Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 328
  • Last Modified:

What is the best practice for DNS on Server 2008

I have setup and installed two new servers and used one of the old servers. The new servers are both running Windows Server 2008. When I was on the phone with Microsoft I asked their advice on how I should run the DNS because both servers were taking forever to reboot (slow reboots usually mean DNS issue). They suggested to run the main server's local adapter DNS as 127.0.0.1 with no forwarders in the DNS server. Then they said to run the main servers IP # for the local adapter DNS for the other two servers. Doing this did not help or speed up things. I have attached a sheet of my network and all the settings and would like advice on what would be the best way to set the DNS both in the local adapter and the DNS server so my servers run faster. I run profiles so when the client logs off or reboot it takes forever!!! It is also taking about 6 hours for mail. Before we were getting the mail in less than 10 minutes. I know that the slow reboots and the 6 hours or more for mail are related to the DNS settings. I need to know what would be the best way to configure the DNS settings in the local adapters on all three servers and in the DNS Server settings on the two servers. I am not real up on DNS so all input would be greatly appreciated and please explain in detail so I understand what you are saying. If you could just change the settings on the attachment with the way that I should configure all DNS and send back to me that would be wonderful!
Domain-Settings.docx
0
LANengineer
Asked:
LANengineer
  • 4
  • 2
  • 2
  • +1
2 Solutions
 
gmbaxterCommented:
On server 2 have you configured it as a DNS replica, or have you just manually created the records the same.

How much memory do you have in the servers? slow reboots and loading could be down to a low amount of ram.
0
 
DrDave242Commented:
Your DNS setup looks OK to me.  Server 1 is the only DC, right?  Is there a firewall running on Server 1?  If so, either disable it or make sure it allows DNS traffic through.  Also, at what point during the boot process do the servers seem to hang?
0
 
Chris DentPowerShell DeveloperCommented:

> It is also taking about 6 hours for mail

Inbound?

That's unlikely to be anything to do with internal DNS unless you're running a public DNS service there as well?

> I need to know what would be the best way to configure the DNS settings in
> the local adapters on all three servers and in the DNS Server settings on the two servers

I agree with DrDave242, your settings are fine.

Where in the reboot / startup process is it hanging?

Chris
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LANengineerAuthor Commented:
gmbaxter:
These servers are both new with 8Gb of memory. The slowness has nothing to do with hardware. I did not manually put the DNS in the server two it just replicated.
0
 
LANengineerAuthor Commented:
DrDave:
Both server #1 and #2 are domain controllers. I have the windows firewall turned off on both servers. The servers are slow booting up once it hits the GUI / splash screen. The client workstations take forever to save settings and then to apply settings.
0
 
LANengineerAuthor Commented:
Chris:
It is taking forever on incoming and outgoing mail. The clients are saying that they are not always getting what people are sending them either.
0
 
LANengineerAuthor Commented:
When I setup the DHCP role it did not ask me about DNS. Should DNS be configured anywhere in the DHCP server?? When I do an ipconfig/all on the clients it shows the following DNS numbers:
127.0.0.1
192.168.0.10
192.168.0.8
0
 
Chris DentPowerShell DeveloperCommented:

127.0.0.1 is on clients?

You need to bump that one off the list, it's localhost, and clients themselves are rather unlikely to be running a DNS service.

Inbound mail should not be effected by your internal DNS in any way at all. Indeed it's a little concerning that it takes so long. Have you checked, with Message Tracking, for any delay between it being received on the mail system and being delivered to the mailbox?

> The clients are saying that they are not always getting what people are
> sending them either.

There are, of course, things that need to be checked here. None to do with internal DNS, and none which will effect logon times.

For outbound mail delivery to be reliable you need three things (this assumes you are not using a Smart Host / Relay):

1. A valid public server name. Exchange 2007? Check the FQDN value set on the Send Connector
2. A valid Host (A) record in your public DNS system mapping that name to the public IP address you use
3. A Domain Pointer (PTR) record in your public DNS (or more likely, in your ISPs public DNS) that maps the public IP address back to the name

If any of those three are missing you may have difficulty delivering mail.

For everything else...

Can you show us DCDiag, and give details of any errors / warnings logged in the Event Log on both your servers and your clients? Obviously something is wrong, but I don't feel it's clear what.

Chris
0
 
DrDave242Commented:
Since servers 1 and 2 are both DCs and DNS servers in the same site, each one should use the other as its preferred DNS server and itself as alternate.  (There's some debate on this, depending on whom you talk to, but this configuration has always given me good results.  It ensures that each DC will be able to contact a functional DNS server right away in the event of a reboot, as long as they're not both rebooted at the same time.)  Server 3 should point to both of them for redundancy, but the order is not really important.

As Chris said, 127.0.0.1 should definitely be removed from the DNS server list on the clients.  You can configure that within Scope Options (and/or possibly Server Options) in the DHCP console on server 1.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now