6

here is my situation. I have 3 domain controllers, ad1(10.0.0.1), ad2(10.0.0.2), ad3(10.0.0.3) and I'm not sure how to configure DNS servers on theese servers. My configuration is now:

AD1

Primary DNS: 10.0.0.1 (itself)
Secondary DNS: 10.0.0.2 (ad2)

AD2

Primary DNS: 10.0.0.2 (itself)
Secondary DNS: 10.0.0.1 (ad1)

AD3

Primary DNS: 10.0.0.3 (itself)
Secondary DNS: 10.0.0.1 (ad1)

Is this correct configuration? Will replication work properly?

Thanks for any advice.

gravyface
  • 13,957
  • 19
  • 68
  • 100
Iškuda
  • 225
  • 2
  • 7

3 Answers3

5

I'm assuming the three DCs are in the same Active Directory site, as should be according to the IP addresses you supplied; I'm also assuming all three of them are DNS servers, and the domain DNS zone is configured as per default (AD-integrated, replicated to all DCs).

In this scenario, each DC can safely use any one of them as its primary/secondary DNS servers; there really is no reason to prefer one or another.

The "standard" setup is for each DC to use itself as it primary DNS server, so it can resolve DNS queries on its own without generating unnecessary network traffic to other DCs; it's also a best practice to use one or more other DCs (preferably in the same site) as secondary, to allow it to function properly should its own DNS service not be available (such as during startup).

In your scenario, I'd configure each DC to use itself as its primary DNS server, and the other two ones as secondary ones (you can use more than two, just go to the advanced IP settings); but even if you only configure only one of them as secondary, that should anyway be ok.

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • Actually, this appears to be incorrect according to [this Microsoft article](http://technet.microsoft.com/en-us/library/dd378900(WS.10).aspx). Using this configuration can cause potential replication issues. – MDMarra May 04 '12 at 13:07
2

According to this TechNet article, using the loopback or the DC's own address should only be done if it is configured as a secondary or tertiary addess, never as the primary. Doing so can cause replication issues.

I would probably use this config:

AD1 

Primary: 10.0.0.2  
Secondary: 10.0.0.3  
Tertiary: 127.0.0.1

AD2 

Primary: 10.0.0.1  
Secondary: 10.0.0.3  
Tertiary: 127.0.0.1

AD3 

Primary: 10.0.0.1  
Secondary: 10.0.0.2  
Tertiary: 127.0.0.1
MDMarra
  • 100,734
  • 32
  • 197
  • 329
0

Please also see http://blogs.technet.com/b/askds/archive/2010/08/02/new-dns-and-ad-ds-bpa-s-released-or-the-most-accurate-list-of-dns-recommendations-you-will-ever-find-from-microsoft.aspx for some other related useful guidance.

maweeras
  • 2,734
  • 2
  • 17
  • 23