Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Do Windows clients need a Primary/Secondary DNS that is also a DC?

Status
Not open for further replies.
Redfox1

Redfox1

MIS
May 29, 2002
73
US
Do Windows XP, 2000, 2003 member servers, 2008 member servers in an AD domain need to point their primary and secondary DNS server settings to a DNS server that is also a Domain controller (with NON-AD Integrated DNS zones)?

Why or why not? As long as they can resolve the AD domain via dns queries it's no problem, right?

Will this lead to extra DNS queries at startup?

My ultimate goal is to point AD clients (of various OS types) to a DNS server that can be upgraded as Microsoft releases newer OS'... By separating the DC's functions from being a required piece in the DNS resolution process of clients, they're FREE to be demoted/promoted as new OS' are released. In my opinion it is far better to promote, use, demote and delete a former DC than to try to do upgrades on top of it etc...
 
Sort by date Sort by votes
Here's how I've always set up my networks. All clients point only to internal dns servers. Internal DNS servers point to themselves first, then to external dns servers. DC's or not does not matter. What matters is where they are pointed at first. Here's the reasoning. Client looks for abc.com, it looks in cache first. If it's not there, it goes to internal dns server. If internal dns server has it in cache, you've got name resolution in no time. If not, the internal server goes out, gets name resolution and it goes into cache. Most folks nowadays think AD when they mention DNS since they kind of go hand in hand. People want AD, and you have to have DNS to get it, so they think you can't have one without the other. There is nothing in the world that says you can't have a DNS server that's not running AD. Anyway, my 2 cents worth. Good luck.

 
Upvote 0 Downvote
Hello,

First, thanks for your response. The setup you describe is already in use in our current DNS structure and working very well.

I was kind of trying to simplify a larger question I posted (link below) regarding some DNS server migrations...

From a quick refresher in DNS/AD integration, the only requirement appears to be is that the DCs are preferrably pointed to the Primary DNS, so they can make changes to certain record & zone types.
 
Upvote 0 Downvote
ok so here's the deal. if you are using MS DNS in an AD domain, then it is recommended to point clients to DCs for DNS. This is because ONLY DCs can take part in AD replication, which includes the replication of DNS records to other DCs. This, in a nutshell, is why you are supposed to point clients to it.
Member servers cannot achieve this, and therefore, leave a single point of failure.
You can utilize a member server to host DNS for clients, however, you should utilize secondary zones for _msdcs.domain.com and the domain.com zones (where domain.com is your internal domain name). The down side is that you will have to wait on zone replication of the secondary zone (or force it) if a change occurs in the network configuration of any domain controllers.

Its not a very good idea though, I will say that...it is always better to be more direct, rather than risk failure.

- Brandon Wilson
MCSE:Security00/03; MCSA:Security03
MCSA:Messaging00; MCP; A+
IT Pangaea (
 
Upvote 0 Downvote
Thanks for your answer.

For simplicy's sake I swapped IP's of 2 DC/DNS servers and achieved what I wanted (not having to change DNS IP's on any client and keep clients pointed to DCs for DNS resolutions.)

Currenly we're not using DNS integrated with AD. Essentially we're still using a single primary/multi-secondary DNS... for now. We are in the process of migrating away from the last W2K DC; once that's done in the top domain we'll switch it to AD integrated in a separate replication zone...

David
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
12K
tbright
tbright
willowsmith
  • Locked
  • Question
How do I log in to my NETGEAR home router?
Replies
1
Views
10K
ellisroks321
ellisroks321
Wibble2004
  • Locked
  • Question
Bind9.11.20: nslookup shows different MX information on Windows and Linux workstation
Replies
0
Views
10K
Wibble2004
Wibble2004

Part and Inventory Search

Sponsor

Back
Top