Domain Controller DNS in an Active Directory Environment

by | Last updated 2022.10.13 | Published on 2019.01.29 | Guides

Proper domain controller DNS setup is vital for Active Directory to work properly. Best practice dictates that each domain controller should be setup with a different DNS server as it’s preferred DNS server, and and the loopback address (127.0.0.1) as it’s alternate DNS server. If you have more than 2 DNS servers in your domain or forest, you should setup a pattern whereby they all have different primary DNS partners, so that each server is used as someone else’s primary.

If you have just 2 DC’s

DC1: 192.168.1.2
DC2: 192.168.1.3

Then

DC 1 Static DNS should be: Preferred: 192.168.1.3 Alternate: 127.0.0.1
DC 2 Static DNS should be: Preferred: 192.168.1.2. Alternate: 127.0.0.1

If you have 3 or more DC’s

DC1: 192.168.1.2
DC2: 192.168.1.3
DC3: 192.168.1.4

Then

DC 1 Static DNS should be: Preferred: 192.168.1.3 Alternate: 127.0.0.1
DC 2 Static DNS should be: Preferred: 192.168.1.4. Alternate: 127.0.0.1
DC 3 Static DNS should be: Preferred: 192.168.1.2. Alternate: 127.0.0.1

If you have more than one site, rely on AD Sites and Services to ensure replication occurs between the sites. If possible, do not point one site’s DC’s DNS to the other site’s DNS. Each site should have two DC’s, each having the other DC’s IP as the preferred DNS all within the same site.

This is done to ensure that each DC can find its replication partners. Also, a server will reboot faster if an already up and running DC is providing DNS.

Why should you use 127.0.0.1 vs. the IP of the server?

127.0.0.1 is not just a different IP address to the machine IP address, it’s a whole different interface as well. 127.0.0.1 should not be seen on the local network. It’s a special internal IP address for the loopback adapter. The IP of the server on the other hand is assigned to the network adapter.

Either/or will work, however best practice is to use the local loopback 127.0.0.1 as the IP will never change. Another reason is that using the local loopback does not initiate the network adapter drivers as it is a different interface adapter card

Think of it as a different interface. A different network card.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807362(v=ws.10)

http://serverfault.com/questions/394804/what-should-the-order-of-dns-servers-be-for-an-ad-domain-controller-and-why

How To Fix WSUS Synchronization Errors

How To Fix WSUS Synchronization Errors

,

Sometimes WSUS has issues synchronizing with the upstream server – usually Microsoft, but it can be a local upstream server. Why these errors happen can be for many reasons.Microsoft requires several websites to be accessible through the firewall to synchronize. These...

How to Prepare for On-Prem WSUS UUP Updates

How to Prepare for On-Prem WSUS UUP Updates

,

Quality updates are coming on March 28 for on-premises Windows 11, version 22H2 devices. The updates are coming via the Unified Update Platform (UUP) which interoperates with WSUS and Microsoft Configuration Manager. UUP quality updates are cumulative, including all...