Configuring Preferred/Alternate DNS Servers on a DNS server

I currently am running a single DNS server.

If I don't set a Preferred/Alternate DNS server on the Ethernet controller and run the Best Practices Analyzer I get the following results:

Image1

If I do set the Preferred DNS server to the IP address of the server:

Image2

then I get the following results when running the BPA:

Image3

If I set the Preferred DNS server to a Google Public DNS server and the Alternate DNS server to the local DNS server:

Image4

then I get the following results when I run the BPA:

Image5

How should I have this configured to make the BPA happy?


It looks like you've installed the DNS role as part of a Domain Controller installation. The second BPA warning is a little misleading. What it's telling you is that the loopback address should be added as a DNS server, but not as the preferred DNS server. What that means is that you don't have the loopback address added but the warning makes it seem as if the BPA is telling you that the loopback address is added as the preferred address. What you need to do is to access the TCP/IPv4 properties of the NIC and add the loopback address as the secondary server. That should clear the BPA of that error. Leave the current ip address configured as the preferred DNS server.

It's recommended that you install at least two Domain Controllers in every domain. If you add a second Domain Controller then you'll want to change the preferred DNS server on both Domain Controllers to point at their "partner".

So, DC1 points to DC2 as preferred and itself as secondary (with the loopback address added as tertiary), while DC2 points to DC1 for preferred and itself as secondary (with the loopback address added as tertiary).


The second error message BPA reports state:

DNS servers on Ethernet should include the loopback address, but not as the first entry

The IP address of the server (192.168.22.16) is not the same as the loopback address.

To silence BPA you'll need to configure the "preferred DNS server" with the IP address of another DNS server in your network, and then the secondary DNS server pointing to the loopback address (127.0.0.1).

As explained by joequerty, one of the first best practise steps to take is to deploy at least two DC/DNS servers, which is why the BPA expects you to cross-ref their addresses for DNS resolution.