DNS settings for domain controller with dual nics one facing internet directly and one to router
I have a server with 2 NICs. One of them is connected directly to the internet (it's on public IP)
The other NIC has a private IP and connects to our router which is connected to the internet also (different public IP)
Now, this server has been setup to be a domain controller and has the DNS role on it.
I noticed that after the DNS role was activated, both NIC DNS setting were changed to 127.0.0.1.
That server's routing table (route -4 print) shows EQUAL metric to both NICs.
The DNS role once activated is in its default settings
Does each NIC having DNS set to localhost could cause any problem ? What I wanted ideally is only the NIC with the private IP to have 127.0.0.1 as its DNS server IP ?
The other NIC is only a way to get inside that network should the router fail somehow.
Solution 1:
ACTUAL ANSWER:
Your DNS server needs to be authoritative for your local domain. Set the "router" NIC to use itself as its DNS server (ie. its internal IP, not localhost). You also didn't mention setting up DNS forwarders, so make sure you do that or your users will complain that "the Internet is down." This really means that your DNS server is not forwarding their DNS requests to the next appropriate DNS server in the chain.
FRIENDLY ADVICE:
With that out of the way, I'm seconding the concerns with a web-facing domain controller. This is an immensely bad idea, and this is not how you perform out of band access. Your domain controller is the inner keep of your castle (network), and you must protect it appropriately. Never expose it to the Internet, for any reason. Do not forward ports to it. It should be completely impossible to route to it from the Internet. If I can ping your domain controller, you are doing something wrong. Is the message clear yet? This is not negotiable!
If you want out of band access on a shoestring budget, set up a workstation or similar in the same position as where you were going to put your domain controller. Add the second NIC, then harden the living daylights out of it. Add firewall restrictions to allow only a handful of known IPs, like your house, and keep it patched. Good luck.
Solution 2:
TL;DR: Don't multihome a DC, don't put a DC on a publicly accessible IP address, don't do both things at the same time. But if you still want to do these things, at least be sure you really know what you are doing.
As others have said, do not put a domain controller on a public IP address without a firewall protecting it. And even with a firewall protecting it. "Just Don't Do It". (TM)
As others have said, too, do not multihome a domain controller unless you really know what you are doing. (And, if you really know what you are doing, you'd usually try any means to avoid it.)
If you really, really, really need a dual-homed domain controller, or any dual-homed Windows server, don't put a default gateway in each NIC's configuration. Windows is not going to load balance two Internet connections, and will even warn you that two default gateways are not supported. Set the default gateway only on the NIC that will be actually used to access the Internet, and leave the other one empty. Use static routes if needed. And be prepared for some routing pain, anyway.
If you have a dual-homed Windows server, especially if it's a domain controller, you need to be exceptionally careful about DNS settings. Windows will by default register all of its IP addresses in the domain DNS as A records associated with its name, and a domain controller will also register lots of SRV records in order to be identified as a DC by other domain computers. If the wrong IP address ends up in the domain DNS, Pain & Suffering will ensue. Make sure to leave DNS registration enabled only on the NIC whose IP you actually want other computers to use when talking to that server (and PLEASE make this be the private NIC).
A DC which also has the DNS role installed automatically configures its NIC(s) to use 127.0.0.1 as its primary DNS server after DCPROMO. This is actually the most harmless of the configuration problems on your server, but if you want it fixed, just put your server's real IP address there. Yes, the one you want to use for domain services. Yes, the private one.
If after all of this you still want a dual-homed DC with a public IP address, at least disable file & print sharing and remote desktop services on the public NIC. Unless you want it exactly in order to RDP into your server from the Internet. If this is the case, please consider a career shift, as IT administration might really not be the right job for you.