2

As the title asks, I'm wondering if there's any standard or "best practice" for how to actually assign nameservers (DNS) and manage the nameserver configuration for client servers on a Windows domain.

I'm talking about the setting circled in the below image, in case the language of the question is not clear enough:

DNS server settings, on a server

This is for a large, multi-site environment, where ideally/hopefully all servers point at their site's Domain Controller as the primary DNS server, and a DNS server at a different site as the secondary DNS server. For simplicity's sake, we can say that the secondary server would be the Domain Controller at the home site for everyone, and there are no tertiary DNS servers (even though that's not actually the case).

Try as I might, I can't seem to find a GPO setting for this (at least on FL 2003 R2, the Computer Configuration -> Administrative Templates -> Network -> DNS Client -> DNS Servers GPO is Supported on: Windows XP Professional only), and I find it rather hard to believe that the "best"/"standard" solution would therefore be either scripting up something to apply the DNS settings per site, or using a DHCP server to push those configurations out to the other servers via the DHCP Scope Options.

So, is there a standard way of managing this configuration? (That's hopefully not "a script" or "DHCP Scope Option.)

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208

2 Answers2

7

There really is no way to do what you need, other than using DHCP (definitely not recommended for servers) or startup scripts; however, a netsh script to configure the required settings is quite simple, as in

netsh interface ip set dns "Local Area Connection" static 1.2.3.4

and it can be easily deployed as a startup script using site-linked GPOs, which will also make sure a computer automatically receives the right settings if it gets moved between sites.

The end effect is quite the same as if you actually had a GPO setting to explicitly configure this parameter.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • 3
    As you and MDMarra stated, DHCP isn't recommended for servers, but you could always create DHCP reservations for servers to ensure they're always assigned the same ip address, which then simplifies the DNS server assignment. – joeqwerty Oct 01 '12 at 19:15
  • @joeqwerty But then if you have some sort of datacenter failure and lots of things reboot but your DHCP server doesn't come back up... – MDMarra Oct 01 '12 at 19:22
  • @MDMarra Well, I'd hope you would configure a somewhat longer lease time for servers, if you really wanna go this way... however, I'm quite sure at least some services would complain about the server not having a static IP address. – Massimo Oct 01 '12 at 19:26
  • 1
    For a large installation the maintenance overheads of DHCP reservations are no better than just manually configuring each machine. Remember also that one of the reasons for not assigning server addresses via DHCP is to make them independent of DHCP. Using reservations pretty much defeats the purpose. – John Gardeniers Oct 01 '12 at 20:53
5

Microsoft assumes that you'll let DHCP handle this sort of thing, that's why the GPO that you have found is deprecated. You can do some hackery with a startup PowerShell script and WMI, but really you should be doing this using DHCP options.

Oops, misread your question. This is about servers, not workstations, so they obviously won't be configured for DHCP. To make large-scale changes, I'd used PowerShell to make remote WMI calls to the servers in question to change this.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • Yeah, that's what I'm doing now, and was kind of afraid it might be the answer. `Here, manage a config on hundreds of servers with a PowerShell script.` Gah, @#$^ing Microsoft. Not to doubt your expertise and experience, but I think I'll wait a couple days to accept your answer in the vain hopes that some can come along with an answer I like... or at least one that makes my skin crawl a little less. :) – HopelessN00b Oct 01 '12 at 19:07