Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

win2003 dns server ip address question

Posted on 2012-03-16
6
388 Views
Last Modified: 2012-03-19
Hi,
That's a simple question but :
I have 2 dc's dc1 10.1.2.12 and dc2 10.1.2.13
both are dns servers (srv2003)
It their on network card propriaty what dns entry should their be?
"use the following DNS server addresses
Preferred DNS Server
Alternate DNS server"

Should it be 127.0.0.1 then 10.1.2.13 for the first one
or 10.1.2.12 the 10.1.2.13
or 10.1.2.13 then 10.1.2 12
or 10.1.2.13 then 127.0.0.1
or other combinaison?
tx!
0
Comment
Question by:SigSupport
6 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37729430
Each DC should point to themself first and then to the other one. I usually do it by the IP address rather than local host address.

As far as your clients as long as they point to both it doesnt really matter which is first.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 37729435
On .12

Preferred = .13
Alternate = 127.0.0.1

On .13

Preferred = .12
Alternate - loopback

You do that to prevent race condition issues


Ned Pyle from the ask DS team had a great answer about this.

This answer came about from an email MVP Mark Parris sent to Ned


*****************cut and paste from here...not taking credit for their good work here ***********************

I have "knelt before Ned" and the concise digest response to the raised points in the trail is:

The BPA is right – on DCs we recommend making the DC loopback address a secondary/tertiary or lower entry, and pointing to another DNS server as primary, for the reasons below:
 
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
 
It’s also stated in this DNS BPA rule:
 
DNS: DNS servers on <adapter name> should include the loopback address, but not as the first entry
http://technet.microsoft.com/en-us/library/ff807362(WS.10).aspx
 
And this one:
 
DNS: DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers
http://technet.microsoft.com/en-us/library/dd378900(WS.10).aspx
 
The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers.

However, if the DNS server is also a domain controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.
 
The loopback address of 127.0.0.1 (or ::1 in IPV6) is recommended because, unlike even a static IP address, it never changes. So you can never accidentally forget to update your DNS entry and be completely FUBAR.

We in MS AD support still reckon that roughly 75% of our AD cases have DNS-Networking root cause, so anything you can do to avoid becoming a statistic is alright by us.
 
As far as RPC DNS goes, you might be thinking of RPCAuthLevel and the man-in-the-middle protection added in Win2008+:
 
http://blogs.technet.com/b/askds/archive/2010/02/12/friday-mail-sack-not-usmt-edition.aspx#dns

*****************************************8

Thanks

Mike
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37729437
So on DC1 it would be

Preferred 10.1.2.12
Secondary 10.1.2.13

On DC2 it would be
preferred 10.1.2.13
secondary 10.1.2.12
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 6

Expert Comment

by:bluemeln
ID: 37729444
On DC1, it should bet
10.1.2.12
10.1.2.13

On DC2, it should be
10.1.2.13
10.1.2.12

The DNS servers should check itself first in order to avoid network traffic to another server.
As a practice, I do not use 127.0.0.1 because of multi-homed servers. Instead I type in the literal IP address.

When they are located in a forest, I usually put the IP address of a Global Catalog DC as the second DNS entry in the second DC, so

On DC2
10.1.2.13
10.1.5.12 (if there were a 10.1.5.x domain in the same forest)
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37729452
I disagree with the others on this, I've run into race condition issues before.  I also defer to Ned and the AD team because they see all the support calls generated.

Make sure to read the links in Ned's answer I posted above.

Thanks

Mike
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37729596
I also used to be a primary = self and secondary = other DC.
And although I've not had race conditions I've changed my configs too.
From experience, if Ned or the Mailsack said so then that's a good enough reason to implement.

Makes a whole lot of sense too
Reposting this link, check the discussions.
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question