Loopback adapters keep getting registered in DNS after we set DSR

Yaniv Gal 21 Reputation points
2021-04-05T09:03:34.873+00:00

Hi All,
We have a series of windows 2012 IIS machines in domain-environment behind Load-Balancer (F5 BIG-IP),
We have set DSR (Direct server return) and we added loopback adapter for each IIS machine,
The loopback adapter hold the Load-Balancer VIP IP, so they could listen on it and return replies – all this is working well.

As part of setting the DSR (I’m adding this part as it could be related) we had to set the following commands:

  • netsh interface ipv4 set interface "lan" weakhostreceive=enabled
  • netsh interface ipv4 set interface "loopback" weakhostreceive=enabled
  • netsh interface ipv4 set interface "loopback" weakhostsend=enabled

After that, we have noticed that the loopback adapters sometimes get getting registered in the DNS as the servers,
And so each machine could have two records in the DNS ,one with its real IP and another with the VIP IP.

We would like to disable the loopback adapters from registering in the DNS and already tried the following:

  • Changed the DNS records from dynamic to static at the DNS zone (hosted in Active-Directory).
  • Disabled “Register this connection’s address in DNS” checkbox on the loopback adapters.
  • The loopback adapters are set with empty DNS settings and on 255.255.255.255 subnet.
  • we have changed the loopback adapter to not be the first on the list in advanced settings.
  • The Interface metric was set to 254 on the loopback adapter.
  • Netbios was disabled on the loopback adapters.
  • We have set this registry key on all IIS machines loopback adapters:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate=1

However, the adapters still getting registered when we check after some time.
What can we do to stop the loopback adapters from getting registered in the DNS?

Tnx

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,118 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
0 comments
Accepted answer
  1. Candy Luo 12,656 Reputation points Microsoft Vendor
    2021-04-06T02:43:11.347+00:00

    Hi ,

    1.Make sure you add 'Microsoft KM-TEST Loopback Adapter' via device manager.

    2.Uncheck everything except Internet Protocol Version 4 (TCP/IPv4):

    • Disable 'Client for Microsoft Networks'
    • Disable 'File and Printer Sharing for Microsoft Networks'
    • Disable 'Internet Protocol Version 6 (TCP/IPv6)'
    • Configure 'Internet Protocol Version 4 (TCP/IPv4)'

    Should as picture below:

    84702-image.png

    3.Open up the TCP/IP v4 properties of that NIC:

    • Set IP address to match the VIP on the load balancer
    • Set subnet mask to 255.255.255.255
    • Leave default gateway blank
    • Leave DNS servers blank
    • Disable 'Automatic Metric' and manually set to 254 on the IP Settings tab.
    • Disable the 'Register this connection's address in DNS' option on the DNS tab
    • Select 'Disable NetBIOS over TCP/IP' on the WINS tab

    Warning: If the server is running the Microsoft DNS server (including if it is a domain controller) you must edit the DNS server configuration to only listen on selected IP addresses. If the DNS server listens on the IP addresses that belong to the loopback adapter it will continue to register itself in DNS.

    Also , try to disable DNS registration via PowerShell to do a test, see if it works: Get-NetAdapter loopback_name | Set-DNSClient –RegisterThisConnectionsAddress $False

    If all above steps still didn't work, we need to trace network traffic to find the cause. However, analysis of network traffic is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

    Here is the link:

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

    Best Regards,
    Candy

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yaniv Gal 21 Reputation points
    2021-04-06T05:31:41.613+00:00

    Hi CandyLuo-MSFT,
    Thanks a lot for your reply,
    Since this is deployed in production I will be able to test it next Sunday April 11th , I will update after this whether this worked or not.

    Tnx Yaniv

  2. Yaniv Gal 21 Reputation points
    2021-04-12T06:41:13.56+00:00

    Hi CandyLuo-MSFT,
    Yesterday I performed the 2 action items (clearing all checkboxes except ipv4 + the PS command) ,
    this morning I checked the DNS and didn't find any exceeded records.

    I will keep checking for the next several of days, but for now seems that the issue is resolved!

    Thank you very much for your most professional assistant!
    Yaniv