Setting up Backup Domain Controller (BDC)

TCP/IP on Primary Domain ControllerBackup Domain Controller (BDC)DHCP ServerHi,

 I have SBS2011 (Windows 2008R2) as Primary Domain Controller (PDC, 192.168.1.9) and Windows 2008 Server as a Backup Domain Controller(BDC, 192.168.1.3).
 I like to know if current  TCP/IP  settings are correct with respect to DNS server addresses.
 As seen in screenshots, PDC has itself only (192.168.1.9) in DNS server section whereas BDC has itself (192.168.1.3) and PDC IP address (192.168.1.9).
 All workstation computers on the network do show both 192.168.1.9 and 192.168.1.3 as DNS servers.

Thank you.
LVL 1
sgleeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
There is no such thing as PDC and BDC.  Hasn't been since NT4.  I'll repeat that every time I read stuff like this.

Every DC should have two DNS entries where possible.  Ideally another local DC first, and itself second.  That is true whether you want a DC to take the brunt of the requests or want it to primarily be for redundancy.
2
sgleeAuthor Commented:
@Cliff
So you suggest I enter "192.168.1.3" as secondary DNS server in PDC TCP/IP?
0
MVISHIT Infrastructure ConsultantCommented:
Your first DC (PDC as you call it) should have its own IP 192.168.1.9 as preferred DNS and loopback IP 127.0.0.1 as alternate DNS. On your additional DC, you should configure preferred DNS with its own IP and alternate DNS with first DC IP 192.168.1.9
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

sgleeAuthor Commented:
@MVISH,
 
 So if I put 127.0.0.1 in PDC as alternate DNS, all is good then?
0
sgleeAuthor Commented:
PDC DNS Server with Loopback added
Without a look back address 127.0.0.1, when I go to DNS manager on both PDC and BDC, I should see identical entries, right?
Unfortunately what I see in PDC domain of Forward Lookup Zones is NOT the same as what I see in BDC.
0
MVISHIT Infrastructure ConsultantCommented:
what is it you see in DNS console of additional DNS server? can you create a test host entry and confirm if it is being replicated on both DNS servers?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
I must humbly disagree.   A domain controller should point to a *different* domain controller for DNS as primary, and to itself (using its IP address, not loopback) as secondary.

The logic behind this is that. during a reboot, the first thing a DC does is contact another DC to get replication updates before advertising itself.  And it finds other DCs via...DNS!  If it points at itself first, its AD integrated zone won't be up yet (because AD won't advertise services until it knows it is healthy) and this causes longer logon times.  This also makes the system more resilient if topology changes occur while the DC is down.

This has been official Microsoft guidance for some time and applies to any writeable DC.  If I find time later, I'll find this guidance on TechNet and post the link.  But it is fairly well documented in most enterprise AD books, blogs, etc.  

Pointing a DC at itself as primary *and* secondary (via IP then via loopback) is particularly less effective.  While an argument could be made to point to itself first and another DC second, this is the first I've seen someone suggest itself and loopback, and I'm not understanding the logic....but that's just me.
0
Cliff GaliherCommented:
Per Microsoft:

1) If a DC is hosting DNS, it should point to itself at least somewhere in the client list of DNS servers.

2) If at all possible on a DC, client DNS should point to another DNS server as primary and itself as secondary or tertiary. It should not point to self as primary due to various DNS islanding and performance issues that can occur. (This is where the arguments usually start)


Source

https://blogs.technet.microsoft.com/askds/2010/07/17/friday-mail-sack-saturday-edition/
0
sgleeAuthor Commented:
PDC DNS EntriesBDC DNS EntriesAs you can see, some entries do not match in in terms of date.
For example,
               PDC              BDC
Amber  4/28/2018    11/30/2017
Amy      4/28/2018     10/16/2017
APP1     4/29/2018      1/26/2018
0
sgleeAuthor Commented:
Experts,
I need to know what I should have as primary and secondary DNS servers in tcp/ip.
0
Cliff GaliherCommented:
I have posted an answer AND sourced it. You have to decide how trustworthy that is. Not sure what else you want here.
0
sgleeAuthor Commented:
@Cliff,
Given I have PDC and BDC, in PDC TCP/IP properties, are you suggesting that I keep:
Preferred DNS Server: 192.168.1.9
Alternate DNS server: 192.168.1.3
0
Cliff GaliherCommented:
I am saying that there is no such thing as a PDC or BDC and that the advice Microsoft published should be followed for both of your DCs.
0
sgleeAuthor Commented:
RAID Management@Cliff,
 I used PDC and BDC to separate one from the other. Sorry it bothers you.
 Whatever you like to call them would be 100% fine with me.
 All I want to know is that what I have in two screenshots that I posted in my question is correct or not.

@MVISH
I entered 127.0.0.1 as Alternate DNS server in PDC, rebooted it and realized that my MegaRAID Storage Manager could not find LSI RAID controller (I did not take the screenshot of this) . When I removed 127.0.0.1 and restarted the server, then LSI RAID controller was found (please see the screenshot).
0
Cliff GaliherCommented:
If you read the link I posted, then your original screens hot go against suggestion #2.

Those Microsoft suggestions were scalable... 2 domain controllers... 20 domain controllers... The rules can be applied to all of them.
0
sgleeAuthor Commented:
@Cliff
I really don't have to read all that in the link.
How would you populate DNS server list if you have PDC and one BDC?
0
Cliff GaliherCommented:
I took the time to read it. And REread it right before posting the link. I expect people who want answers to take the time to do so as well. Their time is no less valuable than my own. If you want me to audit your site and set it up for you  I'll happily share with you my hourly rates.
0
Cliff GaliherCommented:
And for the record it's not a book. It's a three minute blog post. Nah body should be able to read it if they cared about learning good practices. Give a man a fish vs teach a man to fish and all that.
0
sgleeAuthor Commented:
if I wanted to read upon my self, I did not need to post my question. There are a plenty of articles on google that I can find.

Can someone else make suggestions regarding this subject matter?
0
Cliff GaliherCommented:
Most people come here and ask questions because:

1) Google failed them and they've hit an odd problem that they *couldn't* find a solution to themselves.

or

2) The nature of the internet is that they found multiple conflicting answers and want to get "good" advice from experienced experts.

It seemed that you initially fell into the latter category.  So I provided real-world experience and posted a sourced link from Microsoft itself.  

But when someone admits that they don't want to take ANY time to read, then you'll find that most experts won't take *ANY* time to read your question either.  Its a reciprocal relationship.  Chances are you are getting paid to configure this network (either as an employee or as a consultant.)  And we, as volunteers, are NOT getting paid to offer advice.  Expecting detailed, grit-level answers that you'll get paid for, that we won't...rubs many many honest contributors the wrong way.  It is taking advantage of the community and is not in the spirit of Experts *EXCHANGE* (where ideas and advice is exchange, not just dolled out to anybody who wants to make a buck.)

I share this not to be randomly critical, but because you get out of the community what you put in.  I share this so you can be more successful, both in your career and here on Experts Exchange.  Someone may decide to prove me wrong and post an answer here specific to your question (although I doubt it), but even then, their answer is going to be incomplete as they didn't audit your network to know precisely what they are dealing with.  That makes such detailed answers difficult at best, and often wrong at worst.

My advice stands.  You want to have success on Experts Exchange, and this question specifically, take the time to read the articles that experts post.  Make a cup of coffee...enjoy the morning, and take that *three whole minutes.*  Beyond that, I won't get more specific in an answer as it goes against what I believe to be good and correct in community participation.  The choice now is yours.
0
Cliff GaliherCommented:
An answer was given.  The OP chose not to read it.  That's their choice.
0
sgleeAuthor Commented:
@MVISH
" can you create a test host entry and confirm if it is being replicated on both DNS servers?" --> I just added a new account called "test" in PDC and saw  "test" in BDC in the next few minutes. Then I deleted  "test"  from BDC and confirmed that  "test"  was removed from PDC.

Fyi, I have not changed DNS server addresses in both PDC and BDC. Again, when I entered 127.0.0.1 as Alternate DNS server in PDC, rebooted it and my MegaRAID Storage Manager could not find LSI RAID controller. So I cleared it.

So, in conclusion, DNS replication that is in place has been working all along. Adding a test account confirmed that it was live and well.

Thanks for your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.