DNS lookups and Sites and Services

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have an interesting dilemma.

We have sites all over the country and in order to use our Proxy appliance,
I have setup IE to use automatic discovery using wpad. To make this work,
I've written a small application that runs as a service on every domain
controller in the enterprise, listens on port 80 and dishes out the proxy
config file (no other request is accepted). I've set the CNAME in DNS for
"wpad" to point to the domain itself. (ie: domain.com). In 99% of the cases,
this works out great as DNS will return the complete list of domain
controllers, with the 1st DC in the list being the DC in the local site of
the PC, thereby not traversing the WAN for a DC not in the site. However, in
some cases, the lookup is using round-robin and bringing back a list with the
1st DC in the list not in the PC's site. This is what I'm trying to
troubleshoot. This is causing the client to have to traverse the WAN in
order to get the proxy configuration file. I have made sure the subnet is
assigned the proper site in AD S&S. I have gone into the registry and
checked the "Dynamic-Site-Name" entry for the netlogon service on some of the
effected clients and have confirmed it is picking up the site it should be.
All clients are set to using DHCP. Each of the DC's is a DNS server (DHCP is
configured to give the local DC as the primary DNS server) I'm hoping for
some troubleshooting suggestions.

All of our workstations are Windows XP Service Pack 2.

Thanks for the help.
 
VFisher said:
I have an interesting dilemma.

We have sites all over the country and in order to use our Proxy
appliance,
I have setup IE to use automatic discovery using wpad. To make this work,
I've written a small application that runs as a service on every domain
controller in the enterprise, listens on port 80 and dishes out the proxy
config file (no other request is accepted). I've set the CNAME in DNS for
"wpad" to point to the domain itself. (ie: domain.com). In 99% of the
cases,
this works out great as DNS will return the complete list of domain
controllers, with the 1st DC in the list being the DC in the local site of
the PC, thereby not traversing the WAN for a DC not in the site. However,
in
some cases, the lookup is using round-robin and bringing back a list with
the
1st DC in the list not in the PC's site. This is what I'm trying to
troubleshoot.
Click to expand...

Based on the above description it sounds like you are falling
prey to the limitations of NetMask Ordering on the server,
or less likely Subnet Masking on the client.

When Netmask Ordering is checked on the Server->Properties->
Advanced tab the server will make SIMPLE "class based" Net
based choices about which answer is placed first in the return
packet.

If the clients are on the same Net (using simple A, B, C criteria
as I understand) then they will get that answer FIRST. Otherwise
the normal round robin (if it is checked) or zone order (if round
robin is not checked) will be used.

Modern Windows clients do something very similar, but I
believe (and have not confirmed) that they may be a little
smarter about this, using their actual netmask.

Look here first for the descrepency in the behavior.
This is causing the client to have to traverse the WAN in
order to get the proxy configuration file. I have made sure the subnet is
assigned the proper site in AD S&S. I have gone into the registry and
checked the "Dynamic-Site-Name" entry for the netlogon service on some of
the
effected clients and have confirmed it is picking up the site it should
be.
All clients are set to using DHCP. Each of the DC's is a DNS server (DHCP
is
configured to give the local DC as the primary DNS server) I'm hoping for
some troubleshooting suggestions.

All of our workstations are Windows XP Service Pack 2.
Click to expand...
 
Back
Top