question

YanivGal-2454 avatar image
0 Votes"
YanivGal-2454 asked CandyLuo-MSFT commented

Loopback adapters keep getting registered in DNS after we set DSR

Hi All,
We have a series of windows 2012 IIS machines in domain-environment behind Load-Balancer (F5 BIG-IP),
We have set DSR (Direct server return) and we added loopback adapter for each IIS machine,
The loopback adapter hold the Load-Balancer VIP IP, so they could listen on it and return replies – all this is working well.

As part of setting the DSR (I’m adding this part as it could be related) we had to set the following commands:
- netsh interface ipv4 set interface "lan" weakhostreceive=enabled
- netsh interface ipv4 set interface "loopback" weakhostreceive=enabled
- netsh interface ipv4 set interface "loopback" weakhostsend=enabled

After that, we have noticed that the loopback adapters sometimes get getting registered in the DNS as the servers,
And so each machine could have two records in the DNS ,one with its real IP and another with the VIP IP.

We would like to disable the loopback adapters from registering in the DNS and already tried the following:

  • Changed the DNS records from dynamic to static at the DNS zone (hosted in Active-Directory).

  • Disabled “Register this connection’s address in DNS” checkbox on the loopback adapters.

  • The loopback adapters are set with empty DNS settings and on 255.255.255.255 subnet.

  • we have changed the loopback adapter to not be the first on the list in advanced settings.

  • The Interface metric was set to 254 on the loopback adapter.

  • Netbios was disabled on the loopback adapters.

  • We have set this registry key on all IIS machines loopback adapters:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate=1

However, the adapters still getting registered when we check after some time.
What can we do to stop the loopback adapters from getting registered in the DNS?

Tnx

windows-serverwindows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered

Hi ,

1.Make sure you add 'Microsoft KM-TEST Loopback Adapter' via device manager.

2.Uncheck everything except Internet Protocol Version 4 (TCP/IPv4):

  • Disable 'Client for Microsoft Networks'

  • Disable 'File and Printer Sharing for Microsoft Networks'

  • Disable 'Internet Protocol Version 6 (TCP/IPv6)'

  • Configure 'Internet Protocol Version 4 (TCP/IPv4)'

Should as picture below:

84702-image.png

3.Open up the TCP/IP v4 properties of that NIC:

  • Set IP address to match the VIP on the load balancer

  • Set subnet mask to 255.255.255.255

  • Leave default gateway blank

  • Leave DNS servers blank

  • Disable 'Automatic Metric' and manually set to 254 on the IP Settings tab.

  • Disable the 'Register this connection's address in DNS' option on the DNS tab

  • Select 'Disable NetBIOS over TCP/IP' on the WINS tab

Warning: If the server is running the Microsoft DNS server (including if it is a domain controller) you must edit the DNS server configuration to only listen on selected IP addresses. If the DNS server listens on the IP addresses that belong to the loopback adapter it will continue to register itself in DNS.

Also , try to disable DNS registration via PowerShell to do a test, see if it works: Get-NetAdapter loopback_name | Set-DNSClient –RegisterThisConnectionsAddress $False

If all above steps still didn't work, we need to trace network traffic to find the cause. However, analysis of network traffic is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

Here is the link:

https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (25.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YanivGal-2454 avatar image
0 Votes"
YanivGal-2454 answered CandyLuo-MSFT commented

Hi CandyLuo-MSFT,
Thanks a lot for your reply,
Since this is deployed in production I will be able to test it next Sunday April 11th , I will update after this whether this worked or not.

Tnx Yaniv

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I will wait for your new updates.

0 Votes 0 ·

Just want to confirm the current situations.

Please feel free to let us know if you need further assistance.

0 Votes 0 ·
YanivGal-2454 avatar image
0 Votes"
YanivGal-2454 answered CandyLuo-MSFT commented

Hi CandyLuo-MSFT,
Yesterday I performed the 2 action items (clearing all checkboxes except ipv4 + the PS command) ,
this morning I checked the DNS and didn't find any exceeded records.

I will keep checking for the next several of days, but for now seems that the issue is resolved!

Thank you very much for your most professional assistant!
Yaniv

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Nice! I am pleased to know that the information is helpful to you. Have a wonderful day! :)

0 Votes 0 ·