Multi sites DNS settings

add0514 · 2016-05-23T05:24:07.000Z

Greetings,

I’ve read various discussions and documentations in regards of Domain Controller’s DNS settings–In an environment where multiple DC/DNS servers exist, it seems that the best practice is to point the the DC to each other in the NIC’s primary DNS setting and point to themselves in the secondary DNS setting.

In a multi sites environment, where there are multiple DC/DNS servers at each site, is it correct to do the following.

Point the sub-site’s DC1 to itself in the NIC’s primary DNS setting.
Point the sub-site’s DC1 to the HQ’s DC/DNS server in the secondary DNS setting.
Point the sub-site’s DC2, DC3… to the DC1 in their NIC’s primary DNS setting.

Please excuse me if this topic had been cover elsewhere. Please provide the link and I’ll do the diligent. Otherwise, your thought and comment will be much appreciated.

Regards,

Alan

Gary-D-Williams · 2016-05-23T05:28:29.000Z

Best practice is to point the primary DNS server to any other DNS server. then point the secondary to 127.0.0.1

http://www.dell.com/support/article/us/en/04/SLN155801/en?c=us&l=en&s=bsd&cs=04

add0514 · 2016-05-23T05:42:05.000Z

Thank you Gary.

I’ve read the Dell’s article at the link you provided. However, I’ve seen some valid arguments for pointing a sub-site’s DC1 to itself while researched the same question long ago when I set up the Win 2008/R2 AD sub-sites. I’m revisiting the subject and noticed that some of the documentations I read previously had disappeared and the consensus seems to be in favor of DNS servers pointing to each other–Though there’re still enough room for counter arguments. I’m just trying clear the fog off my head and get validation for the change that I see.

Best,

Alan

markwilliams21 · 2016-05-23T07:41:13.000Z

I’m not sure what you are asking

Best practice is

Primary - point a DNS server to another DNS server
Secondary - Point to itself 127.0.0.1

psophos · 2016-05-23T08:23:58.000Z

There’s good advice here too:
http://www.windowsnetworking.com/articles-tutorials/windows-server-2012/active-directory-insights-part1.html

The main issue you want to avoid is where a DC gets isolated from the rest and stops communicating with them. That invariably leads to trouble down the road.

add0514 · 2016-05-23T15:26:06.000Z

Thank you guys.

When I was setting up the sub-sites there were a lot of conflicting opinions and gray areas. I thought I followed the best practices as I understand it back then. I remember reading articles where pointing a site’s DC to itself was recommended as the DNS service had improved with Windows 2008/r2 to prevent some earlier issues such as isolation.

Some KB gives flat out instruction…

learn.microsoft.com

Configure DNS Client Service Settings on the First and Subsequent Domain...

And some KB suggest choosing an option base on your preference…

learn.microsoft.com

Recommendations for Domain Name System (DNS) client settings - Windows Server

Describes recommendations for configuring DNS client settings.

As I mentioned earlier, it seems the consensus is leaning toward pointing DNS servers to each other - I just want to pose the question here because I trust your opinions.

Best,

Alan

johnmeredith3839 · 2016-05-24T14:43:01.000Z

On my servers, I always have at least one offsite DNS server listed in the additional area under advanced settings. In a mesh network environment, I’ll have all my DNS servers listed on each other, with offsite ones at the bottom of the list.

The nice thing about “best practices” is that, like “standards” there are so many to choose from.

If both DCs at a given site go down (say scheduled maintenance or extended power failure), you’re going to be sitting for a good long time waiting for the server startup to finish if they’re only looking at each other and themselves for DNS. By adding offsite DNS at the bottom of the list, they’ll fire right up assuming connectivity is established.