Solved

win2003 dns server ip address question

Posted on 2012-03-16
6
393 Views
Last Modified: 2012-03-19
Hi,
That's a simple question but :
I have 2 dc's dc1 10.1.2.12 and dc2 10.1.2.13
both are dns servers (srv2003)
It their on network card propriaty what dns entry should their be?
"use the following DNS server addresses
Preferred DNS Server
Alternate DNS server"

Should it be 127.0.0.1 then 10.1.2.13 for the first one
or 10.1.2.12 the 10.1.2.13
or 10.1.2.13 then 10.1.2 12
or 10.1.2.13 then 127.0.0.1
or other combinaison?
tx!
0
Comment
Question by:SigSupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37729430
Each DC should point to themself first and then to the other one. I usually do it by the IP address rather than local host address.

As far as your clients as long as they point to both it doesnt really matter which is first.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 37729435
On .12

Preferred = .13
Alternate = 127.0.0.1

On .13

Preferred = .12
Alternate - loopback

You do that to prevent race condition issues


Ned Pyle from the ask DS team had a great answer about this.

This answer came about from an email MVP Mark Parris sent to Ned


*****************cut and paste from here...not taking credit for their good work here ***********************

I have "knelt before Ned" and the concise digest response to the raised points in the trail is:

The BPA is right – on DCs we recommend making the DC loopback address a secondary/tertiary or lower entry, and pointing to another DNS server as primary, for the reasons below:
 
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
 
It’s also stated in this DNS BPA rule:
 
DNS: DNS servers on <adapter name> should include the loopback address, but not as the first entry
http://technet.microsoft.com/en-us/library/ff807362(WS.10).aspx
 
And this one:
 
DNS: DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers
http://technet.microsoft.com/en-us/library/dd378900(WS.10).aspx
 
The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers.

However, if the DNS server is also a domain controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.
 
The loopback address of 127.0.0.1 (or ::1 in IPV6) is recommended because, unlike even a static IP address, it never changes. So you can never accidentally forget to update your DNS entry and be completely FUBAR.

We in MS AD support still reckon that roughly 75% of our AD cases have DNS-Networking root cause, so anything you can do to avoid becoming a statistic is alright by us.
 
As far as RPC DNS goes, you might be thinking of RPCAuthLevel and the man-in-the-middle protection added in Win2008+:
 
http://blogs.technet.com/b/askds/archive/2010/02/12/friday-mail-sack-not-usmt-edition.aspx#dns

*****************************************8

Thanks

Mike
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37729437
So on DC1 it would be

Preferred 10.1.2.12
Secondary 10.1.2.13

On DC2 it would be
preferred 10.1.2.13
secondary 10.1.2.12
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 6

Expert Comment

by:bluemeln
ID: 37729444
On DC1, it should bet
10.1.2.12
10.1.2.13

On DC2, it should be
10.1.2.13
10.1.2.12

The DNS servers should check itself first in order to avoid network traffic to another server.
As a practice, I do not use 127.0.0.1 because of multi-homed servers. Instead I type in the literal IP address.

When they are located in a forest, I usually put the IP address of a Global Catalog DC as the second DNS entry in the second DC, so

On DC2
10.1.2.13
10.1.5.12 (if there were a 10.1.5.x domain in the same forest)
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37729452
I disagree with the others on this, I've run into race condition issues before.  I also defer to Ned and the AD team because they see all the support calls generated.

Make sure to read the links in Ned's answer I posted above.

Thanks

Mike
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37729596
I also used to be a primary = self and secondary = other DC.
And although I've not had race conditions I've changed my configs too.
From experience, if Ned or the Mailsack said so then that's a good enough reason to implement.

Makes a whole lot of sense too
Reposting this link, check the discussions.
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question