Static DNS server setting best practice ?


I’d like to know what is the best way to assign Primary and Secondary DNS server in a large enterprise?

Where the majority of the servers are located in Data Centre AD site and all of the workstations are in Head Office AD site. The AD topology is just single AD domain forest.

Data Center building (AD Site: Data_Center) ~ 350 Windows servers:
PRODDC01-VM (AD Domain Controller, DNS Server)
PRODDC03-VM (AD Domain Controller, DNS Server)

Head Quarter building (AD Site: HQ) ~ 250 Windows workstations:
HQDC01 (AD Domain Controller, DNS Server, DHCP Server)

Note: There are some more DC/DNS server in both sites above but they are to be decommissioned due to old Win2003 box.

So what is the best recommended configuration for the Server DNS setting and the work station DNS settings based on three AD integrated DNS above on both AD sites ?
LVL 10
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
datacenter site PRODDC01-VM PRODDC03-VM HQDC01
If you have a local DNS server at a branch office, always use this as the first DNS. The second one should be a DNS server at HQ. If the WAN line is unreliable, consider installing a second DNS server at the remote office.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:
thanks !
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

Senior IT System EngineerIT ProfessionalAuthor Commented:
is there any harm in mixing the DNS between the different AD sites ?
Harm? No.

You may be over-thinking this. The clients should just be getting their DNS settings from the DHCP service. DNS traffic is a relatively trivial fraction of the overall traffic that a client generates, so -- as long as your DNS servers are in agreement -- it's not all that important that some clients, some of the time, look across the WAN link to resolve names within your domain. You _do_ want to give the clients more than one DNS server address, since things will tend to grind to a halt if that one DNS server happens to go unavailable for some reason.
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ah ok, thanks for the clarification Jim !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.