DNS IP Priority when a server has two IP’s.

Benn 1 Reputation point

We had a Domain Controller that was setup with only one IP (, we are decommissioning that server and moving that IP to a new DC, we have setup that DC so it has two IPs assigned to it. We have one IP we use for the Server ( and are going to use the as the DNS IP). We have setup the DNS to only use
Internally there are no issues, everything works as it should, but when you go to lookup anything externally, like www.google.com.au it fails, therefore no internet. When we check the firewall no external DNS queries are going out. But when we add to the DNS adapter, we can see all the query’s going out via this address, not the address and the internet starts working again.
So the Question is does the higher IP take preference over the lower IP when sending DNS traffic out from the server?
We do have other Domain Controllers in a different site that have a higher DNS IP than the Server IP and they have no issues.
Were not sure if it’s a DNS/Server issues with the IP’s assigned or if there is some firewall issue since was working with no issues before we moved it to the new DC.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,034 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous

    Multi-homing a domain controller will always cause no end to grief for active directory DNS.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. Anonymous

    The simplest method to migrate to new domain controllers is below.

    The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can move on to next one.

    If you wanted to reuse an old address, after migration (and old one has been decommissioned) you can change the domain controller's address, then do ipconfig /flushdns, ipconfig /registerdns, restart the netlogon service. If the subnet is also changing then recreate the reverse lookup zone. Just right-click Reverse Lookup Zones\New Zone and step through the wizard.

    --please don't forget to upvote and Accept as answer if the reply is helpful--