On Domain Controllers with more than one NIC where each NIC is connected to separate Network, there is a possibility that the Host A DNS registration can occur for unwanted NIC(s).
If the client queries for DC’s DNS records and gets an unwanted record or the record of a different network which is not reachable to client, the client will fail to contact the DC causing authentication and many other issues.
The DNS server will respond to the query in a round robin fashion. If the DC has multiple NICs registered in DNS. The DNS will serve the client with all the records available for that DC.
To prevent this, we need to make sure the unwanted NIC address is not registered in DNS.
Below are the services that are responsible for Host A record registration on a DC
1. Netlogon service
2. DNS server service (if the DC is running DNS server service)
3. DHCP client /DNS client (2003/2008)
If the NIC card is configured to register the connection address in DNS, then the DHCP /DNS client service will
Register the record in DNS. Unwanted NIC should be configured not to register the connection address in DNS
If the DC is running DNS server service, then the DNS service will register the interface Host A record that it has set to listen on. The Zone properties, “Name server” tab list out the IP addresses of interfaces present on the DC. If it has listed both the IPs, then DNS server will register Host A record for both the IP addresses.
We need to make sure only the required interface listens for DNS and the zone properties, name server tab has required IP address information
To avoid this problem perform the following 3 steps (It is important that you follow all the steps to avoid the issue).
1. Under Network Connections Properties:
On the Unwanted NIC TCP/IP Properties -> Advanced -> DNS - > Uncheck "Register this connections Address in DNS"
2. Open the DNS server console: highlight the server on the left pane Action-> Properties and on the "Interfaces" tab select "listen on only the following IP addresses". Remove unwanted IP address from the list
3. On the Zone properties, select Name server tab. Along with FQDN of the DC, you will see the IP address associated with the DC. Remove unwanted IP address if it is listed.
After performing this delete the existing unwanted Host A record of the DC.
No comments:
Post a Comment
Please leave you comment to improve our services and support