Recommended setting for Preferred and Alternate DNS
wa
What is the recommended Preferred and Alternative DNS server settings?
I have one DC with Preferred DNS pointing to itself and Alternate DNS
pointing to the ISP's DNS Server. On the 2nd DC, I have the Pref DNS
pointing to itself and Alternate DNS pointing to the first DC. Forwarders
are setup to point to the ISP's DNS servers.
Also, my router is setup with Primary DNS pointing to my "first" DC and
Secondary DNS pointing to my ISP's DNS. Is this also best practice?
Thanks
Kevin D. Goodknecht Sr. [MVP]
> I have 2 Win 2k Server DC's running DNS AD Integrated on the same
> network. What is the recommended Preferred and Alternative DNS server
> settings?
>
> I have one DC with Preferred DNS pointing to itself and Alternate DNS
> pointing to the ISP's DNS Server.
Remove the ISP DNS, do not use an ISP or external DNS that cannot resolve
the AD domain on any member of an AD domain in ANY position.
On the 2nd DC, I have the Pref DNS
> pointing to itself and Alternate DNS pointing to the first DC.
> Forwarders are setup to point to the ISP's DNS servers.
My preference would be to use the other DC as the preferred, itself as the
alternate. The reason is because at startup the other DC should already be
running and it prevents startup errors. When I say other DC, it goes for all
DCs, no DC is any more authoritative than another DC, the reason for using
another DC for DNS is to prevent startup errors.
AD needs DNS, DNS cannot load the AD zones until AD starts, so you get
errors at startup.
>
> Also, my router is setup with Primary DNS pointing to my "first" DC
> and Secondary DNS pointing to my ISP's DNS. Is this also best
> practice? No.
The router should be using the ISP's DNS only, then you can use the router
as a forwarder for the internal DNS servers.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
ajpra
I strongly agree with Kevin. You need to remove the ISP DNS from all DC's,
member servers and client machines and it should not be present as a primary
or alternate DNS IP. All the machines should point to the internal DC with
DNS. Both your DNS Servers should have forwarders pointing to ISP DNS.
Moreover both your DC's/DNS should point to themselves for primary DNS and to
the other internal DC/DNS as alternate DNS.
It does not make much of a difference where your router points to for DNS as
all the internal machines are pointing to internal DNS Server.
Regards,
Ajay
ObiWan [MVP]
> pointing to the ISP's DNS Server. On the 2nd DC, I have the Pref DNS
> pointing to itself and Alternate DNS pointing to the first DC. Forwarders
> are setup to point to the ISP's DNS servers.
Wrong; assuming you're on AD:
First DNS: points to itself and to the other DNS
Second DNS: points to itself and to the other DNS
if you only want one of the two to act as an internet resolver, configure
it to resolve internet names (forwarders or *better* root-hints) and then
point the other at this as its forwarder; otherwise (suggested) setup both
servers to use root-hints and recursion and allow them to resolve internet
names; at this point.. ENSURE that ALL the client machines (and btw the
other servers too) point to your two DNS and ONLY to those; AVOID
using external (ISP) DNS please
HTH
--
* ObiWan
Microsoft MVP: Windows Server - Networking
http://www.microsoft.com/communities/MVP/MVP.mspx
http://italy.mvps.org