DNS order in Active Directory Server

Tien Ngo Thanh · ‎Dec 27 2020

We have 6 server active directory

- 3 server in DC : DC1,DC2,DC3

- 3 server in DR : DR1,DR2,DR3

- ALL server the same site in active directory (Default first Site)

- DC1 : hold FSMO (5 role)

DNS client order of active directory as below

DC1

Primary : DC2

Second : DC3,DR1,DR2,DR3,127.0.0.1

DC2

Primary : DC1

Second : DC3,DR1,DR2,DR3,127.0.0.1

DC3

Primary : DC1

Second : DC2,DR1,DR2,DR3,127.0.0.1

DR1

Primary : DC1

Second : DC2,DC3,DR2,DR3,127.0.0.1

DR2

Primary : DC1

Second : DC2,DC3,DR1,DR3,127.0.0.1

DR3

Primary : DC1

Second : DC2,DC3,DR1,DR2,127.0.0.1

- should point dns to primary DC ? if after change FSMO sang another server (example DR1) then need change primary to DR1 ?

- please suggest help me about dns client should set how for best practice

Dave Patrick · ‎Dec 27 2020

You can follow along here.

Best practices for DNS client settings - Windows Server | Microsoft Docs

Tien Ngo Thanh · ‎Dec 29 2020

@Tien Ngo ThanhSo should all dc point to Primary : DC1 ? because it hold FSMO .

Dave Patrick · ‎Dec 29 2020

If they're all in the same site it really doesn't matter.

Tien Ngo Thanh · ‎Dec 30 2020

@Dave PatrickIf change FSMO to another server then need change dns client point to this server hold FSMO ? and what's happen if DC1 failure then all server point dns first to DC1 has problem ?

Dave Patrick · ‎Dec 30 2020

If change FSMO to another server then need change dns client point to this server hold FSMO ?

No, this is not necessary. Intrasite DNS replication occurs within 15 seconds, 15 minutes max.

and what's happen if DC1 failure then all server point dns first to DC1 has problem ?

If the FSMO role holder fails then you can seize roles to another healthy one

Transfer or seize FSMO roles - Windows Server | Microsoft Docs

then perform cleanup

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup

https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-contr...

then rebuild the failed one.

Tien Ngo Thanh · ‎Jan 06 2021

I still worry about DNS Client in active directory . Link two way https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/best-practices-for-dns-clien...
Method 1 : prefer DNS 127.0.0.1 alter all dns remain
Method 2 : prefer DNS primary dc fsmo alter all dns remain and last 127.0.0.1
So best how

Dave Patrick · ‎Jan 06 2021

Not sure what the worry is. Whether a domain controller holds FSMO roles or not has no effect on DNS services.

Tien Ngo Thanh · ‎Jan 07 2021

@Dave Patrickbest way is method 2 ? current i use method 1 but some time notify replicate response slow

Dave Patrick · ‎Jan 07 2021

The better option is to list one or two from local site plus the loopback (127.0.0.1)

Tien Ngo Thanh · ‎Jan 08 2021

@Dave Patricksorry i not clear is prefer point to dc1 or dc2 and alter dc2,dc3,dc4,..127.0.0.1 ? another server prefer dc3 (balance server? ) and alter dc2,dc5,dc4,..127.0.0.1 ?

Dave Patrick · ‎Jan 08 2021

I'd suggest following the guidance here.

Best practices for DNS client settings - Windows Server | Microsoft Docs

DNS order in Active Directory Server

DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Re: DNS order in Active Directory Server

Products (65)

Special Topics (44)

Video Hub (978)

Most Active Hubs

Most Active Hubs

Video Hub

DNS order in Active Directory Server