Tuesday, December 4, 2012

Reccomended Network Adapter DNS Settings for a Domain Controller\DNS Server

DNS client settings for your domain controller

This comes up at nearly every client I've been to, and I have yet to see any comprehensive article from MS on the topic. There is always quite a bit of confusion surrounding what you should set the preferred DNS servers to in the network adapter of the DNS server itself. Here are some quick guidelines to save you some time:

Do:

  • Use another DNS server in the same domain as the primary, secondary, etc...
  • Use the loopback address, but not as the preferred server. Set it as the last server in the order. (Use the Advanced tab if you have more than two servers)
  • Clear the automatically added ::1 as the primary and only DNS server for the IPv6 stack unless you actively use IPv6. If so, then the same rule applies knowing that ::1 is the loopback address for IPv6.
    • Bonus, here's the command: netsh interface ipv6 delete dnsservers "Local Area Connection" ::1 where "Local Area Connection" is the name of the connection in question. It may say something to the effect of "No DNS Servers" after you execute the command, but that tingling just lets you know it's working like Denorex.

Example: 

My lab has two DNS servers in one domain: 192.168.1.30 and 192.168.1.110. Here is the IP config of the 1.30 machine:


Where there another DNS server in the domain that would be listed BEFORE 127.0.0.1. Note that the DNS servers list does not include ::1 as the preferred server since I removed that with the command listed above.


Do Not:

  • Use the server's own IP as the primary. Why? If something becomes wrong with the zone configuration or the replication of the records you could inadvertently isolate domain controllers from each other and give entirely inconsistent results to clients making troubleshooting the troublesome DC more difficult.
  • Use the loopback address as anything but the last entry.

Discussion: Some prefer to set the server's own DNS as preferred to reduce network traffic, and while I don't recommend that myself I will stress one final thing:
Whatever you decide to do with settings, be consistent. Lack of consistency inevitably costs time and money, usually when you don't have either.

1 comment:

Fred Castillo said...

>Disable IPv6 entirely.

Ha, you wouldn't believe how many times I've not only seen this recommended but also how many times I've seen people who actually did it - which I suppose isn't surprising given how often it's recommended.

Fred | https://webhostinggeeks.com/tools/