Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE

DNS order in Active Directory Server

Iron Contributor

We have 6 server active directory

    - 3 server in DC : DC1,DC2,DC3

    - 3 server in DR : DR1,DR2,DR3

    - ALL server the same site in active directory (Default first Site)

   - DC1 : hold FSMO (5 role)

DNS client order of active directory as below

DC1

Primary : DC2

Second : DC3,DR1,DR2,DR3,127.0.0.1

DC2

Primary : DC1

Second : DC3,DR1,DR2,DR3,127.0.0.1

DC3

Primary : DC1

Second : DC2,DR1,DR2,DR3,127.0.0.1

DR1

Primary : DC1

Second : DC2,DC3,DR2,DR3,127.0.0.1

DR2

Primary : DC1

Second : DC2,DC3,DR1,DR3,127.0.0.1

DR3

Primary : DC1

Second : DC2,DC3,DR1,DR2,127.0.0.1

- should point dns to primary DC ? if after change FSMO sang another server (example DR1) then need change primary to DR1 ?

- please suggest help me about dns client should set how for best practice

 

11 Replies

@Tien Ngo ThanhSo should all dc point to Primary : DC1 ? because it hold FSMO .

If they're all in the same site it really doesn't matter.

 

 

 

@Dave PatrickIf change FSMO to another server then need change dns client point to this server hold FSMO ? and what's happen if DC1 failure then all server point dns first to DC1 has problem ?


If change FSMO to another server then need change dns client point to this server hold FSMO ? 


No, this is not necessary. Intrasite DNS replication occurs within 15 seconds, 15 minutes max.

 


and what's happen if DC1 failure then all server point dns first to DC1 has problem ?

If the FSMO role holder fails then you can seize roles to another healthy one

Transfer or seize FSMO roles - Windows Server | Microsoft Docs

 

then perform cleanup

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup

https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-contr...



then rebuild the failed one.

 

 

 

 

I still worry about DNS Client in active directory . Link two way https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/best-practices-for-dns-clien...
Method 1 : prefer DNS 127.0.0.1 alter all dns remain
Method 2 : prefer DNS primary dc fsmo alter all dns remain and last 127.0.0.1
So best how

Not sure what the worry is. Whether a domain controller holds FSMO roles or not has no effect on DNS services.

 

 

 

@Dave Patrickbest way is method 2 ? current i use method 1 but some time notify replicate response slow

The better option is to list one or two from local site plus the loopback (127.0.0.1)

 

 

 

@Dave Patricksorry i not clear is prefer point to dc1 or dc2 and alter dc2,dc3,dc4,..127.0.0.1 ? another server prefer dc3 (balance server? ) and alter dc2,dc5,dc4,..127.0.0.1 ?