Solved

AD, DNS and Windows 2003/2008

Posted on 2011-09-23
7
320 Views
Last Modified: 2012-08-13
My configuration

3 DC
DC1 = Windows 2008 R2, DNS, GC, all 5 FMSO roles, IP = 126.0.0.9, DNS1= 126.0.0.9, DNS2= 126.0.0.10
DC2 = Windows 2003 SP2, Exchange, DNS, GC, IP= 126.0.0.105, DNS1 = 126.0.0.10, DNS2 = empty
DC3 = Windows 2003 SP2, DNS, GC, IP = 126.0.0.10, DNS1 = 126.0.0.10, DNS2 = 126.0.0.9

Is this DNS configuration OK?
What is the recommended DNS configuration in TCP/IP properties of each DC?

(I had a problem this morning that when I started DC1 alone (DC2 and DC3 where offline) DNS service would not start. When DC2, DC3 went online some minutes after, everything when back to normal, and DNS service started sucessfully,  that is the reason I prefer to check DNS configuration)

Thank you
0
Comment
Question by:gadsad
7 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36586168
Try to configure it this way

DC1: Primary DNS of DC2, Secondary DNS of itself, Tertiary DNS of 127.0.0.1 (loopback interface)
DC2: Primary DNS of DC3, Secondary DNS of DC1, Tertiary DNS of 127.0.0.1 (loopback interface)
DC3: Primary DNS of DC1, Secondary DNS of DC2or3, Tertiary DNS of 127.0.0.1 (loopback interface)

This should prevent of "DNS island" which probably took place in your environment. DNS service couldn't start and there was problem with AD startup.

More about DNS island at
http://support.microsoft.com/kb/275278

Regards,
Krzysztof
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36586174
The Microsoft recommended configuration is to set the Alternate DNS server for Domain Controllers to be 127.0.0.1 - only if they are running DNS services though.

Unfortunately, you've not told us what your DC IP addresses are, so I could not give you a recommended configuration.

I have 2 domain controllers in each of my forests, and I make the 2 Domain Controllers point to their own IP and the other Domain Controller's IP for DNS.

In a 3 Domain Controller environment, I'd make them still talk to their own IP as the first DNS entry, and then flip a coin to see which other domain controller/DNS server gets the second one :D
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36586180
They told us :) Read question once again ;)

Krzsztof
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36586216
I got confused with all the IP's :)
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36587162
Also, best practices not to use 127.0.0.1 you should use the actual IP addresses. Loopback addresses themselves can cause DNS issues in multiple DNS server environment.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36915738
Hi,

today I was reviewing posts on EE and I found one interesting post, where Mike (mkline71) posted a link to Ask DS Team blog. There where similar question about best DNS practices. I read that article and I think it's worth placing it here for you :) In my opinion you will find all answers for your questions ;)

http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest

Krzysztof
0
 

Author Closing Comment

by:gadsad
ID: 36926238
thank you
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now