DNS Islanding - I have been reading a series of technical threads on Microsoft DNS best practices. While we do follow DNS best practices for clients with DHCP, there is some different thinking for Microsoft best practices for DNS on DCs.
In short here are the Microsoft best practices recommendations:
1. In a multi-DC/DNS Microsoft network configuration primary DNS on DCs containing DNS servers should be a DNS server that IS NOT that DC/DNS server. In other words every DC server should have another DNS server other than itself as primary.
2. If the actual DC is a DNS server, it should use itself as a secondary or tertiary DNS server.
3. However, when representing the local DC/DNS server in that secondary or tertiary position you should always use the LOCALHOST 127.0.0.1 address and not the actual DC IP address.
While what we are doing is not wrong, Microsoft is suggesting that this scenario is “more right”. The concern seems to stem around something called “DNS Islanding”. If the DC points to itself, weird stuff can happen to it on reboot or if it gets confused. By uncoupling primary DNS for the actual DC from the physical DC, this defends against the local AD replica and local DNS being confused in some situations.
I have actually seen this closely watching DC reboots and attributed this to an AD issue when in fact it is this DNS islanding concept. Note this has nothing to do with client DNS pointing to the local DNS server first and someplace else second. That is completely correct. We are merely talking about where does the DC go first and second.

Leave a comment!
You must be logged in to post a comment.