Re: Domian Controller DNS Settings Question

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

It may or may not forward to root hints - I can't tell that from your post.
But by default, that is not enough. It also has to have access to the root
servers via the network. Does it?


"John W" <whitesj@xxxxxxxxxxxxxxx> wrote in message
news:u3YeKY2CIHA.4584@xxxxxxxxxxxxxxxxxxxxxxx
I don't understand? On DC4, it has DNS installed and set as itself, why
wouldn't it be able to resolve outside domains? It forwards to the
roothints correct?

It's set up just like the other DCs, and they can resolve outside names
and i've done nothing different to them.

-John

"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:%23oFoIO2CIHA.5328@xxxxxxxxxxxxxxxxxxxxxxx
That's not strange, that's expected that it would behave like that.
It should only be able to resolve the domain it's responsible for unless
you tell it otherwise.

And yes, DC1 should have DC2 listed as a secondary although it would
hopefully not be needed.



"John W" <whitesj@xxxxxxxxxxxxxxx> wrote in message
news:u0hzgL1CIHA.1056@xxxxxxxxxxxxxxxxxxxxxxx
The strange thing about DC4, it's in a different site, different subnet
(connected to the others via P2P T1, and it seems it's DNS will not
resolve internet names unless I set up a forwarder as you said that
forwardst he request to any of the other DNS servers.

-John

"John W" <whitesj@xxxxxxxxxxxxxxx> wrote in message
news:%23NCvSF1CIHA.1164@xxxxxxxxxxxxxxxxxxxxxxx
Should DC1 then have like DC2 as it's secondary DNS?


"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:OFQkKC1CIHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
A best practice is to make Active Directory Integrated DNS servers use
themeselves for name resolution. That would be after they have come up
fully as a DC.
That also assumes Windows 2003.

The reason for that configuration is because otherwise if you lose a
link, or lose the primary domain controller that everyone uses for
DNS, then the rest of the DCs become useless while they cannot find
resources in the domain.

DC2 should use itself as primary, DC1 as a secondary.
Same for DC3 and 4 most likely.
Internet name resolution is something you'll have to decide, but were
it me, I'd pick at least two DNS servers to forward requests to the
internet DNS server (usually my ISP's dns server for speed sake; could
be root servers if you like.) The rest of the DNS servers would
forward all other requests that are not hosted internally to these two
servers. That helps to limit the internet traffic generated by all the
DC's and prevents you from having all domain controllers listed in
your firewall policies.

Al


"John W" <whitesj@xxxxxxxxxxxxxxx> wrote in message
news:uNort50CIHA.5360@xxxxxxxxxxxxxxxxxxxxxxx
There is something I'm not clear on here.

We have 4 DCs (3 in one site, and one in another site). All of them
have DNS Installed, so they're all AD Integrated zones.

1. When you promote the 2nd DC, it has to have DC1 as it's DNS or it
won't be able to promote/join to domain, etc, correct...

2. When you install DNS on DC2, BEFORE the install should the DNS
server for DC2 be set as DC1, and then after the install should the
DNS for DC2 be set as itself?

Should it have any secondary DNS servers?

3. DC4 (in the other site) is being strange...it cannot access the
internet unless it's DNS is set as one of the other DCs, if i set it
to itself, it doesn't work. It has DNS installed, zone replicated
etc, but it's being strange...

I feel like something isn't set right on these things. DC1 takes
FOREVER and a day to restart (sits at preparing network connections
forever).

Before I got DNS running correctly on all these machines, it seems
like if i had them set to themselves as DNS they would not replicate
DNS properly, the logs should show up with all kinds of crazy errors
and I could never figure them out. When I set them to DC1 as DNS and
then installed DNS, it worked fine.

So basically after DNS is all working, how should the servers have
their DNS settings set up? all as themselves? or themselves and
something.













.

Relevant Pages

  • Re: Windows cannot find the network path error message in GPMC
    ... Preferred DNS server. ... bar of the Network Connections window, ... sure you have Forwarders to your ISP DNS servers Enabled. ... preventing access to this computer from the Internet" is Not checked on this ...
    (microsoft.public.windows.group_policy)
  • Re: DNS problem - 2 IP addresses on one adapter
    ... the name is available via public DNS and resolves to our ... another FQDN which on public DNS servers resolves to the same external ... Then you need two DNS servers -- MS DNS gives same ... 192.168.x.y won't route on the Internet. ...
    (microsoft.public.windows.server.dns)
  • Re: Help with Server 2003 - cant connect to the internet
    ... I checked out the suggestion shown below (forwarding the DNS address) ... inplace restore from the Server cd which would overwrite any installed ... When the server came up - I was able to connect to the internet, ... motherboard) it can find the internet, however when I install the 2nd NIC ...
    (microsoft.public.windows.server.general)
  • Re: dns + firewall?
    ... The DNS for the public resolution from the Internet? ... users to resolve to both the external AND the internal versions of the zone. ... DNS servers how to resolve "the Internet" -- the ...
    (microsoft.public.win2000.dns)
  • Re: The best configuration for ISA 2004
    ... I don't know if I have to install it or no. ... > connection to your ISP to get to the internet? ... > One important issue you will have is DNS, do you have any DNS in the ... > from internal clients to external DNS servers. ...
    (microsoft.public.isa)