0

We have set up a small Windows Server 2008 R2 network with a domain controller which is also acting as the DNS server for the network (we opted to install DNS when setting up the domain). This network isn't connected to the Internet in any way, so all machines have been configured to use the IP address of the domain controller as their primary DNS and no secondary DNS server has been configured.

If we shut down or unplug the network cable from the domain controller, DNS lookups become quite slow and the performance of the network suffers. For example, running a ping command using a hostname takes around 5-6 seconds to resolve the name.

I presume this is because it is looking for the DNS, then falling back to some other method of resolving the names as the DNS server is now gone.

All the machines have static IP addresses so we are considering just putting all entries in the HOSTS file of each machine. However, it would be nice to have a centralised DNS in case we one day change the IP of one of the machines. Is there a better way to speed this up?

mfinni
  • 36,144
  • 4
  • 53
  • 86
Tim
  • 123
  • 2
  • 5
  • 7
    Why are you regularly shutting down or unplugging the network cable of servers in your environment? – MDMarra Jun 11 '14 at 13:17

3 Answers3

10

All the machines have static IP addresses so we are considering just putting all entries in the HOSTS file of each machine

Don't do this. This is a terrible option that doesn't scale and will cause constant headaches as your environment grows and changes. Avoid this at all costs.

However, it would be nice to have a centralised DNS in case we one day change the IP of one of the machines. Is there a better way to speed this up?

Have a second domain controller with the DNS role installed and configure your clients to use it as a secondary. Running with a single DC is asking for trouble.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
3

Tim, your presumption is correct. If there is no secondary DNS, and the only DNS server your computers have configured is your offline DNS, then the machines are attempting to contact the DNS server until the arbitrary timeout period. If I'm correct, they can't access most nodes on the intranet, correct? Some IPs they have cached so that's no problem, but to remedy this situation you should

  • Leave the DNS Server available on the network

Can't really stress that enough. Unless you're a numerical savant, no DNS = no intranet. If you can't leave the DC on the network up and available all the time, for whatever reason, you probably shouldn't have one running.

MDMoore313
  • 5,581
  • 6
  • 36
  • 75
  • 1
    Using your ISP's DNS server will break AD. AD-joined clients should use domain controllers (or other DNS servers that hold the AD-specific records). – MDMarra Jun 11 '14 at 13:13
  • @MDMarra absolutely, I'll update but I meant in the context of him actually using a workgroup since for whatever reason the DC needs to be unplugged. – MDMoore313 Jun 11 '14 at 13:15
  • 1
    There is no ISP as the OP stated it's "not connected to the internet in any way". – Rex Jun 11 '14 at 15:22
2

Active Directory and DNS: You're doing it wrong.

  1. Implement a second DC/DNS server.

  2. Configure all domain joined clients to use these servers for DNS.

  3. Stop using the Hosts file.

  4. Don't shut down both DC/DNS servers at the same time.

  5. Stop shutting the DC/DNS servers down except when needed for maintenance.

  6. Schedule any maintenance that would require a shut down of the DC/DNS servers for outside of production hours.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172