Solved

win2003 dns server ip address question

Posted on 2012-03-16
6
382 Views
Last Modified: 2012-03-19
Hi,
That's a simple question but :
I have 2 dc's dc1 10.1.2.12 and dc2 10.1.2.13
both are dns servers (srv2003)
It their on network card propriaty what dns entry should their be?
"use the following DNS server addresses
Preferred DNS Server
Alternate DNS server"

Should it be 127.0.0.1 then 10.1.2.13 for the first one
or 10.1.2.12 the 10.1.2.13
or 10.1.2.13 then 10.1.2 12
or 10.1.2.13 then 127.0.0.1
or other combinaison?
tx!
0
Comment
Question by:SigSupport
6 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37729430
Each DC should point to themself first and then to the other one. I usually do it by the IP address rather than local host address.

As far as your clients as long as they point to both it doesnt really matter which is first.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 37729435
On .12

Preferred = .13
Alternate = 127.0.0.1

On .13

Preferred = .12
Alternate - loopback

You do that to prevent race condition issues


Ned Pyle from the ask DS team had a great answer about this.

This answer came about from an email MVP Mark Parris sent to Ned


*****************cut and paste from here...not taking credit for their good work here ***********************

I have "knelt before Ned" and the concise digest response to the raised points in the trail is:

The BPA is right – on DCs we recommend making the DC loopback address a secondary/tertiary or lower entry, and pointing to another DNS server as primary, for the reasons below:
 
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
 
It’s also stated in this DNS BPA rule:
 
DNS: DNS servers on <adapter name> should include the loopback address, but not as the first entry
http://technet.microsoft.com/en-us/library/ff807362(WS.10).aspx
 
And this one:
 
DNS: DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers
http://technet.microsoft.com/en-us/library/dd378900(WS.10).aspx
 
The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers.

However, if the DNS server is also a domain controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.
 
The loopback address of 127.0.0.1 (or ::1 in IPV6) is recommended because, unlike even a static IP address, it never changes. So you can never accidentally forget to update your DNS entry and be completely FUBAR.

We in MS AD support still reckon that roughly 75% of our AD cases have DNS-Networking root cause, so anything you can do to avoid becoming a statistic is alright by us.
 
As far as RPC DNS goes, you might be thinking of RPCAuthLevel and the man-in-the-middle protection added in Win2008+:
 
http://blogs.technet.com/b/askds/archive/2010/02/12/friday-mail-sack-not-usmt-edition.aspx#dns

*****************************************8

Thanks

Mike
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37729437
So on DC1 it would be

Preferred 10.1.2.12
Secondary 10.1.2.13

On DC2 it would be
preferred 10.1.2.13
secondary 10.1.2.12
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 6

Expert Comment

by:bluemeln
ID: 37729444
On DC1, it should bet
10.1.2.12
10.1.2.13

On DC2, it should be
10.1.2.13
10.1.2.12

The DNS servers should check itself first in order to avoid network traffic to another server.
As a practice, I do not use 127.0.0.1 because of multi-homed servers. Instead I type in the literal IP address.

When they are located in a forest, I usually put the IP address of a Global Catalog DC as the second DNS entry in the second DC, so

On DC2
10.1.2.13
10.1.5.12 (if there were a 10.1.5.x domain in the same forest)
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37729452
I disagree with the others on this, I've run into race condition issues before.  I also defer to Ned and the AD team because they see all the support calls generated.

Make sure to read the links in Ned's answer I posted above.

Thanks

Mike
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37729596
I also used to be a primary = self and secondary = other DC.
And although I've not had race conditions I've changed my configs too.
From experience, if Ned or the Mailsack said so then that's a good enough reason to implement.

Makes a whole lot of sense too
Reposting this link, check the discussions.
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Macbook Sierra OS OpenVPN issue 13 81
Windows 2012 PKI in a hybrid org 3 48
Set up secondary Domain Controller 4 71
Changing passwords 3 21
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question