of -  The first server you set your available addresses in DHCP to - and the second server you set available addresses in DHCP to - (.255 is broadcast/not usable).  You can start your scope wherever you want of course.  But the benefit is that even if one server goes down completely and you lose DNS and DHCP (which would hand out DNS server addresses in the first place) you still have another server that can carry both roles and your users see no downtime.

    Keep in mind you would have to ensure you add reservations to both servers.  If you put a network printer on and reserved that IP on one server but not the other, the other server sees that IP as fair game to hand out to a client.

    I know this is way off topic but it sounds like you could use a little redundancy in the network.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Suggested Solutions

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now