Determining DNS Server Placement

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The placement of your DNS servers and the number of DNS servers that you deploy affects the availability of DNS. It is important to ensure that you plan the placement of your DNS servers to allow for DNS availability and Active Directory availability.

Placing DNS Servers for Availability

To ensure that DNS is always available, make sure that your DNS infrastructure does not include any single points of failure. To improve fault tolerance and load sharing have clients point to a primary and alternate DNS server. In a LAN configuration, place the pair of authoritative DNS servers on separate subnets. In a WAN configuration, place the pair of authoritative DNS servers on different networks, and then ensure that at least one DNS server is available for each network. This configuration removes routers as potential points of failure. Whenever possible, distribute your DNS servers across different geographic locations to enable communications to continue in the event of a natural disaster.

If you identify single points of failure in your network, determine whether they affect only DNS or all network services. If a router goes down and your clients cannot access any network services, then DNS failure is not an issue. If a router goes down and local DNS servers are unavailable but other network services are available, then your clients cannot access required network resources because they cannot look up DNS names.

If you have an Internet presence, DNS must be working properly for Internet clients to access your Web servers, send mail, and locate other services; therefore, it is recommended that you run a secondary DNS server offsite. If you have a business relationship with an organization on the Internet, either business partners or ISPs, they might agree to run a secondary server for you; however, ensure that the data on the organization’s server is secured against Internet attackers.

To ensure that DNS is available if your offsite primary DNS servers are down, consider deploying a secondary DNS server offsite.

For more information about how to place DNS servers to maximize Active Directory availability, see "Designing the Active Directory Logical Structure" in Designing and Deploying Directory and Security Services of this kit.