Prioritising results from DNS search on multi IP server

Jools 1 Reputation point
2022-06-13T09:14:56.647+00:00

Hi All,I have 4 buildings, geographically separated, which are running on separate subnets linked by a mesh of IPSec VPN connections. All of this is longstanding, the networks in question all share the same domain and all replicate correctly.

Recently however, I've added a separate connection from the servers at all 4 sites to a fifth site where a server pulls backups from them via a wireguard VPN. The backup server at site 5 runs a wireguard instance to which the other 4 connect. What appears to be happening on the servers running at two of the sites is that their wireguard connections on the 4 site servers are creating an additional A record in DNS for themselves, and that a record is returned first if we do a DNS lookup, hence a search for server1 returns 10.9.0.2 and then 192.168.0.2. As the LAN network is the 192 range, this then breaks AD replication as servers start trying to rep through the wireguard interface.My question is, can I manually add a static IP to AD DNS for the wireguard server IP, and then add a priority in so the 192 IP always gets returned first, or is there a way of preventing Wireguard from adding an A record?Cheers,

Jools

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,044 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2022-06-13T12:27:26.35+00:00

    I've added a separate connection from the servers at all 4 sites

    Multi-homing domain controllers will always cause no end to grief for active directory DNS. The VPN should be on its own dedicated instance of windows.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.