• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 298
  • Last Modified:

How can I determine the preferred AD DNS server?

Points of My Scenario:
1. I am admin of a Windows Server 2003 domain: mydomain.com
2. There are 5 domain controllers: A, B, C, D & E
3. All domain controllers are also DNS servers for the domain.
4. Client workstations are configured (via DHCP) to use as preferred DNS servers: A & B
5. However, clients resolve "mydomain.com" consistently to domain controller D.
QUESTION: How can I make clients resolve "mydomain.com" to domain controllers A or B instead?
  • 3
  • 2
1 Solution
First create sites in AD(active directy sites and services) if you have more than one location.  Then move the domain controllers to the appropriate site.  Once the site is created add the proper subnets for each site.

Then I would double check your DHCP settings to use the proper DNS servers.  Typically you should place the two closest DNS servers in the DHCP scope. You can add additional ones as a backup if you prefer.

If you only have one location you don't need to configure site and services just your DHCP scopes.
waltforbesSenior IT SpecialistAuthor Commented:
To nsx106052 - please note the site/subnet layout:
(1) There are three sites (Site1, Site2, and Site3)
(2) Site1 contains three subnets + domain controllers A, B and E - all in one building
(3) Site2 contains one subnet + domain controller C - separate building
(4) Site3 contains one subnet + domain controller D - yet another (3rd) building
My Actions:
(1) Based on your advice, I added client subnets (2 of them) to Site1, using AD Sites and Services - since all are in same building
(2) I replicated the changes using AD Sites and Services also.
(3) I flushed DNS cache with "ipconfig /flushdns" at the clients
Results: Nothing changed - mydomain.com is still resolves to domain controller D.
Krzysztof PytkoSenior Active Directory EngineerCommented:
Your DHCP clients use only specified DNS servers in scope option no. 006 :) (that's for sure) and gets DNS respond only from them :) ... but specified DNS servers contain all necessary records of your domain.local

By default Round-Robin mechanism is working for that

so, according to your structure


DNS issues IP address of DC during authentication, next client will get IP address of another DC from the list (Round Robin)

If you want to check if that's true, log on to that PC, open command-line and run test

ipconfig /flushdns
ping domain.local

repeat this action several times and compare IP output for the domain  :)

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Krzysztof PytkoSenior Active Directory EngineerCommented:
You may be also interested in Netmask ordering feature. This is very good MS article for that

waltforbesSenior IT SpecialistAuthor Commented:
Many thanks, iSiek.
Krzysztof PytkoSenior Active Directory EngineerCommented:
You're welcome :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now