twinstead
asked on
tcpip settings on a DNS server
May I please have a definitive answer to something that confuses me?
When I am setting up a DNS server on an active directory network, and I assign it its static ip address, what should I put in the preferred and alternate DNS fields? I am fairly sure I need to put the DNS server's static ip in the preferred, but I've read conflicting information about what goes in the alternate
When I am setting up a DNS server on an active directory network, and I assign it its static ip address, what should I put in the preferred and alternate DNS fields? I am fairly sure I need to put the DNS server's static ip in the preferred, but I've read conflicting information about what goes in the alternate
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
DNS is AD integrated? Best practice to give its own IP address ad Preferred and alternate you can give any nearest server. Could be in LAN.
Sorry Amit, DNS *Zones* are (or at least have the functionality to be) AD integrated. My fingers flew through that part. LOL
Understanding DNS Zone Replication in Active Directory Domain Services
-saige-
Understanding DNS Zone Replication in Active Directory Domain Services
-saige-
Keep server IP as preferred one.
If you only have one DNS server leave the alternate empty.
ON NO ACCOUNT MUST YOU PLACE AN EXTERNAL DNS SERVER IN EITHER.
The reason for this is the way DNS works. Clients will query the preferred DNS server to resolve names on the local AD Domain, the DNS server will then provide the information to the client. If the name cannot be resolved internally then the DNS server will use forwarders or root hints. The alternate DNS server is never used if the preferred DNS server responds (even if the response is that the target cannot be resolved).
However, If the preferred DNS server fails to respond at all in a timely fashion, (DNS sever busy, peak network traffic, drop-out etc), then the client will switch allegiance to the alternate DNS server. The alternate DNS server then becomes the preferred.
If this happens and clients start using an external DNS server then all future requests for internal name resolution will fail as the external DNS server knows nothing about your AD Domain network. Since DNS resolution is fundamental to AD, then AD will also ultimately fail.
ON NO ACCOUNT MUST YOU PLACE AN EXTERNAL DNS SERVER IN EITHER.
The reason for this is the way DNS works. Clients will query the preferred DNS server to resolve names on the local AD Domain, the DNS server will then provide the information to the client. If the name cannot be resolved internally then the DNS server will use forwarders or root hints. The alternate DNS server is never used if the preferred DNS server responds (even if the response is that the target cannot be resolved).
However, If the preferred DNS server fails to respond at all in a timely fashion, (DNS sever busy, peak network traffic, drop-out etc), then the client will switch allegiance to the alternate DNS server. The alternate DNS server then becomes the preferred.
If this happens and clients start using an external DNS server then all future requests for internal name resolution will fail as the external DNS server knows nothing about your AD Domain network. Since DNS resolution is fundamental to AD, then AD will also ultimately fail.
Main DNS: (the local host)
Second DNS: (WAN DNS)
This is how we setup static IP's on our corporate networks. If the local DNS server goes down(server stops, etc) then you can still resolve externally from this server.
I have read many articles like you that flip flop back and forth but I haven't had any issues using the above method. I am sure other have used different methods but this is just my 2 cents!
Hope it helps!