4

One of my windows admins claimed: "Windows 2008 DNS server can't assign 2 names to one IP address". Besides the fact that you could use a CNAME to accomplish that, I'm sure (having worked with all sorts of other DNS servers) that it should be possible to add multiple A (or AAAA) pointing the the same IP address. Can someone confirm/clarify that for me? Thx

stwissel
  • 640
  • 2
  • 7
  • 21
  • I just wanted to add that I run a virtual private server with over 30 clients, with an average of 5 domains each all run on the same server. That means that there are around 150 public domain names, with a number of subdomains each, all registered to the same IP Address. This is how the internet works at a most basic level, and this admin should have his or her capability and responsibilities reevaluated. –  Feb 29 '16 at 21:52
  • Could he have been referring to PTR records? (For the record I have no idea if Windows DNS server allows this or not, but since multiple PTR records for a single IP is not recommended I could well believe that there is DNS software out there that prohibits it) – Eborbob Feb 29 '16 at 23:01

3 Answers3

9

Here is a partly-redacted screen capture of two A records on one of our Windows Server 2008 DNS servers:

2008 DNS records

As you can see, there are two different names in two different A records with the same IP address in both records. I just created this image in the last ten minutes. There are several other examples all over our Windows DNS servers of this.

The admin who claimed otherwise was either completely wrong or spoke in a confusing way that made it seem like they said something completely wrong.

Note that the converse is also possible. It is possible to have two or more A records with the same name but different IP addresses. Not only is this possible, it's essential for proper functioning of a Windows 2000 or later domain.

Todd Wilcox
  • 2,831
  • 2
  • 19
  • 31
  • Can you elaborate on this statement: `Not only is this possible, it's essential for proper functioning of a Windows 2000 or later domain.` – joeqwerty Feb 29 '16 at 17:19
  • 1
    brilliant. Thx for the screen shot! – stwissel Feb 29 '16 at 17:23
  • 1
    @joeqwerty If you have more than one domain controller, there is at least one kind of entry with the same name for each domain controller. The most obvious entry of this type is "(same as parent folder)". There must be a (same as parent folder) A record for each domain controller in a Windows 2000 or later domain. There are other types of records (e.g., SRV) that must also have the same name and different data for each domain controller. – Todd Wilcox Feb 29 '16 at 17:27
  • 1
    @joeqwerty I suppose you could try to delete and not use all but one of the (same as parent folder) entries if you needed some domain controllers to not be used for authentication (I'm not sure what else those records are used for but I know that's one use). Since the system automatically creates the records I don't know if there's a way to suppress that without actually removing DCs from the domain. – Todd Wilcox Feb 29 '16 at 17:35
  • That's what I thought you were getting at, but wanted to make sure. There will be multiple A records for the FQDN of the domain (one for each domain controller), although I wouldn't include SRV records in a discussion about A records (so as not to confuse the issue as posed in the question). – joeqwerty Feb 29 '16 at 17:35
  • @joeqwerty I'm not sure why you wanted me to verify something that you surely already know but whatever. I wouldn't have mentioned SRV records if you hadn't asked me to elaborate on something that was not really part of the question. – Todd Wilcox Feb 29 '16 at 17:37
  • 1
    @ToddWilcox: Hmmm.... Chill out a little bit. I asked you to elaborate because I thought maybe there was something I was missing. I suspected you were referring to exactly what you stated but I wanted to make sure my knowledge wasn't lacking. – joeqwerty Feb 29 '16 at 17:41
  • @joeqwerty No agitation on my end. "Whatever" is my word for "I don't care I'm not even thinking about this any more", not my word for "what the heck is going on here, you monster?!" – Todd Wilcox Feb 29 '16 at 17:46
  • @ToddWilcox: Gotcha. I'll file that away for future reference. :) – joeqwerty Feb 29 '16 at 17:47
3

I don't know what you mean by "assign". A Windows DNS server doesn't "assign" DNS names.

Do you mean will it allow two different hosts to register an A record for the same ip address? If so, the answer is yes. This happens quite often with DHCP assigned ip addresses when DNS scavenging isn't enabled. You wind up with A records for multiple computers (names) for the same ip address.

You can also manually create:

  1. Multiple A records with the same name for different ip addresses.

AND

  1. Multiple A records with different names for the same ip address.
joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Assign meant: resolve them for clients query it. That's my knowledge too, I just haven't touched a Windows server for a very long time – stwissel Feb 29 '16 at 17:22
  • The DNS server will return all A records in an answer to a client for any name that has multiple A records. – joeqwerty Feb 29 '16 at 17:39
2

It is certainly possible to have any number of A or AAAA records all with the same IP address. There are, for example, many thousands of records with 127.0.0.1.

The Windows 2008 DNS server may of course implement any restriction it feels like.

Calle Dybedahl
  • 2,083
  • 12
  • 17