none
DNS Registration multihome

    Question

  • Here is an issue I am facing, that perhaps someone can shed light on:

    Scenario - About 300 servers I have are Windows 2008 R2 standard member servers.  The major of which are multihomed. For instance:
    They are IP'd  - NIC1: MGMT 10.1.1.100   NIC2: APP: 10.1.2.100 NIC3: APP2: 10.1.3.100

    I have seen KB246804.  I have also done some significant testing and come to this conclusion:

    When I have "Register this connection's addresses in DNS selected in TCP/IP
    the Primary DNS suffix will be used.  When I have "Use this connection's DNS
    suffix in DNS registration" selected, and that zone supports DDNS both the
    Primary and connection DNS suffix will be used in DNS registration.

    This is an issue, because I only want the Connection specific DNS name to be associated with the IP of that interface.  Otherwise I end up, with a Round Robin situation on the Primary Zone, because 2 IPs become associated with it.   I should be able to configure a unique DNS name suffix per adapter w/o the primary be registered.  

    Does anyone know how to accomplish this through Dynamic Registration?  I don't want to maintain static records for 2 additional nic interfaces x 300 servers.

    This functionality should also exist on clusters name resources, since the name should be associated with the correct dns zone of the ip interface based on the ip resource.

     Thank you very much for your help in advance!

    Tuesday, September 14, 2010 2:28 PM

Answers

  • Hi rismoney,

    In addition to JM and Tiger's suggestions, which I also recommend to not multihome serers. However, that's a moot point since that is your infrastructure's management design.

    What I can suggest is to disable registration on all interfaces, and manually publish the correct interface and IP into DNS using the registry. I have a blog that explains how to configure a multihomed DC, however knowing these are not DCs, you can skip the netlogon registry entries and comments, rather just focus on the DNS registry registration-related entries and how to manually "publish" the settings you want, in my blog.

    I hope you find it helpful.

    Multihomed DCs with DNS, RRAS, and/or PPPoE adapters
    Published by acefekay on Aug 17, 2009 at 9:29 PM 
    http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

    Of course this will require a reg script to be run on all of the servers, which can be facilitated using a GPO.

    You might also want to look into adding the registry entries using a GPO set on the OU where the servers reside. You'll find that section in: Computer configuration > Windows Settings > Security Settings > Registry.  Of course if you haven't already done so, you'll probably want to segregate the specific servers you want this GPO to apply to by creating an OU just for them.


    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    Thursday, September 16, 2010 2:07 AM
  • Sorry, I thought I had the TCP reg entries listed in the article. And no, I wasn't trying to talk you out of multihoming your server, just pointing out the administrative issues. For the reg entries, try the following link.

    DHCP & Static IP Settings in Windows Registry
    http://www.windowsreference.com/networking/dhcp-static-ip-settings-in-windows-registry/

    The only issue I see is determining which interface is which on each machine. It's possible you can create a script to parse the connection suffix in the registry, and go from there.

    As for the Primary DNS Suffix, that's just it, it's the Primary and applies to all interfaces. That's how the client side registration works. It looks at the IP address of connected and active interfaces, and sends a registration request to the first DNS entry to register into a zone name that matches the Primary DNS Suffix. I don't know a way around that other than completely disabling registration and manually setting it with a script, but that goes back to the above comments regarding determining which adapter is which.

    Here's the link to disable Registration:

    246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per NIC too):
    http://support.microsoft.com/?id=246804


    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    Friday, September 17, 2010 6:02 PM
  • I wanted to give back and provide readers of this thread with the solution I created as a workaround due to the lack of DNS registration micromanagement.

    To use it, set the variables at the start, based on your environment. I put a flag in it, to not register my MGMT vlan, since that one is fine for dns registration w/ primary DNS.

    Hope it helps someone.

    I name my nics like this:
    Physical
    NIC1
    NIC2 

    Virtual
    NAME-VLAN#
    NAME-VLAN#
    MGMT-VLAN#

    START SCRIPT
    DNS_SERVER_NAME= "server.x.y.z"
    DNS_ZONE = "x.y.z"
    REVERSE_ZONE = "#.#.in-addr-arpa."

    Const wbemFlagReturnImmediately = &h10
    Const wbemFlagForwardOnly = &h20

    Set objShell = CreateObject("WScript.Shell")
    Set objNetwork = WScript.CreateObject("WScript.Network")
    WScript.Echo "**********" & objNetwork.ComputerName  & "*************"
    strcomputer=objNetwork.ComputerName

    Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
    For Each objComputer in colItems
          
     WScript.Echo "Domain: " & objComputer.Domain
     strHost=objComputer.Name
     Wscript.Echo "System Name: " & strHost
     Set colNicConfigs = objWMIService.ExecQuery ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")

     For Each objNicConfig In colNicConfigs
       Set objNic = objWMIService.Get("Win32_NetworkAdapter.DeviceID=" & objNicConfig.Index)
       If Instr(objNic.netconnectionID,"MGMT")=0 And objNic.netconnectionID <>"" Then
        lac=objNic.NetConnectionID
        MyArray = Split(lac, "-")
        stralias=strHost & "-" & MyArray(1)
        ipaddr=objNicConfig.IPAddress(0)
        
          
     WScript.echo "dnscmd " & DNS_SERVER_NAME & " /RecordAdd " & DNS_ZONE & " " & strAlias & " /CreatePTR A " & ipaddr
     cmdline="dnscmd " & DNS_SERVER_NAME & " /RecordAdd " & DNS_ZONE & " " & strAlias & " /CreatePTR A " & ipaddr
     
     iErrorCode = objShell.Run(cmdline,,TRUE)
     WScript.Echo iErrorCode
      
       end If
       Next
       Next

    Thursday, September 23, 2010 6:09 PM

All replies

  • That is the root of the problem.  Unless Nic Teaming is being done or the server is being used as a LAN Router or a Firewall it should never be mulit-homed.
     
    Remove or disable the second/third nics.
     
    DCs and DNS Servers should not be multi-homed.

    --
    Phillip Windell
     
    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    "rismoney" <=?utf-8?B?cmlzbW9uZXk=?=> wrote in message news:b867e1ef-078f-443a-98c8-8508e8cb1a4f...

    Scenario - About 300 servers I have are Windows 2008 R2 standard member servers.  The major of which are multihomed. For instance:
    They are IP'd  - NIC1: MGMT 10.1.1.100   NIC2: APP: 10.1.2.100 NIC3: APP2: 10.1.3.100

    Tuesday, September 14, 2010 9:18 PM
  • Hi rismoney,

     

    Thanks for post here.

     

    I’m agree with Phillip that multi-homed host is no recommended ,you might assign one IP for one host only. If you want it could be accessed from other subnet then deploy router or 3th layout switch device and set route could achieve the goal.

     

    Meanwhile , Are all these 300 servers always connect to your network and assigned static IP address? If yes, “DNSCMD /recordadd”  with batch file would helpful for you to automatically add large number of records in DNS server, so you may consider to disable dynamic registration feature on each server.

     

    Dnscmd

    http://technet.microsoft.com/en-us/library/cc772069(WS.10).aspx#BKMK_14

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, September 15, 2010 8:36 AM
  • Hi rismoney,

    In addition to JM and Tiger's suggestions, which I also recommend to not multihome serers. However, that's a moot point since that is your infrastructure's management design.

    What I can suggest is to disable registration on all interfaces, and manually publish the correct interface and IP into DNS using the registry. I have a blog that explains how to configure a multihomed DC, however knowing these are not DCs, you can skip the netlogon registry entries and comments, rather just focus on the DNS registry registration-related entries and how to manually "publish" the settings you want, in my blog.

    I hope you find it helpful.

    Multihomed DCs with DNS, RRAS, and/or PPPoE adapters
    Published by acefekay on Aug 17, 2009 at 9:29 PM 
    http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

    Of course this will require a reg script to be run on all of the servers, which can be facilitated using a GPO.

    You might also want to look into adding the registry entries using a GPO set on the OU where the servers reside. You'll find that section in: Computer configuration > Windows Settings > Security Settings > Registry.  Of course if you haven't already done so, you'll probably want to segregate the specific servers you want this GPO to apply to by creating an OU just for them.


    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    Thursday, September 16, 2010 2:07 AM
  • Alright - so you all don't recommend multihome servers and I agree, but there are valid use cases.

    Note:I am not using multihomed domain controllers, nor DNS nor would ever think to.

    The MEMBER servers all have 2x10g network adapters.   They are indeed teamed.  I am able to define 802.1q tags to them which in turn creates virtual network adapters.  Our applications are multicast time sensitive (think financial streaming real time data) and the VLAN isolation of traffic ensures efficient delivery.  In addition I don't want routed traffic, as routers add hops -aka latency = slow old data. If I have management agents like AV, SNMP, monitoring etc, I would not want that Unicast TCP traffic to interfere with the applications UDP multicast and have drops.  

    I have been using DNSCMD to record add the interfaces, with the vlan tag # appended like servername-vlan#, but I would have liked to use the connection specific DNS, except that it's dynamic registration includes the primary dns suffix. 

    My opinion is that should be a separate configurable, and I should be able to control whether or not to register a connections IP with the primary dns suffix or not.  Register this connetion in DNS, with a connection specific suffix should have the option to not use the primary.

    Disabling Round Robin is also not an option, since then other unrelated hosts can't benefit from RR.

    Ace, I am not sure which regkeys you are referring to above " to manually "publish" the settings you want"...  These look like netlogon keys pertaining to DCs.  As you said these are not DCs and so I am not sure which items are relevant to member servers from a reg perspective.

    Thanks for all your replies so far!

     

    Friday, September 17, 2010 2:57 PM
  • Sorry, I thought I had the TCP reg entries listed in the article. And no, I wasn't trying to talk you out of multihoming your server, just pointing out the administrative issues. For the reg entries, try the following link.

    DHCP & Static IP Settings in Windows Registry
    http://www.windowsreference.com/networking/dhcp-static-ip-settings-in-windows-registry/

    The only issue I see is determining which interface is which on each machine. It's possible you can create a script to parse the connection suffix in the registry, and go from there.

    As for the Primary DNS Suffix, that's just it, it's the Primary and applies to all interfaces. That's how the client side registration works. It looks at the IP address of connected and active interfaces, and sends a registration request to the first DNS entry to register into a zone name that matches the Primary DNS Suffix. I don't know a way around that other than completely disabling registration and manually setting it with a script, but that goes back to the above comments regarding determining which adapter is which.

    Here's the link to disable Registration:

    246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per NIC too):
    http://support.microsoft.com/?id=246804


    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    Friday, September 17, 2010 6:02 PM
  • I wanted to give back and provide readers of this thread with the solution I created as a workaround due to the lack of DNS registration micromanagement.

    To use it, set the variables at the start, based on your environment. I put a flag in it, to not register my MGMT vlan, since that one is fine for dns registration w/ primary DNS.

    Hope it helps someone.

    I name my nics like this:
    Physical
    NIC1
    NIC2 

    Virtual
    NAME-VLAN#
    NAME-VLAN#
    MGMT-VLAN#

    START SCRIPT
    DNS_SERVER_NAME= "server.x.y.z"
    DNS_ZONE = "x.y.z"
    REVERSE_ZONE = "#.#.in-addr-arpa."

    Const wbemFlagReturnImmediately = &h10
    Const wbemFlagForwardOnly = &h20

    Set objShell = CreateObject("WScript.Shell")
    Set objNetwork = WScript.CreateObject("WScript.Network")
    WScript.Echo "**********" & objNetwork.ComputerName  & "*************"
    strcomputer=objNetwork.ComputerName

    Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
    For Each objComputer in colItems
          
     WScript.Echo "Domain: " & objComputer.Domain
     strHost=objComputer.Name
     Wscript.Echo "System Name: " & strHost
     Set colNicConfigs = objWMIService.ExecQuery ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")

     For Each objNicConfig In colNicConfigs
       Set objNic = objWMIService.Get("Win32_NetworkAdapter.DeviceID=" & objNicConfig.Index)
       If Instr(objNic.netconnectionID,"MGMT")=0 And objNic.netconnectionID <>"" Then
        lac=objNic.NetConnectionID
        MyArray = Split(lac, "-")
        stralias=strHost & "-" & MyArray(1)
        ipaddr=objNicConfig.IPAddress(0)
        
          
     WScript.echo "dnscmd " & DNS_SERVER_NAME & " /RecordAdd " & DNS_ZONE & " " & strAlias & " /CreatePTR A " & ipaddr
     cmdline="dnscmd " & DNS_SERVER_NAME & " /RecordAdd " & DNS_ZONE & " " & strAlias & " /CreatePTR A " & ipaddr
     
     iErrorCode = objShell.Run(cmdline,,TRUE)
     WScript.Echo iErrorCode
      
       end If
       Next
       Next

    Thursday, September 23, 2010 6:09 PM
  • Then they are not multi-Homed,...Teaming is not multi-homing.  Mulitple Nics is not multi-homing when they are teamed because the Teaming creates one Virtual Nic and that is what the machine becomes identified by.

    --
    Phillip Windell
     
    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
    "rismoney" <=?utf-8?B?cmlzbW9uZXk=?=> wrote in message news:ff8ce9ad-7329-45fa-bf59-19f456450e95...

    The MEMBER servers all have 2x10g network adapters.   They are indeed teamed.  I am able to define 802.1q tags

    Monday, September 27, 2010 9:56 PM
  • Then they are not multi-Homed,...Teaming is not multi-homing.  Mulitple Nics is not multi-homing when they are teamed because the Teaming creates one Virtual Nic and that is what the machine becomes identified by.

    --
    Phillip Windell
     
    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
    "rismoney" <=?utf-8?B?cmlzbW9uZXk=?=> wrote in message news:ff8ce9ad-7329-45fa-bf59-19f456450e95...

    The MEMBER servers all have 2x10g network adapters.   They are indeed teamed.  I am able to define 802.1q tags

    Actually, that is not true.  As stated above, you can create many virtual network adapters from a team with separate VLAN tagging, thus you have a multi-homed server still.
    Friday, June 8, 2018 11:03 AM