This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 22%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
HI,
I had a weird issue where i couldnt log into dc1, it kept saying my username / password is wrong. My account is part of the domain admins and i could log into dc2 and dc3. Upon reboot i was able to access dc1, which led me to think there is misconfiguration happening between the 3 DCs. Can someone confirm what the proper DNS settings should be for 3 Domain Controllers in one forest?
dc1 and dc2 are physically in datacenter1 and in the "Default-First-Site-Name" in Active Directory Sites and Services.
dc3 is in a different physical datacenter2 and respectively in a different site than "Default-First-Site-Name" in Active Directory Sites and Services.
Datacenter 1 and Datacenter 2 connect with a WAN leased 10Gig link so bandwidth is not an issue.
ALL 3 DCs provide DNS for redundancy and the settings are as follow.
dc1 IP 10.0.0.130
DNS1: 10.0.0.131
DNS2: 10.0.0.130 <--- itself *should this be loopback address instead???
dc2 IP 10.0.0.131
DNS1: 10.0.0.130
DNS2: 10.0.0.131 <--- itself *should this be loopback address instead???
dc3 IP 10.5.0.130
DNS1: 10.0.0.130 <--dc1
DNS2: 10.0.0.131<--dc2
Is this proper configuration for DNS for all 3 DCs? I feel like as it is nothing is pointing to DC3.
I should also mention that we used openDNS as part of Cisco umbrella which delegates dns to the 3 DCs.
Any help would be greatly appreaciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 73%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESQ%3C/text%3E%3C/svg%3E)
Hi,
Just checking in to see if the information provided was helpful.
If yes, you may accept useful reply as answer, if not, welcome to feedback.
Best Regards,
Sunny
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Each domain controller should (at minimum) have its own static ip address plus loopback (127.0.0.1) listed for DNS
Might check the time is in sync for domain.
--please don't forget to Accept as answer if the reply is helpful--
So istead of OP it would look like this?
dc1 IP 10.0.0.130
DNS1: 10.0.0.131
DNS2: 127.0.0.1 <--- itself *should this be loopback address instead???
dc2 IP 10.0.0.131
DNS1: 10.0.0.130
DNS2: 127.0.0.1 <--- itself *should this be loopback address instead???
dc3 IP 10.5.0.130
DNS1: 10.0.0.130 <-- still confused as to where this one should point in Primary DNS
DNS2: 127.0.0.1
Could you confirm this is a proper setup in 3 DC enviorment?
So istead of OP it would look like this?
dc1 IP 10.0.0.130
DNS1: 10.0.0.131
DNS2: 127.0.0.1 <--- itself *should this be loopback address instead???
I'd at least add 10.0.0.130
dc2 IP 10.0.0.131
DNS1: 10.0.0.130
DNS2: 127.0.0.1 <--- itself *should this be loopback address instead???
I'd at least add10.0.0.131
dc3 IP 10.5.0.130
DNS1: 10.0.0.130 <-- still confused as to where this one should point in Primary DNS
DNS2: 127.0.0.1*
I'd at least add 10.5.0.130
--please don't forget to Accept as answer if the reply is helpful--
So youre saying that i should have each DC point to itself as primary AND loopback as secondary?
What happens if DNS service stops on dc1 for whatever reason, and it receives a query? It appears that the request will stops and fail there since both DNS entries point to itself and service is not running.
What happens if DNS service stops on dc1 for whatever reason, and it receives a query?
Hopefully the client has more than one DNS server listed on it's own connection properties.
--please don't forget to Accept as answer if the reply is helpful--