none
Split brain DNS has me puzzled RRS feed

  • Question

  • I'm in the process of setting up a couple of new (virtual) Windows 2016 servers. So now's the time to do things right. Like the Domain Name. For the LAN, this used to be "koppesbouwkunde.lan". Not a recommended setup - better use the 'real' domain name. In our case "koppesbouwkunde.nl". Another recommendation is to setup a split brain DNS configuration, to keep things simple. Like the same URL for Outlook Web Access, wether it's visited from in- or outside the local domain.

    Sounds great. So i did my reading on this subject: https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment and now I'm confused. The example describes how to configure things for a website on the local domain and the same website on the internet. We have something similar. Our company website is hosted by a webhosting company and listens to the name www.koppesbouwkunde.nl. While we don't have an internal website, IIS sets up one automagically, although the www. portion is missing.

    Without any DNS policies in place, an attempt to visit our (external) company website results in 'website not found', as to be expected. So I follow along the aforementioned article to set things up the right way. Like I have to create Zone Scopes and then add records to them. And there's were I get puzzled. To be able to access the website, I have to add a record pointing to it's IP-address. That's what I don't get. I mean, I know the IP-address, but it's unsure if our website will always have that IP-address - hence DNS. In my opinion, 'hard-coding' the IP-address defies the sole purpose of DNS? For now, I skipped this section.

    I thought there would be some clever rules for the DNS server to either serve a query directly or pass it on to DNS servers outside the domain. Selective Recursion, also mentioned in the same article, seems to do what I have in mind. Entered the necessary PS commands as described, and restarted the DNS service. But it won't do the trick - the website is still unavailable.

    All in all, it's confusing. So I wonder how to get this puppy configured the right way, preferable without hard-coding IP-addresses?


    Simon Weel


    • Edited by Simon Weel Wednesday, June 19, 2019 9:30 AM
    Wednesday, June 19, 2019 9:30 AM

All replies

  • Hi,

    I would like to confirm some information with you.

    • you have a local domain koppesbouwkunde.nl and a website www.koppesbouwkunde.nl.  
    • You want to configure DNS split brain policy but the IP address of website is not fixed.

    If so, the client can only resolve the website via public DNS server.

    However, because the website suffix is same as domain name, the local DNS server will not forward the resolution, unless you change the website name.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, June 20, 2019 6:47 AM
    Moderator
  • I would like to confirm some information with you.

    That wraps it up perfectly. The external website is likely to have a fixed IP-address and in case it changes, it's only a matter the change the address on the local DNS server.

    What puzzels me the most is the fact a 'split brain DNS' is presented as a solution to make DNS management easier. In my opinion, it doesn't? Instead of managing two DNS servers holding a single zone, a split brain DNS is a single DNS server with two zones. Doesn't matter which one you choose; both solutions work basically the same, so where's the part making things easier?

    Like I said, I thought there would be some clever rules for the DNS server to either serve a query directly or pass it on to DNS servers outside the domain. Apparently, there's no such thing, so it's not clear to me which problems this setup solves?


    Simon Weel

    Monday, June 24, 2019 7:35 AM
  • Hi,

    sorry for late reply.

    Instead of managing two DNS servers holding a single zone, a split brain DNS is a single DNS server with two zones. 

    I don't agree with you. It is not two different zones but a zone that contains same A records with different IP addresses.

    Meanwhile, the zonescope is used to configure DNS policy.

     I thought there would be some clever rules for the DNS server to either serve a query directly or pass it on to DNS servers outside the domain.

    I understand what you mean and you need rules like forwarders.

    However, DNS server can't forward the DNS queries in local zone, and DNS policy is the solution.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, June 27, 2019 6:59 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, July 2, 2019 7:09 AM
    Moderator
  • I decided to keep it simple. I don't want to host a DNS server for the WAN side on our server, so instead, I use the hosting provider's DNS server. Does mean maintaining two separate DNS servers. But we are a small organisation and once things are configured, there's not much to do anymore.


    Simon Weel

    Thursday, July 4, 2019 7:08 AM
  • Hi,

    If you use provider's DNS, how do you resolve local domain name? 

    For your reference:

    https://social.technet.microsoft.com/Forums/ie/en-US/4d97325b-ff3a-4f46-ba6e-dc3f4ff978e1/dns-internal-domain-has-same-name-as-external-website?forum=winserverNIS 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, July 4, 2019 7:48 AM
    Moderator
  • If you use provider's DNS, how do you resolve local domain name? 

    It depends on which side you are. On the WAN-side, domain names are served by the hosting providers DNS server. And on the LAN-side, they are served by the local DNS server. This means I have to configure two DNS servers, but as I said - we are a small organisation and as such don't have much domain names to maintain...


    Simon Weel

    Monday, July 15, 2019 8:40 AM
  • Hi,

    Thanks for your sharing.

    If there is anything else we can do for you, please feel free to post in the forum. 

    Best regards,

    Travis



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, July 16, 2019 7:00 AM
    Moderator