Best practices for DNS settings on DC and domain members.

A domain controller also acts as a DNS server. Here's how to configure its DNS client settings:

IF YOU HAVE JUST ONE DC (you should not but anyway), preferred DNS must be its private IP address (not loopback IP like 127.x.x.). Alternate should be empty.
IF YOU HAVE TWO OR MORE DCs, preferred DNS must be the IP of ANOTHER DC, alternate must be its private IP address.

Other notes:

If multiple NICs (either enabled or disabled) are present on server, make sure the active NIC is on top in NIC binding.
IPv6 should not be disabled on DC’s NIC card. Set it to “obtain IPV6 address automatically” and “obtain DNS server address automatically”
Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP settings of DC.

If you change any of these, restart DNS server and NETLOGON service on each DC.

Note on MULTI-HOMING (having more than one Network cards/IP addresses)

Multi-homing for a Master Browsers is prohibited. (a Domain Controller with the PDC Role is automatically Domain Master Browser.)

Note that being a VPN Server and even simply running RRAS makes a server multi-homed.

Primary = DC1 (NEVER SET IT TO ANYTHING EXCEPT A DOMAIN CONTROLLER)
Secondary = DC2 or empty if you don't have a 2nd DC. You MAY get away if you add a public DNS server here but it's not recomended.

Once you are done with above, run “ipconfig /flushdns & ipconfig /registerdns“