5

I have a network with two vlans, both of which refer to my AD server(s) for DNS. Some servers on this network are multi-homed. Lets say we have the two subnets A: 192.168.7.0/24 and B: 192.168.5.0/24. Then we have a server whose hostname is "carrot". Carrot has two IPs, 192.168.5.3 and 192.168.7.3. I want users on each subnet to be able to resolve "carrot.mydomain" to their "local" IP.

Is this possible with Windows DNS server? Do I need to go full "split brain"? Has anyone got any useful links to documentation on these setups, i'm a bit of an MS-DNS newb.

Edit: lets assume the host "carrot" has static DNS entries, and i'm happy to add them to my DNS server. It does not register itself in any way.

Tom Newton
  • 4,021
  • 2
  • 23
  • 28

2 Answers2

4

The bind "views" feature would do exactly what you want here but Microsoft steadfastly refuses to implement something similiar.

It sounds like subnet prioritization is the closest thing to what you're looking for. This setting causes the server computer to return "A" records to clients in the order that most closely matches the IP address of the requesting client.

Windows Vista and newer Windows versions do this to the results they receive from a remote DNS server by default (see http://support.microsoft.com/kb/968920), but setting this option on the server allows earlier clients to receive the "A" records from the server sorted by subnet. Be aware that there is an implicit assumption of /24 subnets by the DNS Server (see http://msmvps.com/blogs/acefekay/archive/2010/05/29/dns-and-subnet-priortization-amp-dns-round-robin.aspx for a lot of background on this behavior) unless you tweak the configuration.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • In case that link goes dead, for those who use subnets other than /24 you can change the subnet mask with `dnscmd /Config /LocalNetPriorityNetMask 0x0000FFFF` which would be for a /16. Alternatively you can do it with a registry GPO with the key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters` and value `LocalNetPriorityNetMask` – Muh Fugen Mar 17 '17 at 09:30
1

You'll want to setup each subnet to it's own site in Active Directory. This way the users will receive the DNS response for their local subnet as the first IP to try and the other IP as the second IP to try.

mrdenny
  • 27,074
  • 4
  • 40
  • 68
  • I'm not seeing how this is going to do what the OP wants unless the application that makes the query for the "carrot" address is an AD site-aware application (which the OP doesn't mention). The DNS server won't return "A" records in any particular order based on AD site configuration (and, even if it did, Windows Vista and 7 will ignore random ordering by default: http://support.microsoft.com/kb/968920) – Evan Anderson Sep 20 '11 at 13:53
  • @mrdenny: With all due respect, I don't see how this is going to solve the problem. AD clients find DC's based on site information but they don't query their configured DNS servers based on site information, they query their configured DNS servers based on the order that they're listed in the TCP properties of the NIC. In addition, they register their DNS A record based on the order of their configured DNS servers in the TCP properties of the NIC. So the problem is how to get "carrot" to register the correct A record with the correct DNS server, which might be possible if "carrot" had 2 NIC's. – joeqwerty Sep 20 '11 at 13:59
  • @joeqwerty: I didn't see anything about "carrot" registering IP addresses in the OP's question. I saw it as a question about clients resolving "carrot" to an IP address that is local to their subnet. – Evan Anderson Sep 20 '11 at 14:04
  • True, but carrot needs to have 2 A records (subnet specific) and the clients need to obtain the subnet specific A record. So either carrot has to register those A records or the OP needs to create static A records. Carrot would register both if it has 2 NIC's, 1 ip address per NIC. I'm not sure if carrot would register both ip addresses bound to 1 NIC as I've never tested that scenario. – joeqwerty Sep 20 '11 at 14:15
  • @joeqwerty: By default a Windows 2000 or newer client will register all the IP addresses assigned to all its NICs in DNS (including APIPA addresses, frustratingly). – Evan Anderson Sep 20 '11 at 14:16
  • That doesn't seem to be the default behavior, unless I'm doing it wrong. I added an ip address to the NIC of a W2K3 member server which is joined to a W2K3 domain with W2K3 AD/DNS servers. Ran ipconfig/registerdns on the member server and only the "primary" ip address gets registered in DNS. – joeqwerty Sep 20 '11 at 14:46
  • According to TechNet (this is a Windows 2003 article) if you've got "Enable network ordering" enabled on the DNS server then this should work. http://technet.microsoft.com/en-us/library/cc780279%28WS.10%29.aspx and http://technet.microsoft.com/en-us/library/cc787373%28WS.10%29.aspx – mrdenny Sep 20 '11 at 18:51