Best practices for DNS settings on DC and domain members.
Украдено тут https://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
The following information explains the Best practices for DNS client settings on Domain Controller and Domain Member.
Domain controller with DNS installed:
On a domain controller that also acts as a DNS server, recommended that you configure the domain controller’s DNS client settings according to these specifications:
IP configuration on domain controller:
- In single DC/DNS in a domain environment, DC / DNS server points to its private IP address (not to loopback 127.x.x.) as preferred DNS server in TCP/IP property.
- If multiple DCs that’s the DNS servers are in a domain environment, recommendation to have all DCs point to ANOTHER/REMOTE DC’s IP address as preferred DNS and then point to it’s private IP address as an alternate DNS.
- Each DC has just one IP address and one network adapter is enabled (disable unused NICs).
- IPv6 should not be disabled on DC’s NIC card. Set it to “obtain IPV6 address automatically” and “obtain DNS server address automatically”
- If multiple NICs (enabled and disabled) are present on server, make sure the active NIC should be on top in NIC binding.
- Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP settings of DC.
How to set/view the NIC bind order in Windows
IP configuration on domain member:
- Each workstation/member server should point to local DNS server as preferred DNS and remote DNS servers as an alternate DNS server in TCP/IP property.
- Do not set public DNS server in TCP/IP setting of domain member.
Once you are done with above, run “ipconfig /flushdns & ipconfig /registerdns“, restart DNSserver and NETLOGON service on each DC.
Quick note: MULTIHOMED domain controller is not recommended, it always results in multiple problems.
- Being a VPN Server and even simply running RRAS makes it multi-homed.
- Domain Controllers with the PDC Role are automatically Domain Master Browser. Master Browsers should not be multi-homed
Active Directory Communication Fails on Multihomed Domain Controllers http://support.microsoft.com/default.aspx?scid=kb;en-us;272294
Symptoms of Multihomed Browsers