[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Domain Controllers & DNS

Posted on 2014-03-24
4
Medium Priority
?
844 Views
Last Modified: 2015-01-24
I currently have 2 domain controllers.  One is physical Server 2008 SP2 and holds all 5 FSMO roles.  The other is also Server 2008 SP2 and is virtual.

I just installed Server 2012 R2 domain controller and performed the necessary forestprep, and domainprep functions.

My goal is to move the FSMO roles to the new physical Server 2012 R2 domain controller, and decomission the physical Server 2008 DC.

Regarding DNS - Currently while all 3 DC's are up and running what DNS servers should they be pointing to?  

Should their Primary DNS server be themselves and the secondary be the DC holding the FSMO roles?  Or should they be pointing primary to FSMO Server and secondary to themselves?

Thank you in advance.
0
Comment
Question by:BSModlin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 14

Assisted Solution

by:Andy M
Andy M earned 400 total points
ID: 39950158
Providing DNS is replicating correctly between all three servers I don't think it really matters which dns each server has assigned. Personally I would point each server to use the 2012 server and virtual 2008 server for both primary and secondary.

The only thing to look out for is once the old 2008 server is removed that no server (and DHCP) is set to use it for DNS otherwise you may start having some issues.
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 1600 total points
ID: 39950247
It does matter
If you have DNS role installed on domain controller, you must point its own IP (not 127.0.0.1) to itself in preferred DNS settings and alternate you can point to another server in same site (ADC) or if you don't have another in same site you could point it to PDC

Because since all domain controllers are authoritative for that domain and domain dns zone, each must be point to itself in primary dns configuration
So that DNS server will try to resolve query with itself own DNS entries and if he do not found any thing then it will look for other options
There are other  options for resolving those queries which he cannot resolve
such as entering another DNS in secondary, setting up forwarders, conditional forwarders, secondary zones etc

There is no point to route queries to another DC by setting up another DNS server address in his network card preferred dns entry

Mahesh.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 39950411
Each server should be pointing to itself for primary DNS and to a different server for secondary DNS.  This will ensure DC functionality even if other DC is not available.  At one point, this was considered DNS island and was not recommended but now this is the recommendation from MS.
0
 

Expert Comment

by:Ken Stokes
ID: 40568158
Excellent Comments.  I have seen many opinions on this matter, but this seems to be the correct one.   Thank you.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question