Announcement

Collapse
No announcement yet.

DNS server IPv4 config on adaptor - best practice

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS server IPv4 config on adaptor - best practice

    Hi

    Over the years I have seen various 'best practice' scenarios for the configuration of IPv4 on the local network adaptor for DNS servers. In an environment where two or more DNS servers exist I've seen:

    Telling the DNS server to point to itself using 127.0.0.1
    Telling the DNS server to point to itself using its own IP address

    Telling the DNS server to point to itself using its own IP address/127.0.0.1 first and another DNS server's IP address as the alternate address.

    Telling the DNS server to point to another DNS server's IP address first and then it's own IP address/127.0.0.1 as the alternate address.

    Searching for this is tricky - there are many suggestions.

    Anyone know what the latest recommendation from Microsoft is? Or, what is the best config based on real-world scenarios?

    We have two DNS servers in our network - Primary (200 and secondary (2003). It's a simple network - everything is on the same 192.168.0.xxx subnet.

    When I need to restart the servers after installing Windows updates etc I usually start one, wait for it to fully restart and then restart the second one. If I restart both at the same time I get errors in DNS, even if the servers are configured to point to themselves. One time I had to restart a server twice before it would work properly after restarting both at the same time.

    I always restart them separately now.

    I will be introducing a 2012 DC to our domain to replace the 2003 DC. I would like to ensure that the network adaptors' IPv4 configuration is optimally set based on the most recent best practices.

    Should they point to themselves first and the other DNS server as the alternate, or the other way around?

    Possibly a dumb question, but I'd like to know what works for you folks.

    Thanks!
    A recent poll suggests that 6 out of 7 dwarfs are not happy

  • #2
    Re: DNS server IPv4 config on adaptor - best practice

    Originally posted by Blood View Post
    Telling the DNS server to point to itself using 127.0.0.1
    This is pretty much ideal for a DC or any other server running a DNS service. 127.0.0.1 is always available.
    Originally posted by Blood View Post
    Telling the DNS server to point to itself using its own IP address
    Almost as good as 127.0.0.1, except the service may become unavailable if the interface link goes down or if for some reason the IP address is changed manually.
    Originally posted by Blood View Post
    Telling the DNS server to point to itself using its own IP address/127.0.0.1 first and another DNS server's IP address as the alternate address.

    Telling the DNS server to point to another DNS server's IP address first and then it's own IP address/127.0.0.1 as the alternate address.
    In order to determine if it's a good idea to use multiple DNS server, you have to know exactly how the Windows TCP/IP stack handles multiple entries. In short, it works like this:
    1. By default, the first server is always used
    2. Should the first server fail to respond to a request in a timely manner, the resolver will switch to the second server
    3. The resolver will keep using the second server exclusively until it fails to respond, and only then will it switch back to the first server (or to a tertiary server, if one exists)

    In other words, one should only have multiple DNS server entries if all the servers perform the exact same service. It's perfectly OK to have multiple AD-integrated DNS servers, or multiple external servers, but not a mix of both.

    Originally posted by Blood View Post
    We have two DNS servers in our network - Primary (200 and secondary (2003). It's a simple network - everything is on the same 192.168.0.xxx subnet.

    When I need to restart the servers after installing Windows updates etc I usually start one, wait for it to fully restart and then restart the second one. If I restart both at the same time I get errors in DNS, even if the servers are configured to point to themselves. One time I had to restart a server twice before it would work properly after restarting both at the same time.
    That's strange. Are both servers serving the same AD-integrated zone(s), or are they authoritztive for different domains and if so, do you have forwarding entries pointing from one server to the other?

    Comment


    • #3
      Re: DNS server IPv4 config on adaptor - best practice

      Thanks for your reply.

      What I am after was what is recognised as best practice, especially since the release of server 2012. I understand how DNS works and our present configuration seems to work just fine (points to itself using assigned IP address, then to other DNS server for alternate). Because we have just the two DC's and because the network is small (4 servers total, <40 clients), the IP address of each server will usually remain unchanged for its lifetime.

      I have seen the 127.0.0.1 configuration option denigrated several times both on Petri and on DNS blogs. In short I have seen pros and cons for each configuration over the years, hence my question.

      Regarding your query both servers service just one .local domain. The only time I saw problems with DNS was when both were started at the same time. I don't know if that was a fluke but have restarted them at different times since

      Thanks again.
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Re: DNS server IPv4 config on adaptor - best practice

        Best practice changes.

        When I first started out we were told not to use 127.0.0.1 but to use the IP.

        However if you do a Best Practices analyser on 2012 Server it will advise to use 127.0.0.1 in the DNS list.

        I'll spool up a VM later so you can see it.

        Comment


        • #5
          Re: DNS server IPv4 config on adaptor - best practice

          Thanks a lot.
          A recent poll suggests that 6 out of 7 dwarfs are not happy

          Comment

          Working...
          X