4

Both in my lab testing and on real installation I saw that, after a dcpromo (done via "Server Manager" on Windows 2016), a loopback IPv6 address is automatically added on the interface DNS settings (ie: ::1 as primary and sole DNS).

This IPv6 DNS address even take precedence over anything configured in the IPv4 DNS panel. This is confirmed both by ipconfig /all (which lists the IPV6 ::1 address as the first one) and by nslookup (which asks the ::1 server to resolve).

It is my understanding that, when having multiple domain controllers, it is never advised to use the loopback address as the primary DNS address.

So, my question is: is it correct to remove the IPv6 DNS loopback address from the interface DNS settings?

shodanshok
  • 44,038
  • 6
  • 98
  • 162
  • Is this the _only_ domain controller? – Michael Hampton Apr 09 '18 at 17:22
  • No, I have two DCs – shodanshok Apr 10 '18 at 05:12
  • That's strange. Have an upvote. Did it happen on both DCs, then? Or the first one? Or the second one? – Michael Hampton Apr 10 '18 at 15:37
  • It happened on *both* DCs. I also tried installing two new Win2016 servers in my lab and, after promotion, both had `::1` as they IPv6 DNS – shodanshok Apr 10 '18 at 16:35
  • Can you show me where you found such a claim... "It is my understanding that, when having multiple domain controllers, it is never advised to use the loopback address as the primary DNS address." Is incorrect, localhost is absolutely fine. Hell most Linux systems run dnsmasq or unbound and the operating systems point to 127.0.1.1 – Jacob Evans Apr 11 '18 at 04:13
  • 1
    For domain controller, having the loopback address as the primary DNS is discouraged. Have a look [here](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807362(v=ws.10)) and [here](https://serverfault.com/questions/394804/what-should-the-order-of-dns-servers-be-for-an-ad-domain-controller-and-why) – shodanshok Apr 11 '18 at 14:58

0 Answers0