Active Directory

How to Configure DNS on a Domain Controller with Two IP Addresses

How can I configure DNS on a DC with two IP addresses?

Sometimes it’s unavoidable to run an Active Directory domain controller (DC) on hardware that is configured with two network cards (NICS). While not a recommended configuration, it is possible to run a domain controller with two IP addresses. In this Ask an Admin, I’ll show you how to configure the NICs and DNS so that AD runs smoothly. This lab assumes you have one DC in your AD domain running DNS, configured with two NICs, each with one IPv4 address.

Decide on One IP Address to Use with Active Directory

Even if you have two NICS, and two IP addresses on your DC, only one of those IP addresses should be registered in DNS. In this example, my DC is assigned on the first network adapter, and the second I want AD to use on the second adapter, so the first task is to stop the other address being automatically registered in DNS.

One option is to leave the DNS server properties for the adapter empty. Alternatively, if that’s not an option, following these instructions.

  • Log on to your Windows Server 2012 DC as a domain administrator.
  • Right-click the network icon in the bottom right of the taskbar and select Open Network and Sharing Center from the menu.
  • In the left of the Network and Sharing Center, click Change adapter settings.
  • In the Network Connections window, right-click the adapter you want to exclude from DNS registration and select Properties from the menu.
  • On the Networking tab of the adapter’s properties dialog, highlight Internet Protocol Version 4 (TCP/IPv4) and click Properties.
  • On the General tab of the Properties dialog, click Advanced in the bottom right corner.
  • In the Advanced TCP/IP Settings dialog, switch to the DNS tab.
  • On the DNS tab, deselect Register this connection’s addresses in DNS and click OK.
  • Click OK in all the remaining open dialogs, close the Network Connections window and the Network and Sharing Center.

Configure DNS to Listen on One IP Address

Now that I have stopped the unwanted address from registering itself with DNS, I’ll configure the DNS server running on the DC to listen exclusively on the address.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

  • Open Server Manager from the desktop taskbar or Start screen.
  • Select DNS from the Tools menu in Server Manager.
  • In the left pane of the DNS Manager MMC, right-click your DNS server and select Properties from the menu.
  • In the Properties dialog, switch to the Interfaces tab.
  • Under Listen on, select Only the following IP addresses: and then deselect all but the IP address you want the DNS server to listen on (in my case,
  • Click OK to continue.
  • In DNS Manager, expand your DNS server, then the Forward Lookup Zones container, and click AD DNS name in the left pane.
  • In the central pane of DNS Manager, delete any Host (A) records with the unwanted IP address, in this case
  • Close DNS Manager.
Configure DNS in Windows Server 2012 R2
Configuring DNS in Windows Server 2012 R2.

Verify DNS Resolution

Now that we have only one IP address registered in DNS, old records deleted, and the DNS server listening on one IP address, let’s tidy up the DNS settings on the DC.

  • Open a command prompt with domain administrative privileges from the Start menu.
  • Type ipconfig /flushdns and press Enter. This command will clear any cached DNS requests in the local DNS client.
  • Now type ipconfig /registerdns and press Enter to register the local NICs with DNS. Only one NIC and IP address should register.
  • Type dcdiag /fix and press Enter to make sure DNS for AD is functioning correctly with this domain controller.
  • Now ping your AD’s DNS domain name and you should get a reply on the desired IP address.

Don’t forget that you will likely need to reboot clients and member servers to make sure that they use the updated DNS configuration and don’t resolve to the wrong address.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (4)

4 responses to “How to Configure DNS on a Domain Controller with Two IP Addresses”

  1. <p>I have two ip address on my AD but if i remove one of them doesnt this affect the computers that use this particular ip address as DNS?</p>

  2. <p>I wanted to add a 2nd IP address to the 1 adaptor on our corporate LAN. We're in the process of moving from 2008R2 DCs to 2019. So DNS is moving across my world and a lot of reconfiguration is in order.</p><p>I had planned on a 2nd IP address to become the DNS IP address forever more. It was quickly nipped in the bud by a colleague as bad practise.</p><p>My logic was that in the distant future when the 2019 DCs were decomissioned the DNS IP address could merely be moved to the new 20** DCs as a 2nd IP address (un advanced IP settings). Meaning no reconfiguration headache next time around.</p><p>Does anyone see anything bad about this. So 2 IPs, 1 subnet, 1 default gateway, 1 adaptor. Not 2 physical adaptors.</p><p>Cheers.</p>

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar - Thursday, December 2nd! Active Directory Masterclass: AD Configuration Strategies for Stronger SecurityREGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: