DNS "island" problem....

  • Thread starter Thread starter will
  • Start date Start date
W

will

there are a few articles about this problem that exists
where you set domain controllers with their own address as
the primary or alternate DNS address and kill replication
because of it.
However, if you only have two domain controllers how can
you create redundancy if you don't?
For example, if you have domain controller1 pointing to
itself for DNS and then everything else pointing to
controller1 (as they suggest), what happens if controller1
goes down?
Then controller2 will be trying to get it's DNS from
controller1 and nothing will happen.
How are you supposed to keep at least one DC up for people
to use if it can't use it's own address for DNS, in the
event that the other one goes down???
here's the address of what I'm talking about if it's not
clear...

http://support.microsoft.com/default.aspx?scid=kb;en-us%
3B275278

How can I make sure that there is one DNS server working
at all times and not create this 'DNS island' problem that
Microsoft speaks about???
 
In
will said:
there are a few articles about this problem that exists
where you set domain controllers with their own address as
the primary or alternate DNS address and kill replication
because of it.
However, if you only have two domain controllers how can
you create redundancy if you don't?
For example, if you have domain controller1 pointing to
itself for DNS and then everything else pointing to
controller1 (as they suggest), what happens if controller1
goes down?
Click to expand...

DC2 can point to itself as Alternate DNSor if you have 3 DCs DC2 can point
to DC3 as Alternate and DC3 can use DC2 for Alternate, but all should use
DC1 as Preferred.
Then controller2 will be trying to get it's DNS from
controller1 and nothing will happen.
How are you supposed to keep at least one DC up for people
to use if it can't use it's own address for DNS, in the
event that the other one goes down???
Click to expand...

This does not mean that all clients can only use DC1 for DNS. The clients
can use what ever AD DNS server or servers are the closest geographically.
If replication is working it won't make a big difference.
How can I make sure that there is one DNS server working
at all times and not create this 'DNS island' problem that
Microsoft speaks about???
Click to expand...

The DNS island issue is a replication problem and does not mean that DNS
does not work.
It is just when two DCs with DNS and _msdcs.<forestrootdomain> does not
contain the CNAME records for all DCs. To prevent this only one DC should
point to itself for preferrred, all additional DCs should point to the first
DC (the one that points to itself for preferred).
The way I do this is that all DCs will have the same Preferred DNS, and yes,
that means that one is using itself for the preferred DNS. This will make
sure that replication works among all DCs.
Carefully re-read this article.
275278 - DNS Server Becomes an Island When a Domain Controller Points to
Itself for the _Msdcs.ForestDnsName Domain:

http://support.microsoft.com/default.aspx?scid=kb;en-us;275278&Product=win2000
 
okay, so DC2 only needs the DNS address for replication
and if DC1 goes down it just won't be able to get any
changes??
Once DC1 comes back up they will sync and have the same
copy again??
But while DC1 is down, even though DC2 is pointing to DC1,
people in the domain will still be able to access the
network resources, etc....

Do I have that right?
 
If I had DC1: 111.111.111.1
and DC2 : 111.111.111.2

and I set it up so that every preferred DNS address (both
DC's and workstations) was 111.111.111.1 (DC1) and then
set every alternate DNS (except for DC1, who would only be
using itself) as 111.111.111.2
Does that avoid this problem and still make sure that
there is a current, running DNS server all the time?
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
If I had DC1: 111.111.111.1
and DC2 : 111.111.111.2

and I set it up so that every preferred DNS address (both
DC's and workstations) was 111.111.111.1 (DC1) and then
set every alternate DNS (except for DC1, who would only be
using itself) as 111.111.111.2
Does that avoid this problem and still make sure that
there is a current, running DNS server all the time?
Click to expand...

The workstations do not matter which is preferred or alternate, they are
_not_ replication partners. Workstation clients must use these two DNS in
any order, as long as you don't use an ISP's DNS on the workstations.
The island issue is when each DC with DNS does not have all DCs CNAME record
in the _msdcs.<forestroot>, when you open this in the DNS console you will
see the DC's CNAME records using the DC GUID number. The problem happens
when not all DCs have their record registered in this zone.
 
Hello All,

The "island" issue is not an automatic given scenario that happens
everytime. As per the article, "This behavior may occur because a DNS
server may not have the necessary domain controller locator CNAME record
for <DsaGuid>._msdcs.<ForestDnsName> in its zone for another domain
controller.". I would check to see if that record exists. Perform a netdiag
and dcdiag on the servers to check out it's over all health. If everything
is cool then I would not give it any other thought. If not, then follow the
suggestions below:

Point each AD DNS server to itself as alternate and to the other DNS server
as preferred. You can point your clients to either one.

Are you seeing any symptoms or issues that would leave you to believe that
DNS is not functioning?

Shane Brasher
MCSE (2003,2000,NT),MCSA Security, Network+, A+
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top