Domain Controller DNS settings order - best practice?
-
I'm just trying to figure out the "right way" to do this. I have looked this up before but now that I'm upgrading my DC's from 2008 R2 to 2019, I figured I would double check. I see a lot of people adamantly saying that the DC should look to another DC first, then to itself/the loopback, but then I see others adamantly claiming the exact opposite.
Here is how I have set mine up in the past and how I am currently setting the new DC's up:
IP Addresses:
DC1: 192.168.0.10
DC2: 192.168.0.11TCP/IP DNS Settings:
DC1:
192.168.0.11
127.0.0.1
DC2:
192.168.0.10
127.0.0.1Or should we be using the DC's own IP address instead of the loopback address?
-
I generally set these up to look for another first as well, and use the loopback as the second entry.
-
@DustinB3403 said in Domain Controller DNS settings order - best practice?:
I generally set these up to look for another first as well, and use the loopback as the second entry.
That's what I've always done. I vaguely remember seeing an article from Microsoft about it, but memory is telling me that article was ancient.
-
I finally found this https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807362(v=ws.10) which pretty much answers it.
-
@dave247 said in Domain Controller DNS settings order - best practice?:
I finally found this https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807362(v=ws.10) which pretty much answers it.
Yep. That's the one I remember.
-
I was a complete idiot and incorrectly typed "172.0.0.1" instead of "127.0.0.1" which would explain all my errors over the weekend.
smacks head
-
-
@EddieJennings said in Domain Controller DNS settings order - best practice?:
@DustinB3403 said in Domain Controller DNS settings order - best practice?:
I generally set these up to look for another first as well, and use the loopback as the second entry.
That's what I've always done. I vaguely remember seeing an article from Microsoft about it, but memory is telling me that article was ancient.
Microsoft had conflicting articles on it
-
@scottalanmiller said in Domain Controller DNS settings order - best practice?:
@EddieJennings said in Domain Controller DNS settings order - best practice?:
@DustinB3403 said in Domain Controller DNS settings order - best practice?:
I generally set these up to look for another first as well, and use the loopback as the second entry.
That's what I've always done. I vaguely remember seeing an article from Microsoft about it, but memory is telling me that article was ancient.
Microsoft had conflicting articles on it
Yeah, I am pretty sure that I remember them saying to point to itself first quite some time ago.
Edit: I know that is not what you should do.
-
@wrx7m said in Domain Controller DNS settings order - best practice?:
@scottalanmiller said in Domain Controller DNS settings order - best practice?:
@EddieJennings said in Domain Controller DNS settings order - best practice?:
@DustinB3403 said in Domain Controller DNS settings order - best practice?:
I generally set these up to look for another first as well, and use the loopback as the second entry.
That's what I've always done. I vaguely remember seeing an article from Microsoft about it, but memory is telling me that article was ancient.
Microsoft had conflicting articles on it
Yeah, I am pretty sure that I remember them saying to point to itself first quite some time ago.
Edit: I know that is not what you should do.
Do you know that that is not what you should do? MS doesn't know. No one does. Both systems work, both have reasons for and against. MS officially can't decide.
-
And it is something we have discussed before here but I cannot find the thread.
Personally, I always make it look at itself first, because its own services are supposed to be functional. I mean that is what the rule is for a single DC. So why would it matter if it was a second DC?
AD should keep the DNS in sync. Otherwise, why use AD in the first place?
-
@JaredBusch said in Domain Controller DNS settings order - best practice?:
And it is something we have discussed before here but I cannot find the thread.
Personally, I always make it look at itself first, because its own services are supposed to be functional. I mean that is what the rule is for a single DC. So why would it matter if it was a second DC?
AD should keep the DNS in sync. Otherwise, why use AD in the first place?I do the same. Point to self first, failover second. This is faster and the logic for the alternative doesn't seem to make sense. Both work, of course, the only thing that is really impacted is performance.
-
I guess it hasn't been resolved. I thought it had.
-
@scottalanmiller said in Domain Controller DNS settings order - best practice?:
@JaredBusch said in Domain Controller DNS settings order - best practice?:
And it is something we have discussed before here but I cannot find the thread.
Personally, I always make it look at itself first, because its own services are supposed to be functional. I mean that is what the rule is for a single DC. So why would it matter if it was a second DC?
AD should keep the DNS in sync. Otherwise, why use AD in the first place?I do the same. Point to self first, failover second. This is faster and the logic for the alternative doesn't seem to make sense. Both work, of course, the only thing that is really impacted is performance.
I thought it was set to the another first, for the replication aspect.
-
@wrx7m said in Domain Controller DNS settings order - best practice?:
I guess it hasn't been resolved. I thought it had.
Nope. What really has been resolved is that "it essentially doesn't matter." It's a six of one, half a dozen of the other kind of argument. Both MS and the industry in general feel very split on it.
-
@wrx7m said in Domain Controller DNS settings order - best practice?:
@scottalanmiller said in Domain Controller DNS settings order - best practice?:
@JaredBusch said in Domain Controller DNS settings order - best practice?:
And it is something we have discussed before here but I cannot find the thread.
Personally, I always make it look at itself first, because its own services are supposed to be functional. I mean that is what the rule is for a single DC. So why would it matter if it was a second DC?
AD should keep the DNS in sync. Otherwise, why use AD in the first place?I do the same. Point to self first, failover second. This is faster and the logic for the alternative doesn't seem to make sense. Both work, of course, the only thing that is really impacted is performance.
I thought it was set to the another first, for the replication aspect.
Replication is from the database, not from DNS resolution.
-
@scottalanmiller said in Domain Controller DNS settings order - best practice?:
@wrx7m said in Domain Controller DNS settings order - best practice?:
@scottalanmiller said in Domain Controller DNS settings order - best practice?:
@JaredBusch said in Domain Controller DNS settings order - best practice?:
And it is something we have discussed before here but I cannot find the thread.
Personally, I always make it look at itself first, because its own services are supposed to be functional. I mean that is what the rule is for a single DC. So why would it matter if it was a second DC?
AD should keep the DNS in sync. Otherwise, why use AD in the first place?I do the same. Point to self first, failover second. This is faster and the logic for the alternative doesn't seem to make sense. Both work, of course, the only thing that is really impacted is performance.
I thought it was set to the another first, for the replication aspect.
Replication is from the database, not from DNS resolution.
Ahh. I thought it was pulling the DNS server info from those settings. But, I guess it wouldn't make sense to do that.
-
IIRC the difference is just a boot time thing. It can be slightly slower to bring the DC back online if it looks at itself for info and the DNS service isn't up yet. So if you point the first DNS entry to another machine you theoretically save a few seconds on reboot.
-
@NDC said in Domain Controller DNS settings order - best practice?:
IIRC the difference is just a boot time thing. It can be slightly slower to bring the DC back online if it looks at itself for info and the DNS service isn't up yet. So if you point the first DNS entry to another machine you theoretically save a few seconds on reboot.
In theory, not something that you need if the other DNS is there
