Loopback as primary DNS

What could go wrong when we use it? Does the same apply to small
networks with one server only assuming that in both cases the DNS
server has two NICs?
yaro

Loopback? What do you mean with this? Please describe more details about
your setup, amount of servers and there roles and what you are trying to
achive at the end including OS version and SP/patch level.

I mean sticking 127.0.0.1 as the primary DNS server's address on the
internal face NIC's properties page of the server that runs DNS.

Got it. Was a bit blind with loopback ip address. If you have multiple servers
in your network use always the real ip address of the server instead. If
you have multiple DNS servers configure them also as secondary on the NIC
for redundancy.

This is what I do as Microsoft's recommended best practice. I'm just
wandering what could be the drawbacks. Thanks again.

I believe the concern is that the DNS registration client may not get
you registered properly if you use a loopback address here.

Basically the loopback address is used for testing perpose. It will immediately
send the signal back to itself, which of course works on a DNS server as
pointing to itself. Also after promotion a server to DC/DNS, it changes automatically
to the loopback ip address to make sure it has a valid DNS server configured
as preferred on the NIC. So it doesn't need to know the real ip address.

Yes, that's the thing, it does it automatically. I asked as I heard
from a pretty good source that it's not a good practice and many
admins do the mistake of leaving it this way. Unfortunately I had no
opportunity to ask that person why is that.

I think it's a good idea to have an AD DC that is also a DNS server use
the loop back (or other similar things explained below). Mainly b/c DNS
will fail to start if the NIC is not plugged in or other wise does not
have link. This means that AD will come up with out DNS which is (in my
opinion) all about broken.

To help solve this, AD DCs with DNS will use the Loopback IP of
127.0.0.1 as an IP address that is guaranteed to be up and accessible.

along these same lines, I have been known to install the Microsoft
Loopback Adapter (not the internal adapter less virtual address that is
127/8 to Windows) and assign a static IP to it and use that as a DNS
server (as well as other things that can be routed to).

I don't necessarily agree with using the loopback due to various reasons,
one of which is the reverse registration. Besides, if the IP address is not
upu and accessible, then it means the network will be down, then how will
the registration attempt be sent to DNS anyway? I also don't agree with
installing the loopback adapter to circumvent this.

Maybe it's just been my poor luck that I've had to deal with multiple
small offices / networks that could not get their server to boot up
correctly (b/c AD could not query DNS) when their switch was down (for
what ever reason). In these cases servers that would normally take 5
minutes to boot from power on would take 15 or more because they could
not query DNS b/c the network card did not have link. At least with the
Microsoft Loopback Adapter installed and up, the DNS server would come
up and AD could find DNS like it needed to.

I think my usage scenario may have more to do with the size of networks
that I work with. If I were working on a larger network with multiple
servers I agree that this is a sub-optimal solution.

What difference does it make if your server takes 5 minutes or 15
minutes to boot when the NIC is disconnected? Do you regularly boot
your server without a network connection?

Admittedly the delay can be annoying on those one off cases where you
really do need to boot a system without a network connection, but
balanced against the annoyances of not having dynamic registration
working consistently, I'll take the longer boot time.

It's not so much the delay that I have a problem with as it is the
system being in an inconsistent / unhappy state when it finally gets
booted up.

Curious, why would the switch not have power and the server does? I figure
the switch would boot up and be ready way before the server, assuming the
switch and server are either on the same UPS or different UPS that all power
back up after a power outage. Are the switch and servers on the same
electrical feed (to the building)?

The first time I ran in to this was while rebooting a server to diagnose
a weird problem that ended up being a locked up switch. The catch was
that the reboot that the client did before I walked in the door had us
waiting 15 - 20 minutes and the one that I did had me waiting again.

With regards to switches being battery backed, it depends on the
capacity of the UPS and what the client wants. Some of my clients are
of the opinion that if the power is out, the workstations can't get to
the server, so devote that battery power to keeping the server up longer
before initiating a shut down.

I have also run in to this when working on servers at my office where I
don't want the NIC plugged in to the network b/c of a DHCP server conflict.

In the end I've found that having the Microsoft Loopback Adapter to be
good for a number of different things. The fact that the DNS server
will have an always up (unless I disable it) interface was a bonus.

In message <he56a4$l8e$1@tncsrv01.tnetconsulting.net> Grant Taylor
<gtaylor@riverviewtech.net> was claimed to have wrote:

>In the end I've found that having the Microsoft Loopback Adapter to be
>good for a number of different things. The fact that the DNS server
>will have an always up (unless I disable it) interface was a bonus.

Wouldn't that effectively multihome the machine, and bring with it all
those related hassles?

"Dave Warren" <dave-usenet@djwcomputers.com> wrote in message
news:i75hg5tnm04tm75ivv586skiqmlbhece6k@4ax.com...
> In message <he56a4$l8e$1@tncsrv01.tnetconsulting.net> Grant Taylor
> <gtaylor@riverviewtech.net> was claimed to have wrote:
>
>>In the end I've found that having the Microsoft Loopback Adapter to be
>>good for a number of different things. The fact that the DNS server
>>will have an always up (unless I disable it) interface was a bonus.
>
> Wouldn't that effectively multihome the machine, and bring with it all
> those related hassles?


Good question. I actually don't remember, since I never use the loopback
adapter. Logically, if you have the loopback adapter installed, it wants an
IP, correct? So I would imagine yes, it would make it a multihomed machine.
I don't have a test DC to test this with, and I am reluctant to install it
on a production machine to test it.

Ace