Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


DNS Domain Controller Setup

Posted on 2014-01-15
Medium Priority
Last Modified: 2014-01-15
There seems to be for lack of better works a difference of opinion as to the best practice for DNS settings on a DC.  We have a large corp many sites one domain, lots of DCs.  My thinking is to set up each DC as a DNS server and forward the requests out to my Corp DCs - I think this will give us faster results internally - we have programs that are internal, over the WAN to our Corp office and out to the internet.  So I think DC01 should point to DC02 and then itself and then forward the request to The corp DC.  And DC02 should point to DC01 then itself and then forward the request to my Corp server.  Can someone please offer an opinion - Of course you set up zone also - but I'm just talking about the server requests.
Question by:WellingtonIS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 37

Expert Comment

ID: 39783319
No matter where you place DC, AD integrated DNS should be installed
Also all DCs that are DNS servers also, you must point their primary DNS IP pointing to them self only and secondary you may point to ADC in same site or if its not there then point  it to PDC
For internal name resolution you don't have to do anything other than setting up AD integrated DNS zones in DNS, eventually they will get replicated to all DCs in domain \ forest.

For internet access, if you have centralized proxy server \ firewall that controls the internet traffic, then no need to setup DNS on remote locations for internet name resolution.
However if your main site DNS server is the single point for resolving queries to internet (it has forwarder to public DNS servers) then you need to set default forwarder on remote location DCs and that default forwarder should point to main DC for internet name resolution
If you have multiple hub locations then you can set multiple DNS servers for internet name resolution by putting up ISP DNS in default forwarders list in DNS server properties for that Hub location.

let me know if this is what you are looking for and if i understand it correctly.


Author Comment

ID: 39783395
Yes I realize they all must point to a primary DNS server, however, don't they need to point to each other in the same domain? and shouldn't the zones then replicate to the "Primary" DNS server?  So If you have the zone transfers they will get the information from the primary and filter down to the DC on the Forest?
LVL 37

Accepted Solution

Mahesh earned 2000 total points
ID: 39783541
All Dcs must point to itself as primary dns server in tcp/ip setings if you installed DNS service on them.
All Dcs can point to other DNS server, but as secondary DNS server in tcp/ip properties

In order to replicate Zone in forest, DC should not point to each other in primary dns server settings in tcp/ip settings.

All you need to set is, go to zone properties of AD integrated Zone
on general tab, there is replication option
in replication select "Add dns servers in this domain OR all dns servers in this forest since you have single domain \single forest
When you select above options, zone get stored in either ForestDNSZones or Domaindnszones active directory application partition in AD and gets replicated to all domain controllers in forest or domain depending upon your selected option.

If zone is not AD integrated (that is only standard primary then above options will not activated, in that case those zones will not replicated.
In order to replicate those zones to all DCs, you must select "store zone in active directory" checkbox in zone properties so that it will changed from primary to AD integrated and then you need to select appropriate option (all dns servers in domain or forest to store zone data in AD and to replicate).


Author Closing Comment

ID: 39783719

Featured Post

Protect Your Retail Business and Reputation

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for an informative webinar to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question