Friday, November 27, 2015

windows - What should the order of DNS servers be for an AD Domain Controller and Why?




This is a Canonical Question about Active Directory DNS Settings.



Related:







Assuming an environment with multiple domain controllers (assume that they all run DNS as well):




  • in what order should the DNS servers be listed in the network adapters for each domain controller?

  • Should 127.0.0.1 be used as the primary DNS server for each domain controller?

  • Does it make any difference, if so what versions are affected and how?


Answer



According to this link and the Windows Server 2008 R2 Best Practices Analyzer, the loopback address should be in the list, but never as the primary DNS server. In certain situations like a topology change, this could break replication and cause a server to be "on an island" as far as replication is concerned.




Say that you have two servers: DC01 (10.1.1.1) and DC02 (10.1.1.2) that are both domain controllers in the same domain and both hold copies of the ADI zones for that domain. They should be configured as follows:



DC01
Primary DNS 10.1.1.2
Secondary DNS 127.0.0.1

DC02
Primary DNS 10.1.1.1
Secondary DNS 127.0.0.1


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...