Configure Windows Server w/ multiple interfaces reply to DNS with subnets from specific interfaces?

Dave

2/6/24, 4:48 PM

Our windows server 2019 needs to respond to requests with IP addresses that are only on the interface subnets they are being quried from.

We have two DC's. Each has 3 interfaces. Each interface is its own subnet. I believe this is a split brain type set up, but with 3 interfaces instead of 2.

Right now the DC's are replying to requests with all ips for a given hostname. This is a problem when querying the actual DC's FQDN. It gives back 3 addresses. So if a host is querying from on subnet, and gets 3 addresses from the DC, it may use the wrong one.

dc01.our.domain.
int1 = 10.10.11.53/24
int2 = 10.10.12.53/24
int3 = 10.10.13.53/24

dc02.our.domain.
int1 = 10.10.11.54/24
int2 = 10.10.12.54/24
int3 = 10.10.13.54/24

If a given host (lets say 10.10.11.13) does a nslookup dc01.our.domain , I want the DC to respond with only 10.10.11.53/24. However, the DC is giving back all three addresses it has.

How can I fix this? Is there a way? I read about conditional forwarding, but could not figure out how it works. I also read about DNS policies, but I could not figure that out either.

How can I accomplish this?

EDIT: I need to be clear. Currently we only have one primary zone, and one domain. Would I need to create sperate domains/zones for each subnet interface?

Also found this post which is detailing my same problem I believe DNS setup for multihomed devices in physically separated networks

358

1 + 1

domain-name-system

windows

internal-dns

split-dns

TomTom

2/8/24, 3:38 PM

Voting to close as off topic. Questions should demonstrate reasonable information technology management practices. Questions that relate to unsupported hardware or software platforms or unmaintained environments may not be suitable for Server Fault. - The problem is that MS documentation tells you not to do a split-brain setup for domain controllers, so you are in an unsupported configuration and violating sensible practices.

Score:0

Server

Dave

2/8/24, 3:31 PM

I am going to answer this question. The answer is to not configure a domain controller as a multi-homed system. It only causes problems. The main issue is having DNS served on multiple address interfaces. If not all those interfaces are routable by the client, they may receive multiple addresses for a system. This problem defiantly happens when you are trying to join a host to a domain. The domain join process will query for the DC's ip. If the DNS server gives back more then one address, only one will be selected, and it does not matter if that address is routable or not.

So in the end, do not try to configure a multi-homed domain control severing DNS.

To fix this issue, I had to

Deploy a new DNS server in the subnet that required DNS. This could be a Bind server but I choose to deploy a pair of Windows AD DC's again.
Move all systems that require DNS to those systems.
Disable DNS hosting on the multi-homed interfaces
Remove the other interfaces. Leave just one.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Configure Windows Server w/ multiple interfaces reply to DNS with subnets from specific interfaces?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.