DNS Server's TCP/IP Settings

[Phil]

From what I have read, a DNS Server should have it's own
address in for primary DNS(under TCP/IP Setting), should
there be a Secondary listed? And if its a DC if its a
domain controller?

thanks!

 

[Guest]

"And if its a DC if its a domain controller?"

Sorry, what i meant is, should it point to itself even if
its a DC? And should it have a secondary listed?

thanks!

 

[Herb Martin]

From what I have read, a DNS Server should have it's own
address in for primary DNS(under TCP/IP Setting), should
there be a Secondary listed? And if its a DC if its a
domain controller?

It's optional -- nothing particularly wrong with it listing
itself as PREFERRED and ALTERNATE (primary and
secondary are technical DNS terms that mean something
entirely different.)

The KEY is that an internal DNS server, especially a DC,
likely needs to resolve internal names so it MUST be
pointed to the correct (internal) DNS server set whether
that is itself or some other DNS server.

DCs especially must point to the internal, DYNAMIC DNS
server (set) whether that is themselves or other internal DNS
servers.

The mistake people make is to point internal DNS clients
(including DCs and DNS servers themselves) to either
"nothing", an "external DNS server", or some "combination
of internal and external DNS servers."

None of those last three choices works (reliably.)

DCs and DNS servers are DNS clients too!!!

 

[Phil]

Right, so does AD Make any updates to DNS or does it just
use DNS as reference? My thinking is, AD maybe needed to
make changes to DNS and so then i thought to myself well
if it points to itself, and its an ALTERNATE DNS
resource, how can it make the changes it wants...?

So it doesnt matter that a DC that is also an ALTERNATE
DNS Server points to itself or if it points to the
preferred DNS...?

thanks for your help BTW...

 

[Herb Martin]

Right, so does AD Make any updates to DNS or does it just
use DNS as reference?

Depends on how picky you are being with your words -- AD
doesn't but the AD DCs do (and perhaps other machines as
well).

My thinking is, AD maybe needed to
make changes to DNS and so then i thought to myself well
if it points to itself, and its an ALTERNATE DNS
resource, how can it make the changes it wants...?

The DCs (technically the NetLogon process of each DC)
register themselves.

The DC must point into the DNS (hierarchy) in such a way
that they can find -- and reach -- the Primary or one of an
AD Integrated set of DNS servers. If in doubt, temporarily
point them directly at a the/a Primary.

So it doesnt matter that a DC that is also an ALTERNATE
DNS Server points to itself or if it points to the
preferred DNS...?

It doesn't matter if DNS is setup correctly -- since in theory all
DNS servers of that zone (or technically in a correctly set tree
or even an entire namespace) can reach the Dynamic Primary
or set of AD Integrated DNS servers that allow updates.

For most people with ONLY ONE zone, this just means pointing
to any DNS server of the set -- which can refer to the dynamic
one(s).

Of course firewalls (and maybe slow WANs) can screw up this
theory, as can incorrectly specified zones (like leaving DNS
server NS records out.)

 

[Phil]

OK, so the answer is it really doesnt matter...? but a
dns server should point to itself for DNS by rule of
thumb.

Any DNS updates requested by a DC will always get
referred to the prefered, right?

 

[Herb Martin]

OK, so the answer is it really doesnt matter...? but a
dns server should point to itself for DNS by rule of
thumb.

As a first approximation, yes. It should DEFINITELY
point to the correct DNS server "set".

I have one DNS server -- a router off my net to the ISP
which is NOT used to hold the internal zones.

As a client it points back into the internal network, to the
internal DNS servers since it is a member of the domain
and must resolve internal names (as a client.)

Those internal servers (as servers) forward to this "edge"
DNS server so that it can handle the Internet lookups.

Were it to use itself, it would no nothing about the internal
names (as a client.)

The real key to understanding all this is recognizing that the
same machine is both a DNS Client and a DNS Server,
and that resolution must make sense based on the purpose
and needs of that machine (and the rest of the domain.)