Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

win2003 dns server ip address question

Posted on 2012-03-16
6
Medium Priority
?
420 Views
Last Modified: 2012-03-19
Hi,
That's a simple question but :
I have 2 dc's dc1 10.1.2.12 and dc2 10.1.2.13
both are dns servers (srv2003)
It their on network card propriaty what dns entry should their be?
"use the following DNS server addresses
Preferred DNS Server
Alternate DNS server"

Should it be 127.0.0.1 then 10.1.2.13 for the first one
or 10.1.2.12 the 10.1.2.13
or 10.1.2.13 then 10.1.2 12
or 10.1.2.13 then 127.0.0.1
or other combinaison?
tx!
0
Comment
Question by:SigSupport
6 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37729430
Each DC should point to themself first and then to the other one. I usually do it by the IP address rather than local host address.

As far as your clients as long as they point to both it doesnt really matter which is first.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 37729435
On .12

Preferred = .13
Alternate = 127.0.0.1

On .13

Preferred = .12
Alternate - loopback

You do that to prevent race condition issues


Ned Pyle from the ask DS team had a great answer about this.

This answer came about from an email MVP Mark Parris sent to Ned


*****************cut and paste from here...not taking credit for their good work here ***********************

I have "knelt before Ned" and the concise digest response to the raised points in the trail is:

The BPA is right – on DCs we recommend making the DC loopback address a secondary/tertiary or lower entry, and pointing to another DNS server as primary, for the reasons below:
 
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
 
It’s also stated in this DNS BPA rule:
 
DNS: DNS servers on <adapter name> should include the loopback address, but not as the first entry
http://technet.microsoft.com/en-us/library/ff807362(WS.10).aspx
 
And this one:
 
DNS: DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers
http://technet.microsoft.com/en-us/library/dd378900(WS.10).aspx
 
The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers.

However, if the DNS server is also a domain controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.
 
The loopback address of 127.0.0.1 (or ::1 in IPV6) is recommended because, unlike even a static IP address, it never changes. So you can never accidentally forget to update your DNS entry and be completely FUBAR.

We in MS AD support still reckon that roughly 75% of our AD cases have DNS-Networking root cause, so anything you can do to avoid becoming a statistic is alright by us.
 
As far as RPC DNS goes, you might be thinking of RPCAuthLevel and the man-in-the-middle protection added in Win2008+:
 
http://blogs.technet.com/b/askds/archive/2010/02/12/friday-mail-sack-not-usmt-edition.aspx#dns

*****************************************8

Thanks

Mike
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37729437
So on DC1 it would be

Preferred 10.1.2.12
Secondary 10.1.2.13

On DC2 it would be
preferred 10.1.2.13
secondary 10.1.2.12
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 6

Expert Comment

by:bluemeln
ID: 37729444
On DC1, it should bet
10.1.2.12
10.1.2.13

On DC2, it should be
10.1.2.13
10.1.2.12

The DNS servers should check itself first in order to avoid network traffic to another server.
As a practice, I do not use 127.0.0.1 because of multi-homed servers. Instead I type in the literal IP address.

When they are located in a forest, I usually put the IP address of a Global Catalog DC as the second DNS entry in the second DC, so

On DC2
10.1.2.13
10.1.5.12 (if there were a 10.1.5.x domain in the same forest)
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37729452
I disagree with the others on this, I've run into race condition issues before.  I also defer to Ned and the AD team because they see all the support calls generated.

Make sure to read the links in Ned's answer I posted above.

Thanks

Mike
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37729596
I also used to be a primary = self and secondary = other DC.
And although I've not had race conditions I've changed my configs too.
From experience, if Ned or the Mailsack said so then that's a good enough reason to implement.

Makes a whole lot of sense too
Reposting this link, check the discussions.
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question