DNS is pretty crucial in a domain environment. If you pull up DNS on your domain controller(s), you can see a listing of, well, a lot of different stuff–PC names to start in DNS > Forward Lookup Zones > domain name. There’s also reverse lookup zones, possibly even mail server records and even more. DNS can get incredibly complex, so I am going to focus on DNS failover (more like running DNS on two Domain Controllers) and forwarding records (gets you out to the the interwebs).
Start by pulling up the DNS service on a Domain Controller (DC from here on out) and your NIC configuration (pro tip: do run then ncpa.cpl to get to your NIC(s) quicker).
Let’s start with the NIC setup. Right click the NIC and select properties.
Then the IPV4 line.
Click Advanced, then the DNS tab.
In the DNS tab, we’re going to add a secondary DNS server for our local DNS resolution. Grab the IP address of your secondary DNS server. My IP is 192.168.223.25–your secondary DNS server IP will more than likely be different. Click the add tab and add in the IP of DNS server two and DNS server 1. If you’ve setup your DNS differently–using the loopback as I originally did, that’s fine. We want our final DNS order to look like this:
So in this order, we want: DNS Server 2, DNS Server 1, loopback address. On the second DNS server, we would want it to look like this:
On DNS Server 2, we’re doing: DNS Server 1, DNS Server 2, loopback address. In essence, we are pointing the DNS servers at each other, this way, they check the other DC first, and if that one is down (planned or unplanned) it will then look to its own DNS service for resolution.
The other crucial component is to configure DNS forwarders on both DNS servers/services. If we don’t do this, then end devices won’t be able to get out to the internet. We don’t have the entire internet’s resolution table running on our local DNS server, so we use an open resolver.
Head over to the DNS Manager and right click on Server/Computer icon–it is the name of your server.
Click Forwarders and then Edit:
I am going to configure this for Cloud Flare DNS servers. If you have Cisco Umbrella or Fortinet DNS service, etc, etc, this would be a good place to input them.
Click to ad the IP addresses:
Add your chosen open resolvers; I am using 1.1.1.1 and 1.0.0.1