DNS conflicting answers iscubafanatic[ at ]hotmail.com 4/16/2007 2:56:16 PM I have had many differing and sometimes conflicting answers on the subject of setting up multiple DNS servers on multiple DCs and am hoping this forum can supply me with a final answer. Example Environment: Two W2K3 servers both configured as (DCs) Domain Controllers running DNS, Forward and Reverse are AD integrated: How to configure the local adapter DNS settings Setup 1: Point primary to self and secondary to other DNS server Setup 2: On DC1 point primary to self and secondary to other DNS server On DC2 point primary to DC1 and secondary to self How to configure DNS on two DCs: Forwarders setup 1: Configure forwarders on each DNS to point to service providers external DNS Forwarders setup 2: Configure forwarders on DC1 to point to service providers external DNS Configure forwarders on DC2 to point to DC1 Recursion for Domain setup 1: Use recursion on Domain on both DCs Recursion for Domain setup 2: Use recursion on Domain on DC1 but not on DC2 All opinions are appreciated along with the logical reasoning...thanks!

Re: DNS conflicting answers "Herb Martin" <news[ at ]learnquick.com> 4/16/2007 6:25:27 PM <iscubafanatic[ at ]hotmail.com> wrote in message news:1176735376.268895.289070[ at ]y5g2000hsa.googlegroups.com... [Quoted Text] >I have had many differing and sometimes conflicting answers on the > subject of setting up multiple DNS servers on multiple DCs and am > hoping this forum can supply me with a final answer. > > > Example Environment: > > Two W2K3 servers both configured as (DCs) Domain Controllers running > DNS, Forward and Reverse are AD integrated: > > How to configure the local adapter DNS settings > > Setup 1: > Point primary to self and secondary to other DNS server The terms are PREFERRED and ALTERNATE (not primary and secondary which have other technical meanings in DNS.) > Setup 2: > On DC1 point primary to self and secondary to other DNS server > On DC2 point primary to DC1 and secondary to self There is no DEFINITIVE answer for this. Generally you want to use the "nearest" DNS Server (itself) but there is a problem that causes spurious (unimportant) errors at boot if you do this with AD integrated DNS. Usually I would say, point them to themselves as Preferred for WAN separated DCs and at each other for DNS servers local to each other. > How to configure DNS on two DCs: > > Forwarders setup 1: > Configure forwarders on each DNS to point to service providers > external DNS This works. > Forwarders setup 2: > Configure forwarders on DC1 to point to service providers external DNS > Configure forwarders on DC2 to point to DC1 I would only do this if the DC2 is at another WAN location with no direct Internet connection of its own. > Recursion for Domain setup 1: > Use recursion on Domain on both DCs Generally you do NOT want DCs or even other internal DNS servers doing recursion -- this would mean they would need to (possibly) visit "EvilHackersRUs.com". > Recursion for Domain setup 2: > Use recursion on Domain on DC1 but not on DC2 > > All opinions are appreciated along with the logical reasoning...thanks! -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)

Re: DNS conflicting answers "Zzzzzz" <iscubafanatic[ at ]hotmail.com> 4/16/2007 7:16:22 PM Hi Herb Thanks for the information; I would like to ask for clarification on two points? In regards to the first question on Preferred and Alternate DNS settings, part of your answer was: "Usually I would say, point them to themselves as Preferred for WAN separated DCs and at each other for DNS servers local to each other." I am unclear as to what you mean by "WAN separated DCs" and "local to each other"; do you mean, in my case Preferred on DC1 points to DC2's DNS and vice versa as they are local to each other, and Alternate to themselves? Also In regards to using recursion, you said: "Generally you do NOT want DCs or even other internal DNS servers doing recursion -- this would mean they would need to (possibly) visit "EvilHackersRUs.com". Are you suggesting clicking the check box "Do not user recursion for this domain"

Re: DNS conflicting answers "Herb Martin" <news[ at ]learnquick.com> 4/17/2007 1:14:15 AM "Zzzzzz" <iscubafanatic[ at ]hotmail.com> wrote in message news:1176750982.160297.34350[ at ]n59g2000hsh.googlegroups.com... [Quoted Text] > Hi Herb > > Thanks for the information; I would like to ask for clarification on > two points? > > In regards to the first question on Preferred and Alternate DNS > settings, part of your answer was: > "Usually I would say, point them to themselves as Preferred for WAN > separated DCs and at each other for DNS servers local to each other." > > I am unclear as to what you mean by "WAN separated DCs" Separated by WAN lines. DC(s) at one site, other DC(s) at another site. > and "local to each other"; DCs within the same Site, or high-speed LAN location. > do you mean, in my case Preferred on DC1 points to DC2's > DNS and vice versa as they are local to each other, and Alternate to > themselves? Yes. This avoids the spurious startup errors for AD Integrated DNS and isn't terribly inefficient since they are within the same (high speed, reliable) network. > Also > > In regards to using recursion, you said: > "Generally you do NOT want DCs or even other internal DNS servers > doing recursion -- this would mean they would need to (possibly) visit > "EvilHackersRUs.com". > > Are you suggesting clicking the check box "Do not user recursion for > this domain" Yes. My focus was on setting them to use forwarders - best at your OWN firewall/gateway to the Internet, but the ISP is not a terrible choice in most cases. Once you have a reliable forwarder, check that box on the Forwarders tab. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)

Re: DNS conflicting answers Zzzzzz <iscubafanatic[ at ]hotmail.com> 4/17/2007 11:30:39 AM Herb, thank you very much...you have been great help!

Re: DNS conflicting answers "Herb Martin" <news[ at ]learnquick.com> 4/17/2007 11:48:58 AM "Zzzzzz" <iscubafanatic[ at ]hotmail.com> wrote in message news:1176809439.665730.26660[ at ]y5g2000hsa.googlegroups.com... [Quoted Text] > Herb, thank you very much...you have been great help! Glad to help -- pass it on to someone else who needs it. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)