DNS A Record Order.

  • Thread starter Thread starter matlowe
  • Start date Start date
M

matlowe

Hi All.

I have an issue with MS DNS.

We have 3 subnet A=192.168.1.0, B=192.168.2.0, C=192.168.3.0

Subnet A and B have DC's .5 in each.

The resolution of the domain name foo.com points to the 2 dc's

In subnet A and B they subnet prioritization gives the correct host
name for each site.

The issues start with subnet C, this is a remote site and can only
access subnet A

We have turned off round robin DNS.

I would expect that then the DNS server would return recored in the
order that they are created. IE the first in the list. This is correct,
if the DC in subnet A is on the top all is OK but from time to time it
seems to reorder itself and the DC from subnet B is on the top.

This breaks GPO deployment for subnet C. ie \\fooo.com\sysvol\.. etc
etc is broken.


Is there a way to "lock" the resolution order for the domain A records?

Thanks for the help.

Matthew
 
Hi All.

I have an issue with MS DNS.

We have 3 subnet A=192.168.1.0, B=192.168.2.0, C=192.168.3.0

Subnet A and B have DC's .5 in each.

The resolution of the domain name foo.com points to the 2 dc's

In subnet A and B they subnet prioritization gives the correct host
name for each site.

The issues start with subnet C, this is a remote site and can only
access subnet A

We have turned off round robin DNS.

I would expect that then the DNS server would return recored in the
order that they are created. IE the first in the list. This is
correct, if the DC in subnet A is on the top all is OK but from time
to time it seems to reorder itself and the DC from subnet B is on the
top.

This breaks GPO deployment for subnet C. ie \\fooo.com\sysvol\.. etc
etc is broken.


Is there a way to "lock" the resolution order for the domain A
records?
Click to expand...

This is a point I brought up for adding support for this to the new version
of Windows server (now in Beta) I'm keeping my fingers crossed for this.

At this time you have to rely on Netmask Ordering, and disable round robin.
If that doesn't work make static routes for all subnets or use the hosts
file. DNS kinda' just does what it wants to when it comes to sending out
records in a particular order.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
That's kind of where I got to. Would be nice to have the same one
returned with round robin turned off.

We will have to look at a host file entry.

Thanks

Matthew
 
Matthew said:
That's kind of where I got to. Would be nice to have the same one
returned with round robin turned off.

We will have to look at a host file entry.
Click to expand...

You can lock the order FROM the server by turning off
BOTH "round robin" and "netmask ordering" on the Server.

But you will still possibly see variations from the client
due to "subnet prioritization" (clients version of netmask
ordering) -- however this order should remain consistent
IF your client doesn't change subnets.

Going to a "hosts" file entry seems a little odd -- if you only
want one particular entry why not one entry in DNS?
 
In
Herb Martin said:
You can lock the order FROM the server by turning off
BOTH "round robin" and "netmask ordering" on the Server.

But you will still possibly see variations from the client
due to "subnet prioritization" (clients version of netmask
ordering) -- however this order should remain consistent
IF your client doesn't change subnets.

Going to a "hosts" file entry seems a little odd -- if you only
want one particular entry why not one entry in DNS?
Click to expand...

I tend to agree about netmask ordering. But my take on it is even if round
robin is not disabled, netwmaks ordering will be the factor on what IP the
client will receive, based on the subnet of the querying client. So I would
say that it just works without needing to make any changes. Now of course,
I'm also assuming that AD Sites are configured, since the client will get an
IP of a logon server in it;s own subnet before it looks elsewhere.


--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...
 
I tend to agree about netmask ordering. But my take on it is even if round
robin is not disabled, netwmaks ordering will be the factor on what IP the
client will receive, based on the subnet of the querying client. So I
would say that it just works without needing to make any changes.
Click to expand...

He for some reason wants to be able to predict or fix the
IP address returned -- in that case he can just disable both
netmarks ordering AND round robin.

But then we both wonder what is the point of multiple records
(since clients for practically all services tend to only try the
first one and will not fail over to the others in general.)

Now of course, I'm also assuming that AD Sites are configured, since the
client will get an IP of a logon server in it;s own subnet before it looks
elsewhere.
Click to expand...

This latter part of the above is incorrect in GENERAL.

There is no guarantee that a client will use a Logon server
from the same SUBNET, but only that is will strongly tend
to use one from the SAME SITE (which may have many
subnets, or have a subnet in Sites that is actually inclusive
of many physical subnets on the wire.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
 
In
Herb Martin said:
This latter part of the above is incorrect in GENERAL.

There is no guarantee that a client will use a Logon server
from the same SUBNET, but only that is will strongly tend
to use one from the SAME SITE (which may have many
subnets, or have a subnet in Sites that is actually inclusive
of many physical subnets on the wire.)
Click to expand...

The order of the response data is arranged where the closest subnet data to
the client's subnet is offered in the reponse.

If Sites are configured, then what I'm saying is the response will be one in
it's own Site, such as during the logon process.

314861 - How Domain Controllers Are Located in Windows XP:
http://support.microsoft.com/?id=314861

How can I enable or disable subnet prioritization on the DNS server (Written
by John Savill, AD MVP and author of an AD book):
http://www.windowsitpro.com/Article/ArticleID/27027/27027.html?Ad=1

Ace
 
Ace Fekay said:
In

The order of the response data is arranged where the closest subnet data
to the client's subnet is offered in the reponse.

If Sites are configured, then what I'm saying is the response will be one
in it's own Site, such as during the logon process.
Click to expand...

The point was that NONE of this (sites) is related to DNS
round robin.

They are completely separate: round robin existing even in
non-domain environments and Sites being AD specific, while
Round Robin can work EVEN WITHIN a Site, since a Site
can contain multiple subnets.

The main mistake you made was in assuming/implying that
each SITE would be a single Subnet when you wrote "the
client will get an IP of a logon server in its own subnet".

Sites don't work the way that sentence indicates; only netmask
ordering and subnet prioritization do that.

Instead "the client will get an IP of a logon server in its own
SITE" (by default, and an another site if none is available.)

The key here is that the clients get a Logon server from the
same SITE usually. Not the same SUBNET (unless the site
HAPPENS to be a single subnet.)
 
In
Herb Martin said:
The point was that NONE of this (sites) is related to DNS
round robin.

They are completely separate: round robin existing even in
non-domain environments and Sites being AD specific, while
Round Robin can work EVEN WITHIN a Site, since a Site
can contain multiple subnets.
Click to expand...

I thought you were arguing otherwise.
The main mistake you made was in assuming/implying that
each SITE would be a single Subnet when you wrote "the
client will get an IP of a logon server in its own subnet".
Click to expand...

So I meant in it's own SITE, not subnet.

Ace
 
Back
Top