Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » DNS Best Practise
DNS Best Practise [message #156412] Tue, 16 June 2009 13:37 Go to next message
Kerry  is currently offline Kerry  United States
Messages: 48
Registered: July 2009
Member
There has always been this question about what is the best practise when it comes to configuring the primary and secndary DNS servers on AD DC's where all DC's are DNS servers.

I usually recommend that the Primary DNS on a DC should point to itself (provided its also a DNS Server) and the secondary DNS should be configured to use an upstream DC.

I have read some posts which say its not a good practise to point DNS to itself. Can you through light on this and also recommend what is best practise here.

--
Re: DNS Best Practise [message #156413 is a reply to message #156412] Tue, 16 June 2009 13:44 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Kerry" <Phanindra@live.com> wrote in message
news:ugYwZkq7JHA.1196@TK2MSFTNGP03.phx.gbl...
There has always been this question about what is the best practise when it
comes to configuring the primary and secndary DNS servers on AD DC's where
all DC's are DNS servers.

I usually recommend that the Primary DNS on a DC should point to itself
(provided its also a DNS Server) and the secondary DNS should be configured
to use an upstream DC.

I have read some posts which say its not a good practise to point DNS to
itself. Can you through light on this and also recommend what is best
practise here.

=======
Hi Kerry,

Yes, that's the best practice recommendation as you've stated. Years ago
with Windows 2000, there was a condition called "DNS becomes an island..."
if you pointed to itself first. But an update and the latest 2000 service
pack addressed the issue, and is no longer an issue.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay
Re: DNS Best Practise [message #156415 is a reply to message #156413] Tue, 16 June 2009 14:06 Go to previous messageGo to next message
Kerry  is currently offline Kerry  United States
Messages: 48
Registered: July 2009
Member
Thanks Ace

"Ace Fekay [Microsoft Certified Trainer]" <aceman@mvps.RemoveThisPart.org>
wrote in message news:ef%235Poq7JHA.2456@TK2MSFTNGP02.phx.gbl...
> "Kerry" <Phanindra@live.com> wrote in message
> news:ugYwZkq7JHA.1196@TK2MSFTNGP03.phx.gbl...
> There has always been this question about what is the best practise when
> it comes to configuring the primary and secndary DNS servers on AD DC's
> where all DC's are DNS servers.
>
> I usually recommend that the Primary DNS on a DC should point to itself
> (provided its also a DNS Server) and the secondary DNS should be
> configured to use an upstream DC.
>
> I have read some posts which say its not a good practise to point DNS to
> itself. Can you through light on this and also recommend what is best
> practise here.
>
> =======
> Hi Kerry,
>
> Yes, that's the best practice recommendation as you've stated. Years ago
> with Windows 2000, there was a condition called "DNS becomes an island..."
> if you pointed to itself first. But an update and the latest 2000 service
> pack addressed the issue, and is no longer an issue.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> aceman@mvps.RemoveThisPart.org
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> "Efficiency is doing things right; effectiveness is doing the right
> things." - Peter F. Drucker
> http://twitter.com/acefekay
>
>
>
Re: DNS Best Practise [message #156421 is a reply to message #156415] Tue, 16 June 2009 17:19 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Kerry" <Phanindra@live.com> wrote in message
news:e45500q7JHA.1712@TK2MSFTNGP03.phx.gbl...
> Thanks Ace

You are welcome!

Ace
Re: DNS Best Practise [message #156426 is a reply to message #156412] Tue, 16 June 2009 16:47 Go to previous messageGo to next message
SubstituteThisWithMyF  is currently offline SubstituteThisWithMyF  Netherlands
Messages: 85
Registered: October 2009
Member
see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/06/16/How- to-use-and-configure-DNS-in-an-AD-environment_3F00_.aspx

second URL

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------ ------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------ ------------------------------
#################################################
#################################################
------------------------------------------------------------ ------------------------------
"Kerry" <Phanindra@live.com> wrote in message news:ugYwZkq7JHA.1196@TK2MSFTNGP03.phx.gbl...
There has always been this question about what is the best practise when it comes to configuring the primary and secndary DNS servers on AD DC's where all DC's are DNS servers.

I usually recommend that the Primary DNS on a DC should point to itself (provided its also a DNS Server) and the secondary DNS should be configured to use an upstream DC.

I have read some posts which say its not a good practise to point DNS to itself. Can you through light on this and also recommend what is best practise here.



__________ Information from ESET Smart Security, version of virus signature database 4160 (20090616) __________

The message was checked by ESET Smart Security.

http://www.eset.com



__________ Information from ESET Smart Security, version of virus signature database 4160 (20090616) __________

The message was checked by ESET Smart Security.

http://www.eset.com


--
Re: DNS Best Practise [message #156445 is a reply to message #156412] Wed, 17 June 2009 06:48 Go to previous message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi

For general guide lines, the DNS should point to itself; in fact this is a recommendation for people that insist to point their DNS servers and clients to ISP DNS in order to get internet name resolution. As you may know this type of configuration leads to a problem when those machines try to get Forest/Domain information at ISP DNS and end up with performance issues, errors etc...



So, should the DNS point to itself? YES and NO. In fact there's no good and 100% reliable guide line that applies to all scenarios. Each scenario is unique and depends of many other things like: Network configuration, FW configurations, are the servers/clients remotely or locally, are the clients over a slow wan link or fast one, are the DNS AI or Primary/Secondary config, etc...



To simplify things, you can point the DNS servers to itself and that will give you some "insurance" that things should run ok.



To end this I will give an additional configuration that you may think about it. One alternative is to point the DNS server to the closest neighbor (as preferred) and that neighbor to the DNS server as preferred) in a ring config or in a mesh configuration. By doing this you're "telling" your DNS servers to get information for "them-selves" on other DNS partner, and that gives you more reliability in terms of updated info because the local DNS server may have old data that are not valid anymore and is waiting for an update for its partner that is not online anymore, or you may have corrupt data on that DNS server that needs to be fixed by a simple replication, etc...




--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Kerry" <Phanindra@live.com> wrote in message news:ugYwZkq7JHA.1196@TK2MSFTNGP03.phx.gbl...
There has always been this question about what is the best practise when it comes to configuring the primary and secndary DNS servers on AD DC's where all DC's are DNS servers.

I usually recommend that the Primary DNS on a DC should point to itself (provided its also a DNS Server) and the secondary DNS should be configured to use an upstream DC.

I have read some posts which say its not a good practise to point DNS to itself. Can you through light on this and also recommend what is best practise here.

--
Previous Topic:AD Users, Groups to AzMan Roles, Tasks
Next Topic:Executable Whitelisting via GPO
Goto Forum:
  


Current Time: Wed Oct 18 01:20:21 EDT 2017

Total time taken to generate the page: 0.08986 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software