?
Solved

Setting up DNS on Windows Server 2008 R2

Posted on 2013-12-17
4
Medium Priority
?
1,258 Views
Last Modified: 2013-12-18
I have several DNS errors when scanning the DNS role in the Roles Wizard in Server 2008 R2.

I get "The network adapter Local Area Connection does not list the loopback IP address as a DNS server, or it is configured as the first entry."

In the network adapter settings, the server (IP address 192.168.0.3) lists the first DNS as 192.168.0.3 and the second as 127.0.0.1.

If I remove 127.0.0.1 and rescan the role, I get: "The network adapter Local Area Connection does not list the loopback IP address as a DNS server, or it is configured as the first entry."  Neither assumption is true.

I also get, "Local Area Connection has only the preferred DNS server configured." and recommends, "Click Start, click Network, click Network and Sharing Center, and then click Change adapter settings to configure at least two DNS servers per interface."  This I tried to do by adding 127.0.0.1 as the 2nd dns entry. But it gives the first error noted.

Any idea how I resolve this?
0
Comment
Question by:DaveWWW
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 39725558
BPAs have several types of conditions. Some are informational. Some are warnings. Some are errors.

Errors should be addressed.  Warnings are exactly that, and depending on the environment, can be safely ignored.  For example, listing your server's IP address in the primary and the loopback in the secondary, if they both reference the same server, offers NO actual redundancy. The warning is letting you know that if the primary DNS server is unavailable, you won't have DNS services. But in a single DC environment, that is true if the DNS server fails, so the warning can be safely ignored.

Another example is Exchange. It's BPA will throw one kind of warning if you allow older clients to connect, letting you know that older clients may be insecure. But if you tighten it up, it throws another warning letting you know that older clients may not be able to connect. Basically you *cannot* get rid of all warnings, because the two are mutually exclusive. Again, you choose the one that fits your security model.

So unless you have a second DC, put the one server in the IP address and accept the warning.

-Cliff
0
 
LVL 10

Expert Comment

by:Korbus
ID: 39725654
"the server (IP address 192.168.0.3) lists the first DNS as 192.168.0.3"

-might not be 127.0.0.1 but I guess technically it IS a loopback (points to itself)

I agree with cgaliher-  you can probabaly ignore that one unless your setting up a DNS server array, or somthing like that.
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 39725951
If you don't have a second DNS server, you can just use the localhost ip on the DNS. but you need to make sure that you have setup the forwarders for the DNS to resolve external domain names.
0
 

Author Closing Comment

by:DaveWWW
ID: 39726387
Although the loopback was listed by BPA as an error, not a warning, web sites are resolving correctly, so I'm happy to ignore the BPA on this one!  Thanks.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month14 days, 10 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question