What should the order of DNS servers be for an AD Domain Controller and Why?

According to this link and the Windows Server 2008 R2 Best Practices Analyzer, the loopback address should be in the list, but never as the primary DNS server. In certain situations like a topology change, this could break replication and cause a server to be “on an island” as far as replication is concerned.

Say that you have two servers: DC01 (10.1.1.1) and DC02 (10.1.1.2) that are both domain controllers in the same domain and both hold copies of the ADI zones for that domain. They should be configured as follows:

DC01
Primary DNS   10.1.1.2
Secondary DNS 127.0.0.1

DC02
Primary DNS   10.1.1.1
Secondary DNS 127.0.0.1

Leave a Comment