dns for dc's

I am wondering what the NIC card settings should be for the dc's as far as
the dns servers they point to?
I have 2 dc's on separate vlans and they are both wins/dns servers.
Should they point to themselves as the first dns server in the nic
properties or point to eachother first and themselves second?

Hi,

If there is a fast connection between them then point server A to server B
and server B to server A for preferred DNS connection. For alternative DNS
server point them back to themselves...

--
Mike
Microsoft MVP - Windows Security

"MSNews" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I am wondering what the NIC card settings should be for the dc's as far as
>the dns servers they point to?
> I have 2 dc's on separate vlans and they are both wins/dns servers.
> Should they point to themselves as the first dns server in the nic
> properties or point to eachother first and themselves second?
>

Thanks, now I got another answer about pointing them to themselves because
they are on different vlans?

so I have themselves listed first and the other listed 2nd in the nic
properties.
"Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> If there is a fast connection between them then point server A to server B
> and server B to server A for preferred DNS connection. For alternative DNS
> server point them back to themselves...
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "MSNews" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I am wondering what the NIC card settings should be for the dc's as far as
>>the dns servers they point to?
>> I have 2 dc's on separate vlans and they are both wins/dns servers.
>> Should they point to themselves as the first dns server in the nic
>> properties or point to eachother first and themselves second?
>>
>
>

Hi,

Again if they are on fast connection then you should point them to each
others...

The thing is, while DC is booting the TCP/IP is loaded and discovery process
can start before DNS is loaded on local server (which is still booting)...
If you point it to itself it will fail the discovery process (and it will
need longer time before you can logon) since local DNS server service is not
up and running yet. If you point it to the other DNS it will be able to use
it (if it is up...)

--
Mike
Microsoft MVP - Windows Security

"MSNews" <(E-Mail Removed)> wrote in message
news:OpU$(E-Mail Removed)...
> Thanks, now I got another answer about pointing them to themselves because
> they are on different vlans?
>
> so I have themselves listed first and the other listed 2nd in the nic
> properties.
> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi,
>>
>> If there is a fast connection between them then point server A to server
>> B and server B to server A for preferred DNS connection. For alternative
>> DNS server point them back to themselves...
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "MSNews" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I am wondering what the NIC card settings should be for the dc's as far
>>>as the dns servers they point to?
>>> I have 2 dc's on separate vlans and they are both wins/dns servers.
>>> Should they point to themselves as the first dns server in the nic
>>> properties or point to eachother first and themselves second?
>>>
>>
>>
>
>

When I do that I start getting a bunch of errors in the event logs for
netlogon?
So is that because they are on a vlan and do I need to do something to the
switch to get the 2 dc's talking better?
"Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
news:OJO%(E-Mail Removed)...
> Hi,
>
> Again if they are on fast connection then you should point them to each
> others...
>
> The thing is, while DC is booting the TCP/IP is loaded and discovery
> process can start before DNS is loaded on local server (which is still
> booting)... If you point it to itself it will fail the discovery process
> (and it will need longer time before you can logon) since local DNS server
> service is not up and running yet. If you point it to the other DNS it
> will be able to use it (if it is up...)
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "MSNews" <(E-Mail Removed)> wrote in message
> news:OpU$(E-Mail Removed)...
>> Thanks, now I got another answer about pointing them to themselves
>> because they are on different vlans?
>>
>> so I have themselves listed first and the other listed 2nd in the nic
>> properties.
>> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi,
>>>
>>> If there is a fast connection between them then point server A to server
>>> B and server B to server A for preferred DNS connection. For alternative
>>> DNS server point them back to themselves...
>>>
>>> --
>>> Mike
>>> Microsoft MVP - Windows Security
>>>
>>> "MSNews" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>>I am wondering what the NIC card settings should be for the dc's as far
>>>>as the dns servers they point to?
>>>> I have 2 dc's on separate vlans and they are both wins/dns servers.
>>>> Should they point to themselves as the first dns server in the nic
>>>> properties or point to eachother first and themselves second?
>>>>
>>>
>>>
>>
>>
>
>

Are TCP and UDP ports open between VLANs? If not, you will need to open them
if you want this to work (you will need to open quit a lot for two domain
controllers to talk to each others...)...

To only open DNS you will need to open UDP and TCP 53 port...

--
Mike
Microsoft MVP - Windows Security

"MSNews" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> When I do that I start getting a bunch of errors in the event logs for
> netlogon?
> So is that because they are on a vlan and do I need to do something to the
> switch to get the 2 dc's talking better?
> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
> news:OJO%(E-Mail Removed)...
>> Hi,
>>
>> Again if they are on fast connection then you should point them to each
>> others...
>>
>> The thing is, while DC is booting the TCP/IP is loaded and discovery
>> process can start before DNS is loaded on local server (which is still
>> booting)... If you point it to itself it will fail the discovery process
>> (and it will need longer time before you can logon) since local DNS
>> server service is not up and running yet. If you point it to the other
>> DNS it will be able to use it (if it is up...)
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "MSNews" <(E-Mail Removed)> wrote in message
>> news:OpU$(E-Mail Removed)...
>>> Thanks, now I got another answer about pointing them to themselves
>>> because they are on different vlans?
>>>
>>> so I have themselves listed first and the other listed 2nd in the nic
>>> properties.
>>> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Hi,
>>>>
>>>> If there is a fast connection between them then point server A to
>>>> server B and server B to server A for preferred DNS connection. For
>>>> alternative DNS server point them back to themselves...
>>>>
>>>> --
>>>> Mike
>>>> Microsoft MVP - Windows Security
>>>>
>>>> "MSNews" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>>I am wondering what the NIC card settings should be for the dc's as far
>>>>>as the dns servers they point to?
>>>>> I have 2 dc's on separate vlans and they are both wins/dns servers.
>>>>> Should they point to themselves as the first dns server in the nic
>>>>> properties or point to eachother first and themselves second?
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

That is what I am trying to find out. Authentication and all seems fine,
however I do get errors if one dc is set to the others NIC as the 1st in the
list.

IS that because of the switch config?
"Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Are TCP and UDP ports open between VLANs? If not, you will need to open
> them if you want this to work (you will need to open quit a lot for two
> domain controllers to talk to each others...)...
>
> To only open DNS you will need to open UDP and TCP 53 port...
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "MSNews" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> When I do that I start getting a bunch of errors in the event logs for
>> netlogon?
>> So is that because they are on a vlan and do I need to do something to
>> the switch to get the 2 dc's talking better?
>> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
>> news:OJO%(E-Mail Removed)...
>>> Hi,
>>>
>>> Again if they are on fast connection then you should point them to each
>>> others...
>>>
>>> The thing is, while DC is booting the TCP/IP is loaded and discovery
>>> process can start before DNS is loaded on local server (which is still
>>> booting)... If you point it to itself it will fail the discovery process
>>> (and it will need longer time before you can logon) since local DNS
>>> server service is not up and running yet. If you point it to the other
>>> DNS it will be able to use it (if it is up...)
>>>
>>> --
>>> Mike
>>> Microsoft MVP - Windows Security
>>>
>>> "MSNews" <(E-Mail Removed)> wrote in message
>>> news:OpU$(E-Mail Removed)...
>>>> Thanks, now I got another answer about pointing them to themselves
>>>> because they are on different vlans?
>>>>
>>>> so I have themselves listed first and the other listed 2nd in the nic
>>>> properties.
>>>> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> Hi,
>>>>>
>>>>> If there is a fast connection between them then point server A to
>>>>> server B and server B to server A for preferred DNS connection. For
>>>>> alternative DNS server point them back to themselves...
>>>>>
>>>>> --
>>>>> Mike
>>>>> Microsoft MVP - Windows Security
>>>>>
>>>>> "MSNews" <(E-Mail Removed)> wrote in message
>>>>> news:(E-Mail Removed)...
>>>>>>I am wondering what the NIC card settings should be for the dc's as
>>>>>>far as the dns servers they point to?
>>>>>> I have 2 dc's on separate vlans and they are both wins/dns servers.
>>>>>> Should they point to themselves as the first dns server in the nic
>>>>>> properties or point to eachother first and themselves second?
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Hi,
Any way to find out what is open and what needs to be open?
I got one post about port 137 and a couple others.

Somethings work.
I have the nic properties set to point as you suggested and it works fine
but I get errors at startup for 2510 unable to map server service 998


"MSNews" wrote:

> That is what I am trying to find out. Authentication and all seems fine,
> however I do get errors if one dc is set to the others NIC as the 1st in the
> list.
>
> IS that because of the switch config?
> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > Are TCP and UDP ports open between VLANs? If not, you will need to open
> > them if you want this to work (you will need to open quit a lot for two
> > domain controllers to talk to each others...)...
> >
> > To only open DNS you will need to open UDP and TCP 53 port...
> >
> > --
> > Mike
> > Microsoft MVP - Windows Security
> >
> > "MSNews" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> >> When I do that I start getting a bunch of errors in the event logs for
> >> netlogon?
> >> So is that because they are on a vlan and do I need to do something to
> >> the switch to get the 2 dc's talking better?
> >> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
> >> news:OJO%(E-Mail Removed)...
> >>> Hi,
> >>>
> >>> Again if they are on fast connection then you should point them to each
> >>> others...
> >>>
> >>> The thing is, while DC is booting the TCP/IP is loaded and discovery
> >>> process can start before DNS is loaded on local server (which is still
> >>> booting)... If you point it to itself it will fail the discovery process
> >>> (and it will need longer time before you can logon) since local DNS
> >>> server service is not up and running yet. If you point it to the other
> >>> DNS it will be able to use it (if it is up...)
> >>>
> >>> --
> >>> Mike
> >>> Microsoft MVP - Windows Security
> >>>
> >>> "MSNews" <(E-Mail Removed)> wrote in message
> >>> news:OpU$(E-Mail Removed)...
> >>>> Thanks, now I got another answer about pointing them to themselves
> >>>> because they are on different vlans?
> >>>>
> >>>> so I have themselves listed first and the other listed 2nd in the nic
> >>>> properties.
> >>>> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
> >>>> news:(E-Mail Removed)...
> >>>>> Hi,
> >>>>>
> >>>>> If there is a fast connection between them then point server A to
> >>>>> server B and server B to server A for preferred DNS connection. For
> >>>>> alternative DNS server point them back to themselves...
> >>>>>
> >>>>> --
> >>>>> Mike
> >>>>> Microsoft MVP - Windows Security
> >>>>>
> >>>>> "MSNews" <(E-Mail Removed)> wrote in message
> >>>>> news:(E-Mail Removed)...
> >>>>>>I am wondering what the NIC card settings should be for the dc's as
> >>>>>>far as the dns servers they point to?
> >>>>>> I have 2 dc's on separate vlans and they are both wins/dns servers.
> >>>>>> Should they point to themselves as the first dns server in the nic
> >>>>>> properties or point to eachother first and themselves second?
> >>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
>
>
>

Hi,

This is what is needed between DCs to replicate...

RPC endpoint mapper 135/tcp, 135/udp
Network basic input/output system (NetBIOS) name service 137/tcp, 137/udp
NetBIOS datagram service 138/udp
NetBIOS session service 139/tcp
RPC dynamic assignment 1024-65535/tcp
Server message block (SMB) over IP (Microsoft-DS) 445/tcp, 445/udp
Lightweight Directory Access Protocol (LDAP) 389/tcp
LDAP over SSL 636/tcp
Global catalog LDAP 3268/tcp
Global catalog LDAP over SSL 3269/tcp
Kerberos 88/tcp, 88/udp
Domain Name Service (DNS) 53/tcp1, 53/udp
Windows Internet Naming Service (WINS) resolution (if required) 1512/tcp,
1512/udp
WINS replication (if required) 42/tcp, 42/udp
and ICMP protocol.

Service overview and network port requirements for the Windows Server system
http://support.microsoft.com/default...uct=winsvr2003

--
Mike
Microsoft MVP - Windows Security

"Jake" <(E-Mail Removed)> wrote in message
news:3E587EE6-0242-49ED-8947-(E-Mail Removed)...
> Hi,
> Any way to find out what is open and what needs to be open?
> I got one post about port 137 and a couple others.
>
> Somethings work.
> I have the nic properties set to point as you suggested and it works fine
> but I get errors at startup for 2510 unable to map server service 998
>
>
> "MSNews" wrote:
>
>> That is what I am trying to find out. Authentication and all seems fine,
>> however I do get errors if one dc is set to the others NIC as the 1st in
>> the
>> list.
>>
>> IS that because of the switch config?
>> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>> > Are TCP and UDP ports open between VLANs? If not, you will need to open
>> > them if you want this to work (you will need to open quit a lot for two
>> > domain controllers to talk to each others...)...
>> >
>> > To only open DNS you will need to open UDP and TCP 53 port...
>> >
>> > --
>> > Mike
>> > Microsoft MVP - Windows Security
>> >
>> > "MSNews" <(E-Mail Removed)> wrote in message
>> > news:%(E-Mail Removed)...
>> >> When I do that I start getting a bunch of errors in the event logs for
>> >> netlogon?
>> >> So is that because they are on a vlan and do I need to do something to
>> >> the switch to get the 2 dc's talking better?
>> >> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
>> >> news:OJO%(E-Mail Removed)...
>> >>> Hi,
>> >>>
>> >>> Again if they are on fast connection then you should point them to
>> >>> each
>> >>> others...
>> >>>
>> >>> The thing is, while DC is booting the TCP/IP is loaded and discovery
>> >>> process can start before DNS is loaded on local server (which is
>> >>> still
>> >>> booting)... If you point it to itself it will fail the discovery
>> >>> process
>> >>> (and it will need longer time before you can logon) since local DNS
>> >>> server service is not up and running yet. If you point it to the
>> >>> other
>> >>> DNS it will be able to use it (if it is up...)
>> >>>
>> >>> --
>> >>> Mike
>> >>> Microsoft MVP - Windows Security
>> >>>
>> >>> "MSNews" <(E-Mail Removed)> wrote in message
>> >>> news:OpU$(E-Mail Removed)...
>> >>>> Thanks, now I got another answer about pointing them to themselves
>> >>>> because they are on different vlans?
>> >>>>
>> >>>> so I have themselves listed first and the other listed 2nd in the
>> >>>> nic
>> >>>> properties.
>> >>>> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in message
>> >>>> news:(E-Mail Removed)...
>> >>>>> Hi,
>> >>>>>
>> >>>>> If there is a fast connection between them then point server A to
>> >>>>> server B and server B to server A for preferred DNS connection. For
>> >>>>> alternative DNS server point them back to themselves...
>> >>>>>
>> >>>>> --
>> >>>>> Mike
>> >>>>> Microsoft MVP - Windows Security
>> >>>>>
>> >>>>> "MSNews" <(E-Mail Removed)> wrote in message
>> >>>>> news:(E-Mail Removed)...
>> >>>>>>I am wondering what the NIC card settings should be for the dc's as
>> >>>>>>far as the dns servers they point to?
>> >>>>>> I have 2 dc's on separate vlans and they are both wins/dns
>> >>>>>> servers.
>> >>>>>> Should they point to themselves as the first dns server in the nic
>> >>>>>> properties or point to eachother first and themselves second?
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>
>> >>
>> >
>> >
>>
>>
>>