Using Microsoft DNS to respond based on requesting subnet

Question

In our enterprise Windows Active Directory environment, we have some 50+ subnets scattered across a large geographical area. We have a system at each site that supports the site by providing a central drivers store, a central software store, SEP definition files, etc. Data replicates among the different machines using a hacked-together mechanism we created. We cannot use DFS because the organization will not fund Windows server licenses at most locations. So most of the "servers" are actually Windows 7 machines.

What we would like to do is create a DNS record (we'll call it SUPPORT) that has the IP address of each site's server and have the DNS server respond based on the subnet the request originated from. This part will mostly work by default. Starting with Windows Vista, the end-machine will use subnet prioritization, meaning it will pick out of the list of IPs whatever IP is in the same subnet as it. This is great.

However, we have two problems:

• Microsoft assumes a Class C subnet by default. I don't know if this only happens if the server provides records in subnet-prioritized order or if it also happens if the clients are prioritizing after the record is queried. I would think it would only happen server-side since the server can't be sure what kind of subnet the requesting IP is in while the client should obviously know. But I'm not certain. Will clients assume a class C subnet just like the DNS server does? If so, how can define non-class C subnets on machines or the DNS server?
• We have some physical sites that have multiple subnets at the same site. All of the subnets at these sites are gigabit among each other though, so there is just one server at each site. In other words, in some cases, we have a single server supporting multiple subnets. How can we configure machines or the DNS server to respond with a certain IP when the request comes from a certain subnet?

So the two final questions are:

• Will clients assume a class C subnet just like the DNS server does? If so, how can define non-class C subnets on machines or the DNS server?
• How can we configure the DNS server to respond with a certain IP when the request comes from a certain subnet?

Thanks in advance!

Answer 1

Your requirements go beyond what you can get with DNS reordering / subnet priorization implemented in Windows. There is no way clients could infer what host is the "nearest" to them by DNS information alone.

You should seriously consider using Dfs nonetheless. Access to Dfs shares is site-aware and you could define your sites as it suites your needs (including variable bitmasks and grouping of more than one subnet to a site). Note that Dfs does not mean that all of your Dfs shares have actually to point to Windows servers. Destinations can be everything that provides an SMB share, including Windows Professional and Samba installations or NAS devices. The Windows Server requirement only applies to servers holding the DFS namespace / root share - of which you not necessarily (at least not technically) would need to have one at each site.

Also, as you are using Windows 7, you might consider using BranchCache in favor of your "hacked-together mechanism" of replication. The scenario you describe sounds pretty much like what BranchCache has been created for. This might not be an option if you have mixed environments with hosts running Windows Vista and earlier versions of Windows, though.

If you are determined on solving this problem through DNS, you might consider using a DNS server which is supporting DNS views (BIND does) and only returning the "nearest" servers as responses by a certain set of clients. But as this is going to be a lot more work than necessary and unreliable if you are using intermediate resolvers, the Dfs approach should seriously be favored in most circumstances.