Secondary DNS - points to where?

[Mark N.]

I've just set up a secondary DNS server in my root domain. My primary
points to itself and to my external DNS servers that my ISP provides. But
where should my secondary DNS server point?

Thanks,
Mark

 

[Cary Shultz [A.D. MVP]]

Mark,

S T O P!!!!!!!!!!!!!!!!!

The only place that any of your ISP DNS IP Addresses should be found is in
the Forwarders Tab in your DNS MMC> Please remove this IMMEDIATELY!!!!

You should have your 'secondary' DNS Server point to itself and to the
'primary' DNS Server. Since you are using the terms 'primary' and
'secondary' are you using Dynamic DNS ( aka DDNS or Active Directory
Integrated DNS )?

HTH,

Cary

 

[Enkidu]

I've just set up a secondary DNS server in my root domain. My primary
points to itself and to my external DNS servers that my ISP provides. But
where should my secondary DNS server point?

What Cary says, with knobs on! ALL DNS clients in your network should
point only to the DNS servers, including the DNS servers themselves
when they act as clients. As Cary says the ONLY place that you should
find the ISP's DNS servers is in the forwarders in the DNS servers.

This is because, the SECOND DNS server in a client's configuration is
only used if the first DNS server is down. If the first DNS server is
down then and only then will the second server be queried. If the
first server is up, and it returns a "Not Found", the second server is
not queried.

In addition, if the first server IS down for a while and the client
queries the second server successfully (even if the second server
returns a "Not Found") then Windows 2000 switches the DNS order over.
The client continues to query ONLY the external server and loses
contact with the internal DNS and incidentally AD!

Cheers,

Cliff

 

[Mark N.]

S T O P!!!!!!!!!!!!!!!!!

The only place that any of your ISP DNS IP Addresses should be found is in
the Forwarders Tab in your DNS MMC> Please remove this IMMEDIATELY!!!!

You should have your 'secondary' DNS Server point to itself and to the
'primary' DNS Server. Since you are using the terms 'primary' and
'secondary' are you using Dynamic DNS ( aka DDNS or Active Directory
Integrated DNS )?

HTH,

Cary

I have the ISP DNS in the forwarders tab, but also in the network/NIC config
for the local machine. I've removed those though, after reading this post.
The secondary DNS was pointing only to the primary, but I've added itself to
the list too. I believe that I'm using Dynamic DNS - at least, I'm using
whatever it is that's automatically configured when you bring a new root AD
server online. I let it configure DNS and pretty much left it as-is...
Except for adding (and now removing) those ISP entries from the NIC
configuration.

Thanks!
Mark

P.S. I wish the Exchange AD integration ng was as responsive as this one!

 

[Mark N.]

What Cary says, with knobs on! ALL DNS clients in your network should

point only to the DNS servers, including the DNS servers themselves
when they act as clients. As Cary says the ONLY place that you should
find the ISP's DNS servers is in the forwarders in the DNS servers.

This is because, the SECOND DNS server in a client's configuration is
only used if the first DNS server is down. If the first DNS server is
down then and only then will the second server be queried. If the
first server is up, and it returns a "Not Found", the second server is
not queried.

In addition, if the first server IS down for a while and the client
queries the second server successfully (even if the second server
returns a "Not Found") then Windows 2000 switches the DNS order over.
The client continues to query ONLY the external server and loses
contact with the internal DNS and incidentally AD!

Cheers,

Cliff

Okay, so the ISP DNS should be in the Forwarders tab of both primary and
secondary? And what about the network config for the NIC?

Thanks for your help!
Mark

 

[Cary Shultz [A.D. MVP]]

Mark,

Right Click on the My Network Places icon and select 'properties'.
Right Click on the Local Area Connection and select 'properties'.
Select Internet Protocol (TCP/IP) and click on the properties button.
On the General Tab look towards the middle/bottom for the 'Use the following
DNS Server Addresses' radio button.

You have two fields there. Populate the first field with the IP Address of
DNS1 and populate the second field with the IP Address of DNS2.

Does this clear things up?

HTH,

Cary

 

[Mark N.]

Right Click on the My Network Places icon and select 'properties'.

Right Click on the Local Area Connection and select 'properties'.
Select Internet Protocol (TCP/IP) and click on the properties button.
On the General Tab look towards the middle/bottom for the 'Use the following
DNS Server Addresses' radio button.

You have two fields there. Populate the first field with the IP Address of
DNS1 and populate the second field with the IP Address of DNS2.

Does this clear things up?

HTH,

Cary

Sort of... When I first installed this server and DNS was configured for
me, it put the loopback in as well - should that stay?

Thanks
Mark

 

[Mark N.]

Right Click on the My Network Places icon and select 'properties'.

Right Click on the Local Area Connection and select 'properties'.
Select Internet Protocol (TCP/IP) and click on the properties button.
On the General Tab look towards the middle/bottom for the 'Use the following
DNS Server Addresses' radio button.

You have two fields there. Populate the first field with the IP Address of
DNS1 and populate the second field with the IP Address of DNS2.

Does this clear things up?

HTH,

Cary

Oh, and what about the forwarders tab in DNS2? Same as DNS1?

Thanks!!!

 

[Cary Shultz [A.D. MVP]]

No, get rid of 127.0.0.1 and replace it with the correct IP Address ( such
as 192.168.1.30 ).

Cary

 

[Cary Shultz [A.D. MVP]]

If you would like it that way. That will work.

Cary

 

[Mark N.]

No, get rid of 127.0.0.1 and replace it with the correct IP Address ( such

as 192.168.1.30 ).

Cary

Thanks for helping me do this correctly!

Mark

 

[Mark N.]

If you would like it that way. That will work.

Cary

Well, the only thing that crossed my mind was if DNS1 failed, I'd need these
in place?

Thanks,
Mark

 

[Cary Shultz [A.D. MVP]]

You are welcome!

This is why we are here. And remember, if you have the question then the
probability that someone else has the exact same question is pretty good.
Maybe not today, but maybe next week or next month. And if they do a search
in this NG for 127.0.01 your post will show up - as well as mine - and we
have helped someone else!

Cary

 

[Cary Shultz [A.D. MVP]]

That is true.

But, please remember that Root Hints is also enabled on the DNS Servers.

Cary

 

[Enkidu]

Just wondering why you recommend that, Cary. I must admit I always
change 127.0.0.1 to a "real" IP address, but I can't see that it
matters unless you have more than one NIC, does it?

Cheers,

Cliff