There are pros and cons to having DNS servers on domain controllers. On the pro side, domain controllers are typically more reliable and faster than standalone DNS servers.
They can also handle more requests simultaneously, which can result in faster DNS resolution times.
However, there are also some potential drawbacks to having DNS servers on domain controllers. For example, if a domain controller fails, DNS services for the entire domain can be disrupted.
And if a domain controller is hacked, malicious attackers could potentially access DNS data and/or modify DNS records.
Ultimately, the decision whether to keep DNS servers on domain controllers or move them to standalone servers depends on the specific organization’s needs and constraints.
3 Related Question Answers Found
Domain Controllers should use themselves for DNS. There are several reasons why this is the best practice. First, it is a best practice to have a single point of administration for your DNS.
There has been much debate recently as to whether or not a Domain Controller (DC) should point itself to the DNS servers for the domain. This debate is based on the theory that if a DC is not authoritative for the domain, then users may not be able to access resources on the domain. However, there are also many other reasons why a DC might point itself to the DNS servers.
Domain controller DNS should point to itself in order to optimize DNS lookup performance. This is because the AD DS server is the authoritative source for the AD domain. If the AD DS server is not available, then DNS queries for the AD domain will be directed to the local DNS server.