Solved

AD, DNS and Windows 2003/2008

Posted on 2011-09-23
7
307 Views
Last Modified: 2012-08-13
My configuration

3 DC
DC1 = Windows 2008 R2, DNS, GC, all 5 FMSO roles, IP = 126.0.0.9, DNS1= 126.0.0.9, DNS2= 126.0.0.10
DC2 = Windows 2003 SP2, Exchange, DNS, GC, IP= 126.0.0.105, DNS1 = 126.0.0.10, DNS2 = empty
DC3 = Windows 2003 SP2, DNS, GC, IP = 126.0.0.10, DNS1 = 126.0.0.10, DNS2 = 126.0.0.9

Is this DNS configuration OK?
What is the recommended DNS configuration in TCP/IP properties of each DC?

(I had a problem this morning that when I started DC1 alone (DC2 and DC3 where offline) DNS service would not start. When DC2, DC3 went online some minutes after, everything when back to normal, and DNS service started sucessfully,  that is the reason I prefer to check DNS configuration)

Thank you
0
Comment
Question by:gadsad
7 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36586168
Try to configure it this way

DC1: Primary DNS of DC2, Secondary DNS of itself, Tertiary DNS of 127.0.0.1 (loopback interface)
DC2: Primary DNS of DC3, Secondary DNS of DC1, Tertiary DNS of 127.0.0.1 (loopback interface)
DC3: Primary DNS of DC1, Secondary DNS of DC2or3, Tertiary DNS of 127.0.0.1 (loopback interface)

This should prevent of "DNS island" which probably took place in your environment. DNS service couldn't start and there was problem with AD startup.

More about DNS island at
http://support.microsoft.com/kb/275278

Regards,
Krzysztof
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36586174
The Microsoft recommended configuration is to set the Alternate DNS server for Domain Controllers to be 127.0.0.1 - only if they are running DNS services though.

Unfortunately, you've not told us what your DC IP addresses are, so I could not give you a recommended configuration.

I have 2 domain controllers in each of my forests, and I make the 2 Domain Controllers point to their own IP and the other Domain Controller's IP for DNS.

In a 3 Domain Controller environment, I'd make them still talk to their own IP as the first DNS entry, and then flip a coin to see which other domain controller/DNS server gets the second one :D
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36586180
They told us :) Read question once again ;)

Krzsztof
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36586216
I got confused with all the IP's :)
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36587162
Also, best practices not to use 127.0.0.1 you should use the actual IP addresses. Loopback addresses themselves can cause DNS issues in multiple DNS server environment.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36915738
Hi,

today I was reviewing posts on EE and I found one interesting post, where Mike (mkline71) posted a link to Ask DS Team blog. There where similar question about best DNS practices. I read that article and I think it's worth placing it here for you :) In my opinion you will find all answers for your questions ;)

http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest

Krzysztof
0
 

Author Closing Comment

by:gadsad
ID: 36926238
thank you
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now