Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

This article describes best practices for the configuration of Domain Name System (DNS) client settings. The recommendations in this article are for the installation of Windows 2000 Server or Windows Server 2003 environments where there is no previously defined DNS infrastructure.

Original product version: В Windows Server 2012 R2
Original KB number: В 825036

Domain controller with DNS installed

On a domain controller that also acts as a DNS server, Microsoft recommends that you configure the domain controller’s DNS client settings according to these specifications:

If the server is the first and only domain controller that you install in the domain, and the server runs DNS, configure the DNS client settings to point to that first server’s IP address. For example, you must configure the DNS client settings to point to itself. Do not list any other DNS servers until you have another domain controller hosting DNS in that domain.

During the DCPromo process, you must configure additional domain controllers to point to another domain controller that is running DNS in their domain and site, and that hosts the namespace of the domain in which the new domain controller is installed. or if using a 3rd-party DNS to a DNS server that hosts the zone for that DC’s Active Directory domain. Do not configure the domain controller to utilize its own DNS service for name resolution until you have verified that both inbound and outbound Active Directory replication is functioning and up to date. Failure to do so may result in DNS «Islands».
For more information about a related topic, click the following article number to view the article in the Microsoft Knowledge Base:

275278 DNS Server becomes an island when a domain controller points to itself for the _msdcs.ForestDnsName domain

After you’ve verified that replication has completed successfully, DNS may be configured on each Domain Controller in either of two ways, depending on the requirements of the environment. The configuration options are:

• Configure the Preferred DNS server in TCP/IP properties on each Domain Controller to use itself as Primary DNS Server.
  • Advantages: Ensures that DNS queries originating from the Domain Controller will be resolved locally if possible. Will minimize impact of Domain Controller’s DNS queries on the network.
  • Disadvantages: Dependent on Active Directory replication to ensure that DNS zone is up to date. Lengthy replication failures may result in an incomplete set of entries in the zone.
• Configure all Domain Controllers to use a centralized DNS server as their Preferred DNS Server.
  • Advantages:
    • Minimizes the reliance on Active Directory replication for DNS zone updates of Domain Controller locator records. It includes faster discovery of new or updated Domain Controller locator records, as replication lag time isn’t an issue.
    • Provides a single authoritative DNS server, which may be useful when troubleshooting Active Directory replication issues
  • Disadvantages:
    • Will more heavily use the network to resolve DNS queries originating from the Domain Controller
    • DNS name resolution may depend on network stability. Loss of connectivity to the Preferred DNS server will result in failure to resolve DNS queries from the Domain Controller. It may result in apparent loss of connectivity, even to locations that aren’t across the lost network segment.

A combination of the two strategies is possible, with the remote DNS server set as Preferred DNS server, and the local Domain Controller set as Alternate (or vice versa). While this strategy has many advantages, there are factors that should be considered before making this configuration change:

• The DNS client does not utilize each of the DNS servers listed in TCP/IP configuration for each query. By default, on startup the DNS client will attempt to use the server in the Preferred DNS server entry. If this server fails to respond for any reason, the DNS client will switch to the server listed in the alternate DNS server entry. The DNS client will continue to use this alternate DNS server until:
  • It fails to respond to a DNS query, or:
  • The ServerPriorityTimeLimit value is reached (15 minutes by default).

Only a failure to respond will cause the DNS client to switch Preferred DNS servers; receiving an authoritative but incorrect response does not cause the DNS client to try another server. As a result, configuring a Domain Controller with itself and another DNS server as Preferred and Alternate servers helps to ensure that a response is received, but it does not guarantee accuracy of that response. DNS record update failures on either of the servers may result in an inconsistent name resolution experience.

• Don’t configure the DNS client settings on the domain controllers to point to DNS servers of your Internet Service Provider (ISP). If you configure the DNS client settings to point to your ISP’s DNS servers, the Netlogon service on the domain controllers doesn’t register the correct records for the Active Directory directory service. With these records, other domain controllers and computers can find Active Directory-related information. The domain controller must register its records with its own DNS server.

To forward external DNS requests, add the ISP’s DNS servers as DNS forwarders in the DNS management console. If you don’t configure forwarders, use the default root hints servers. In both cases, if you want the internal DNS server to forward to an Internet DNS server, you also must delete the root «.» (also known as «dot») zone in the DNS management console in the Forward Lookup Zones folder.

• If the domain controller that hosts DNS has several network adapters installed, you must disable one adapter for DNS name registration.

For more information about how to configure DNS correctly in this situation, click the following article number to view the article in the Microsoft Knowledge Base:

292822 Name resolution and connectivity issues on a Routing and Remote Access Server that also runs DNS or WINS

To verify your domain controller’s DNS client settings, type the following command at a command prompt to view the details of your Internet Protocol (IP) configuration: ipconfig /all
To modify the domain controller’s DNS client configuration, follow these steps:

Right-click My Network Places, and then select Properties.

Right-click Local Area Connection, and then select Properties.

Select Internet Protocol (TCP/IP), and then select Properties.

Select Advanced, and then select the DNS tab. To configure the DNS information, follow these steps:

1. In the DNS server addresses, in order of use box, add the recommended DNS server addresses.
2. If the For resolution of unqualified names setting is set to Append these DNS suffixes (in order), Microsoft recommends that you list the Active Directory DNS domain name first (at the top).
3. Verify that the DNS Suffix for this connection setting is the same as the Active Directory domain name.
4. Verify that the Register this connection’s addresses in DNS check box is selected.
5. Select OK three times.

If you change any DNS client settings, you must clear the DNS resolver cache and register the DNS resource records. To clear the DNS resolver cache, type the following command at a command prompt: ipconfig /flushdns
To register the DNS resource records, type the following command at a command prompt: ipconfig /registerdns

To confirm that the DNS records are correct in the DNS database, start the DNS management console. There should be a host record for the computer name. (This host record is an «A» record in Advanced view.) There also should be a Start of Authority (SOA) record and a Name Server (NS) record that points to the domain controller.

Domain controller without DNS installed

If you do not use Active Directory-integrated DNS, and you have domain controllers that do not have DNS installed, Microsoft recommends that you configure the DNS client settings according to these specifications:

• Configure the DNS client settings on the domain controller to point to a DNS server that’s authoritative for the zone that corresponds to the domain where the computer is a member. A local primary and secondary DNS server is preferred because of Wide Area Network (WAN) traffic considerations.
• If there’s no local DNS server available, point to a DNS server that’s reachable by a reliable WAN link. Up-time and bandwidth determine reliability.
• Don’t configure the DNS client settings on the domain controllers to point to your ISP’s DNS servers. Instead, the internal DNS server should forward to the ISP’s DNS servers to resolve external names.

Windows 2000 Server and Windows Server 2003 member servers

On Windows 2000 Server and Windows Server 2003 member servers, Microsoft recommends that you configure the DNS client settings according to these specifications:

• Configure the primary and secondary DNS client settings to point to local primary and secondary DNS servers (if local DNS servers are available) that host the DNS zone for the computer’s Active Directory domain.
• If there are no local DNS servers available, point to a DNS server for that computer’s Active Directory domain that can be reached through a reliable WAN link. Up-time and bandwidth determine reliability.
• Don’t configure the client DNS settings to point to your ISP’s DNS servers. If you do so, you may experience issues when you try to join the Windows 2000-based or Windows Server 2003-based server to the domain, or when you try to log on to the domain from that computer. Instead, the internal DNS server should forward to the ISP’s DNS servers to resolve external names.

How to change DNS settings on your PC running Windows 10

Source: Windows Central

When you subscribe for internet access for home or business, the Internet Service Provider (ISP) also provides the necessary network settings, including the Domain Name System (DNS) addresses, which makes possible to access your favorite sites, online services that you may need to work from home, and download files.

The only caveat is that the ISP’s DNS servers are usually slower, unreliable at times, and not very private. However, you can always use different resolvers from third-party companies to improve your internet experience on Windows 10. Here’s how.

What’s DNS?

A Domain Name System is a service (usually at no cost to you) that allows you to type a friendly domain name in the web browser to load a web page, and without them, it’d be a nightmare to surf the internet.

The issue is that every device connected to a network requires an IP address (104.18.189.55) to communicate with other devices. However, these addresses are not easy for humans to remember, and DNS servers are the ones that provide the mechanism to translate friendly domain names (WindowsCentral.com) into an IP address that computers can understand.

Although you can type https://windowscentral.com to get to our website, in the background, the browser first sends a request to the DNS servers to resolve the website name into an IP address. When the address is found, it returns, and then the browser connects to the site and downloads the contents of the page.

Typically, you don’t notice this process, because everything happens in milliseconds. However, if the resolvers that you’re using aren’t reliable, they’re slowing down your internet, or you want to use faster and more private servers, Windows 10 allows you to change these settings to any services you want to use.

In this Windows 10 guide, we’ll walk you through the steps to change the DNS settings on your computer using Control Panel, Command Prompt, and Settings app.

How to change Windows 10 DNS settings using Control Panel

To change the DNS settings on Windows 10 using Control Panel, use these steps:

1. Open Control Panel.
2. Click on Network and Internet.
3. Click on Network and Sharing Center.

Click the Change adapter settings option in the left pane.

Source: Windows Central

Right-click the network interface that connects Windows 10 to the internet, and select the Properties option.

Source: Windows Central

Quick tip: You’ll know which adapter is connected to the network because it won’t have a «Disabled» or «Network cable unplugged» label.

Click the Properties button.

Source: Windows Central

Select the Use the following DNS server addresses option.

Quick note: When you select the option to specify the DNS settings manually, the device will continue to receive the TCP/IP address from the DHCP server (router).

Type your «preferred» and «alternate» DNS addresses.

Source: Windows Central

If you want to use Cloudflare, Google Public DNS, or Cisco OpenDNS, you can use these settings:

• Cloudflare: 1.1.1.1 and 1.0.0.1
• Google Public DNS: 8.8.8.8 and 8.8.4.4
• OpenDNS: 208.67.222.222 and 208.67.220.220

(Optional) Click the Advanced button.

Click the DNS tab.

Click the Add button.

Specify the alternate DNS server address.

Click the Add button.

Quick tip: In addition to adding more addresses, from this tab, you can also edit and remove resolvers, and you even have an option on the side to change their priority.

Click the OK button.

Click the Close button.

Once you complete the steps, the device will immediately start using the DNS settings that you specified.

How to change Windows 10 DNS settings using Settings

To change the DNS addresses using the Settings app, use these steps:

1. Open Settings.
2. Click on Network & Internet.
3. Click on Ethernet (or Wi-Fi depending on your connection).

Select the connection that connects Windows 10 to the network.

Source: Windows Central

Under the «IP settings» section, click the Edit button.

Source: Windows Central

Confirm your «Preferred DNS» and «Alternate DNS» addresses.

Source: Windows Central

If you want to use Cloudflare, Google Public DNS, or Cisco OpenDNS, you can use these settings:

• Cloudflare: 1.1.1.1 and 1.0.0.1
• Google Public DNS: 8.8.8.8 and 8.8.4.4
• OpenDNS: 208.67.222.222 and 208.67.220.220

Click the Save button.

After you complete the steps, you should now be able to connect to the internet using the new resolvers.

Although the Settings app should be the recommended experience to change the DNS settings on your computer, we’re not listing this option first because it can be confusing for some people.

How to change Windows 10 DNS settings using Command Prompt

Alternatively, you can also use Command Prompt to change the DNS settings on Windows 10.

To use Command Prompt to change the device DNS settings, use these steps:

1. Open Start.
2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.

Type the following command to launch the tool to change the networking settings and press Enter:

Type the following command to identify the names of the network adapters and press Enter:

interface show interface

Type the following command to set the primary DNS IP address and press Enter:

interface ip set dns name=»ADAPTER-NAME» source=»static» address=»X.X.X.X»

In the command, remember to change ADAPTER-NAME with the name of your network adapter you identified on step No. 4, and change X.X.X.X with the IP address of the DNS server that you want to use.

If you want to use Cloudflare, Google Public DNS, or Cisco OpenDNS, you can use these settings:

• Cloudflare: 1.1.1.1 and 1.0.0.1
• Google Public DNS: 8.8.8.8 and 8.8.4.4
• OpenDNS: 208.67.222.222 and 208.67.220.220

For example, this command sets the primary DNS addres to 1.1.1.1:

interface ip set dns name=»Ethernet1″ source=»static» address=»1.1.1.1″

Source: Windows Central

Type the following command to add an alternative DNS IP address and press Enter:

interface ip add dns name=»ADAPTER-NAME» addr=»X.X.X.X» index=2

In the command, remember to change ADAPTER-NAME with the name of your network adapter you queried on step No. 4, and change X.X.X.X with the secondary address that you want to use.

For example, this command sets the secondary DNS addres to 1.0.0.1:

interface ip add dns name=»Ethernet1″ addr=»1.0.0.1″ index=2

Source: Windows Central

Quick tip: If you need to add even more DNS addresses, you can repeat the above steps, but increase the number of the index option by 1. For instance, interface ip add dns name=»Ethernet1″ addr=»8.8.8.8″ index=3

Once you complete the steps, Windows 10 will start using the new DNS server addresses to resolve domain names to numeric addresses that your device can understand.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

The Dell XPS 15 is our choice for best 15-inch laptop

For a lot of people, a 15-inch laptop is a perfect size that offers enough screen for multitasking, and in a lot of cases, some extra performance from powerful hardware. We’ve rounded up the best of the best at this size.

Halo: MCC’s live service elements make it better, not worse

Halo: The Master Chief Collection is more popular than ever, but some fans don’t agree with the live service approach 343 Industries has taken with it. Here’s why those elements are, at the end of the day, great for the game and for Halo overall.

Microsoft’s Surface Duo is not ‘failing up’

Microsoft announced this week that it was expanding Surface Duo availability to nine new commercial markets. While Surface Duo is undoubtedly a work in progress, this is not a sign of a disaster. It’s also doesn’t mean that Surface Duo is selling a ton either. Instead, the reason for the expansion is a lot more straightforward.

These are the best PC sticks when you’re on the move

Instant computer — just add a screen. That’s the general idea behind the ultra-portable PC, but it can be hard to know which one you want. Relax, we have you covered!