Solved

tcpip settings on a DNS server

Posted on 2014-11-13
6
252 Views
Last Modified: 2014-11-13
May I please have a definitive answer to something that confuses me?

When I am setting up a DNS server on an active directory network, and I assign it its static ip address, what should I put in the preferred and alternate DNS fields? I am fairly sure I need to put the DNS server's static ip in the preferred, but I've read conflicting information about what goes in the alternate
0
Comment
Question by:twinstead
6 Comments
 
LVL 32

Accepted Solution

by:
it_saige earned 500 total points
Comment Utility
It depends on the number of servers you have.  The conflicting information most likely stems from this question, how does my DNS system work to ensure that if DNS is down, clients are able to successfully get current information.

This is where Active Directory plays it's part to ensure that DNS server don't *end up on an island*, so to speak.  With AD integrated DNS zones, DNS server get their updates from AD.  So the issue about have a DNS server reference a secondary/tertiary server as it's primary DNS sources is moot.

Microsoft recommends that DNS servers list, themselves as Primary and then a Secondary/Tertiary(/Quarnary if you want to be so bold) server as the Secondary server.  You can also fill out the list in the TCP/IP advanced settings with additional servers.

-saige-
0
 
LVL 3

Expert Comment

by:Wes Fields
Comment Utility
The Microsoft way of doing things would be:

Main DNS: (the local host)
Second DNS: (WAN DNS)

This is how we setup static IP's on our corporate networks.  If the local DNS server goes down(server stops, etc) then you can still resolve externally from this server.

I have read many articles like you that flip flop back and forth but I haven't had any issues using the above method. I am sure other have used different methods but this is just my 2 cents!

Hope it helps!
0
 
LVL 41

Expert Comment

by:Amit
Comment Utility
DNS is AD integrated? Best practice to give its own IP address ad Preferred and alternate you can give any nearest server. Could be in LAN.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 32

Expert Comment

by:it_saige
Comment Utility
Sorry Amit, DNS *Zones* are (or at least have the functionality to be) AD integrated.  My fingers flew through that part.  LOL

Understanding DNS Zone Replication in Active Directory Domain Services

-saige-
0
 
LVL 41

Expert Comment

by:Amit
Comment Utility
Keep server IP as preferred one.
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
If you only have one DNS server leave the alternate empty.

ON NO ACCOUNT MUST YOU PLACE AN EXTERNAL DNS SERVER IN EITHER.

The reason for this is the way DNS works. Clients will query the preferred DNS server to resolve names on the local AD Domain, the DNS server will then provide the information to the client. If the name cannot be resolved internally then the DNS server will use forwarders or root hints. The alternate DNS server is never used if the preferred DNS server responds (even if the response is that the target cannot be resolved).

However, If the preferred DNS server fails to respond at all in a timely fashion, (DNS sever busy, peak network traffic, drop-out etc), then the client will switch allegiance to the alternate DNS server. The alternate DNS server then becomes the preferred.

If this happens and clients start using an external DNS server then all future requests for internal name resolution will fail as the external DNS server knows nothing about your AD Domain network.  Since DNS resolution is fundamental to AD, then AD will also ultimately fail.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates‚Ķ
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now