• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

Static DNS server setting best practice ?


I’d like to know what is the best way to assign Primary and Secondary DNS server in a large enterprise?

Where the majority of the servers are located in Data Centre AD site and all of the workstations are in Head Office AD site. The AD topology is just single AD domain forest.

Data Center building (AD Site: Data_Center) ~ 350 Windows servers:
PRODDC01-VM (AD Domain Controller, DNS Server)
PRODDC03-VM (AD Domain Controller, DNS Server)

Head Quarter building (AD Site: HQ) ~ 250 Windows workstations:
HQDC01 (AD Domain Controller, DNS Server, DHCP Server)

Note: There are some more DC/DNS server in both sites above but they are to be decommissioned due to old Win2003 box.

So what is the best recommended configuration for the Server DNS setting and the work station DNS settings based on three AD integrated DNS above on both AD sites ?
Senior IT System Engineer
Senior IT System Engineer
2 Solutions
David Johnson, CD, MVPOwnerCommented:
datacenter site PRODDC01-VM PRODDC03-VM HQDC01
If you have a local DNS server at a branch office, always use this as the first DNS. The second one should be a DNS server at HQ. If the WAN line is unreliable, consider installing a second DNS server at the remote office.
Senior IT System EngineerIT ProfessionalAuthor Commented:
thanks !
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

Senior IT System EngineerIT ProfessionalAuthor Commented:
is there any harm in mixing the DNS between the different AD sites ?
Harm? No.

You may be over-thinking this. The clients should just be getting their DNS settings from the DHCP service. DNS traffic is a relatively trivial fraction of the overall traffic that a client generates, so -- as long as your DNS servers are in agreement -- it's not all that important that some clients, some of the time, look across the WAN link to resolve names within your domain. You _do_ want to give the clients more than one DNS server address, since things will tend to grind to a halt if that one DNS server happens to go unavailable for some reason.
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ah ok, thanks for the clarification Jim !
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now