question

SenseiVITA avatar image
0 Votes"
SenseiVITA asked DSPatrick commented

Windows Server DNS server doesn't match queries' networks with sent responses

I have three domain controllers. They all are in their own subnet. One of the three however, is also the DHCP server** and instead of using a DHCP relay it connects directly to each subnet** so that's the network with the other two domain controllers and around a dozen more.

In DHCP though, the specified server addresses are those in the DC subnet so for the most part clients cross subnets to query DNS and it all works.

The problem comes when a client queries the A records for the multi-homed domain controller itself: the domain controller responds with any of its addresses instead of evaluating the client's address and responding with the interface address it has on that subnet. It's a problem because it means that I must add an unneeded gateway on each interface further complicating firewall rules.

On top of that, in the DNS chatter among domain controller I often see traffic from the multi-homed DC traversing subnets to reach the other DCs instead of using the directly attached interface on the DC network. Why!?

Why is it not self-aware? How can I make it so? Other DNS servers aren't this dumb which and Windows Server (I recently updated to 2022) is supposed to be location-aware. I realize this are policies that have to be configured but that's for public networks, isn't it? BIND, for instance, does this automatically for directly attached networks--or even statically routed, so, I assume I must've overlooked some setting.

I appreciate your advice on this. I can't use a the DHCP relay on the interVLAN router because it had been crashing, I have a switches with relays too but they automatically route they require complex rules so they don't route the traffic (creating routing loops) that I haven't had the time to learn/create.

Thanks!


**: (for all subnets where one is required)

windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered DSPatrick commented

A records for the multi-homed domain controller itself

Multi-homing domain controllers will always cause no end to grief for active directory DNS. Better option is to use a layer three switch to handle routing between the networks.

--please don't forget to upvote and Accept as answer if the reply is helpful--




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

Try these steps and see if they are helpful

Run ipconfig /all at a command prompt, and verify the IP address, subnet mask, and default gateway.

Check whether the DNS server is authoritative for the name that is being looked up.

Flush the resolver cache. To do this, run the following command in an administrative Command Prompt window:

dnscmd /clearcache

Additional steps are listed here https://docs.microsoft.com/en-us/windows-server/networking/dns/troubleshoot/troubleshoot-dns-server



--If the reply is helpful, please Upvote and Accept it as an answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.