Domain DNS Settings
There are generally a few designs related to DNS client settings for Active Directory domain controllers. Preferred the DNS client configuration depends on the design of the Active Directory infrastructure.
Set DNS client settings to point to themselves
The main advantage of setting the client’s settings to point to itself is to ensure that DNS queries are resolved locally and not rely on other DNS servers for name resolution. If there are routine problems or failures in replication, then this design is not optimal for the infrastructure.
Another problem that is not of a critical nature is that you will see events related to Active Directory unable to find DNS records for the zone. This happens when the AD service completes the startup process before the DNS service.
Set DNS client settings to point to the another DNS server
In case if the domain controller is configured to use the another DNS server as its primary server, it is best to have at least two dedicated DNS servers in the domain serving all domain controllers. This design reduces any potential DNS replication issues and ensures that all domain controllers have access to the latest DNS records.
The disadvantage of this design is that there will be an increase in the use of dedicated DNS servers. In addition, loss of connectivity to the central server(s) will result in name resolution failures for domain controllers which can affect customer service.
The combination of the two strategies is recommended. The domain controllers should be configured to point to themselves and to an alternate DNS server if possible.
Adjust your DNS client settings to point to the ISP’s DNS servers
Under the no circumstances should you configure the DNS client settings on the domain controllers to point to the ISP’s DNS servers. In case if you configure the DNS client settings to point to the ISP’s DNS servers, the Netlogon service on the domain controllers will not register the records required for AD.
Without registering these records in the authorized zone AD, other members of the domain will not locate information about Active Directory. However, you can configure the DNS server to forward DNS queries to an external DNS server, such as your ISP’s DNS servers. Otherwise, you can continue to use the root hints of the DNS server.
A new domain controller in the existing domain
First Configure the DNS client settings on the server that will be promoted as the domain controller to point to another existing DNS server hosting the domain’s AD zone.
Once you install the DNS service on this new domain controller and verify that DNS zone replication has occurred, you can modify the DNS client settings for this new server if necessary.
The DC should not point itself to DNS until you verify that replication has occurred. This will also prevent the server from becoming an “island” (the DNS server becomes an island when the domain controller points itself to the _msdcs.ForestDnsName domain).
Only one domain controller running DNS
If you have only one server that acts as a domain controller (DC) and the server is running the DNS Server service, you must configure the DNS client settings to point to the server’s IP address, or loopback address (127.0.0.1).
Do not list to any other DNS servers until you have another domain controller hosting the AD DNS zone in that domain. Additionally, do not that list any other external DNS servers such as your ISP’s name servers.