Hi All.

I have an issue with MS DNS.

We have 3 subnet A=192.168.1.0, B=192.168.2.0, C=192.168.3.0

Subnet A and B have DC's .5 in each.

The resolution of the domain name foo.com points to the 2 dc's

In subnet A and B they subnet prioritization gives the correct host
name for each site.

The issues start with subnet C, this is a remote site and can only
access subnet A

We have turned off round robin DNS.

I would expect that then the DNS server would return recored in the
order that they are created. IE the first in the list. This is correct,
if the DC in subnet A is on the top all is OK but from time to time it
seems to reorder itself and the DC from subnet B is on the top.

This breaks GPO deployment for subnet C. ie \\fooo.com\sysvol\.. etc
etc is broken.


Is there a way to "lock" the resolution order for the domain A records?

Thanks for the .

Matthew

matlowe@gmail.com wrote:
> Hi All.
>
> I have an issue with MS DNS.
>
> We have 3 subnet A=192.168.1.0, B=192.168.2.0, C=192.168.3.0
>
> Subnet A and B have DC's .5 in each.
>
> The resolution of the domain name foo.com points to the 2 dc's
>
> In subnet A and B they subnet prioritization gives the correct host
> name for each site.
>
> The issues start with subnet C, this is a remote site and can only
> access subnet A
>
> We have turned off round robin DNS.
>
> I would expect that then the DNS server would return recored in the
> order that they are created. IE the first in the list. This is
> correct, if the DC in subnet A is on the top all is OK but from time
> to time it seems to reorder itself and the DC from subnet B is on the
> top.
>
> This breaks GPO deployment for subnet C. ie \\fooo.com\sysvol\.. etc
> etc is broken.
>
>
> Is there a way to "lock" the resolution order for the domain A
> records?

This is a point I brought up for adding support for this to the new version
of Windows server (now in Beta) I'm keeping my fingers crossed for this.

At this time you have to rely on Netmask Ordering, and disable round robin.
If that doesn't work make static routes for all subnets or use the hosts
file. DNS kinda' just does what it wants to when it comes to sending out
records in a particular order.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

That's kind of where I got to. Would be nice to have the same one
returned with round robin turned off.

We will have to look at a host file entry.

Thanks

Matthew

Kevin D. Goodknecht Sr. [MVP] wrote:
> matlowe@gmail.com wrote:
> > Hi All.
> >
> > I have an issue with MS DNS.
> >
> > We have 3 subnet A=192.168.1.0, B=192.168.2.0, C=192.168.3.0
> >
> > Subnet A and B have DC's .5 in each.
> >
> > The resolution of the domain name foo.com points to the 2 dc's
> >
> > In subnet A and B they subnet prioritization gives the correct host
> > name for each site.
> >
> > The issues start with subnet C, this is a remote site and can only
> > access subnet A
> >
> > We have turned off round robin DNS.
> >
> > I would expect that then the DNS server would return recored in the
> > order that they are created. IE the first in the list. This is
> > correct, if the DC in subnet A is on the top all is OK but from time
> > to time it seems to reorder itself and the DC from subnet B is on the
> > top.
> >
> > This breaks GPO deployment for subnet C. ie \\fooo.com\sysvol\.. etc
> > etc is broken.
> >
> >
> > Is there a way to "lock" the resolution order for the domain A
> > records?
>
> This is a point I brought up for adding support for this to the new version
> of Windows server (now in Beta) I'm keeping my fingers crossed for this.
>
> At this time you have to rely on Netmask Ordering, and disable round robin.
> If that doesn't work make static routes for all subnets or use the hosts
> file. DNS kinda' just does what it wants to when it comes to sending out
> records in a particular order.
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================

"Matthew" <matlowe@gmail.com> wrote in message
news:1158011194.079646.138000@h48g2000cwc.googlegr oups.com...
> That's kind of where I got to. Would be nice to have the same one
> returned with round robin turned off.
>
> We will have to look at a host file entry.

You can lock the order FROM the server by turning off
BOTH "round robin" and "netmask ordering" on the Server.

But you will still possibly see variations from the client
due to "subnet prioritization" (clients version of netmask
ordering) -- however this order should remain consistent
IF your client doesn't change subnets.

Going to a "hosts" file entry seems a little odd -- if you only
want one particular entry why not one entry in DNS?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
> Thanks
>
> Matthew
>
> Kevin D. Goodknecht Sr. [MVP] wrote:
>> matlowe@gmail.com wrote:
>> > Hi All.
>> >
>> > I have an issue with MS DNS.
>> >
>> > We have 3 subnet A=192.168.1.0, B=192.168.2.0, C=192.168.3.0
>> >
>> > Subnet A and B have DC's .5 in each.
>> >
>> > The resolution of the domain name foo.com points to the 2 dc's
>> >
>> > In subnet A and B they subnet prioritization gives the correct host
>> > name for each site.
>> >
>> > The issues start with subnet C, this is a remote site and can only
>> > access subnet A
>> >
>> > We have turned off round robin DNS.
>> >
>> > I would expect that then the DNS server would return recored in the
>> > order that they are created. IE the first in the list. This is
>> > correct, if the DC in subnet A is on the top all is OK but from time
>> > to time it seems to reorder itself and the DC from subnet B is on the
>> > top.
>> >
>> > This breaks GPO deployment for subnet C. ie \\fooo.com\sysvol\.. etc
>> > etc is broken.
>> >
>> >
>> > Is there a way to "lock" the resolution order for the domain A
>> > records?
>>
>> This is a point I brought up for adding support for this to the new
>> version
>> of Windows server (now in Beta) I'm keeping my fingers crossed for this.
>>
>> At this time you have to rely on Netmask Ordering, and disable round
>> robin.
>> If that doesn't work make static routes for all subnets or use the hosts
>> file. DNS kinda' just does what it wants to when it comes to sending out
>> records in a particular order.
>>
>>
>> --
>> Best regards,
>> Kevin D. Goodknecht Sr. [MVP]
>> Hope This s
>> ===================================
>> When responding to posts, please "Reply to Group"
>> via your newsreader so that others may learn and
>> benefit from your issue, to respond directly to
>> me remove the nospam. from my email address.
>> ===================================
>> http://www.lonestaramerica.com/
>> http://support.wftx.us/
>> http://message.wftx.us/
>> ===================================
>> Use Outlook Express?... Get OE_Quotefix:
>> It will strip signature out and more
>> http://home.in.tum.de/~jain/software/oe-quotefix/
>> ===================================
>> Keep a back up of your OE settings and folders
>> with OEBackup:
>> http://www.oe.com/OEBackup/Default.aspx
>> ===================================
>

In news:OAjSCkf1GHA.4108@TK2MSFTNGP04.phx.gbl,
Herb Martin <news@LearnQuick.com> stated, which I commented on below:
> "Matthew" <matlowe@gmail.com> wrote in message
> news:1158011194.079646.138000@h48g2000cwc.googlegr oups.com...
>> That's kind of where I got to. Would be nice to have the same one
>> returned with round robin turned off.
>>
>> We will have to look at a host file entry.
>
> You can lock the order FROM the server by turning off
> BOTH "round robin" and "netmask ordering" on the Server.
>
> But you will still possibly see variations from the client
> due to "subnet prioritization" (clients version of netmask
> ordering) -- however this order should remain consistent
> IF your client doesn't change subnets.
>
> Going to a "hosts" file entry seems a little odd -- if you only
> want one particular entry why not one entry in DNS?

I tend to agree about netmask ordering. But my take on it is even if round
robin is not disabled, netwmaks ordering will be the factor on what IP the
client will receive, based on the subnet of the querying client. So I would
say that it just works without needing to make any changes. Now of course,
I'm also assuming that AD Sites are configured, since the client will get an
IP of a logon server in it;s own subnet before it looks elsewhere.


--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

> I tend to agree about netmask ordering. But my take on it is even if round
> robin is not disabled, netwmaks ordering will be the factor on what IP the
> client will receive, based on the subnet of the querying client. So I
> would say that it just works without needing to make any changes.

He for some reason wants to be able to predict or fix the
IP address returned -- in that case he can just disable both
netmarks ordering AND round robin.

But then we both wonder what is the point of multiple records
(since clients for practically all services tend to only try the
first one and will not fail over to the others in general.)


> Now of course, I'm also assuming that AD Sites are configured, since the
> client will get an IP of a logon server in it;s own subnet before it looks
> elsewhere.

This latter part of the above is incorrect in GENERAL.

There is no guarantee that a client will use a Logon server
from the same SUBNET, but only that is will strongly tend
to use one from the SAME SITE (which may have many
subnets, or have a subnet in Sites that is actually inclusive
of many physical subnets on the wire.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message
news:OTm0gmh1GHA.4392@TK2MSFTNGP04.phx.gbl...
> In news:OAjSCkf1GHA.4108@TK2MSFTNGP04.phx.gbl,
> Herb Martin <news@LearnQuick.com> stated, which I commented on below:
>> "Matthew" <matlowe@gmail.com> wrote in message
>> news:1158011194.079646.138000@h48g2000cwc.googlegr oups.com...
>>> That's kind of where I got to. Would be nice to have the same one
>>> returned with round robin turned off.
>>>
>>> We will have to look at a host file entry.
>>
>> You can lock the order FROM the server by turning off
>> BOTH "round robin" and "netmask ordering" on the Server.
>>
>> But you will still possibly see variations from the client
>> due to "subnet prioritization" (clients version of netmask
>> ordering) -- however this order should remain consistent
>> IF your client doesn't change subnets.
>>
>> Going to a "hosts" file entry seems a little odd -- if you only
>> want one particular entry why not one entry in DNS?
>
>
>
> --
> Ace
> Innovative IT Concepts, Inc
> Willow Grove, PA
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
> you to easily find, track threads, cross-post, sort by date, poster's
> name, watched threads or subject.
> It's easy:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only constant in life is change...
>

In news:%23N0Rgho1GHA.4972@TK2MSFTNGP03.phx.gbl,
Herb Martin <news@LearnQuick.com> stated, which I commented on below:
>>
>> Now of course, I'm also assuming that AD Sites are configured, since
>> the client will get an IP of a logon server in it;s own subnet
>> before it looks elsewhere.
>
> This latter part of the above is incorrect in GENERAL.
>
> There is no guarantee that a client will use a Logon server
> from the same SUBNET, but only that is will strongly tend
> to use one from the SAME SITE (which may have many
> subnets, or have a subnet in Sites that is actually inclusive
> of many physical subnets on the wire.)

The order of the response data is arranged where the closest subnet data to
the client's subnet is offered in the reponse.

If Sites are configured, then what I'm saying is the response will be one in
it's own Site, such as during the logon process.

314861 - How Domain Controllers Are Located in Windows XP:
http://support.microsoft.com/?id=314861

How can I enable or disable subnet prioritization on the DNS server (Written
by John Savill, AD MVP and author of an AD book):
http://www.windowsitpro.com/Article/...7027.html?Ad=1

Ace

"Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message
news:uCCzA$H2GHA.2196@TK2MSFTNGP06.phx.gbl...
> In news:%23N0Rgho1GHA.4972@TK2MSFTNGP03.phx.gbl,
> Herb Martin <news@LearnQuick.com> stated, which I commented on below:
>>>
>>> Now of course, I'm also assuming that AD Sites are configured, since
>>> the client will get an IP of a logon server in it;s own subnet
>>> before it looks elsewhere.
>>
>> This latter part of the above is incorrect in GENERAL.
>>
>> There is no guarantee that a client will use a Logon server
>> from the same SUBNET, but only that is will strongly tend
>> to use one from the SAME SITE (which may have many
>> subnets, or have a subnet in Sites that is actually inclusive
>> of many physical subnets on the wire.)
>
> The order of the response data is arranged where the closest subnet data
> to the client's subnet is offered in the reponse.
>
> If Sites are configured, then what I'm saying is the response will be one
> in it's own Site, such as during the logon process.
>

The point was that NONE of this (sites) is related to DNS
round robin.

They are completely separate: round robin existing even in
non-domain environments and Sites being AD specific, while
Round Robin can work EVEN WITHIN a Site, since a Site
can contain multiple subnets.

The main mistake you made was in assuming/implying that
each SITE would be a single Subnet when you wrote "the
client will get an IP of a logon server in its own subnet".

Sites don't work the way that sentence indicates; only netmask
ordering and subnet prioritization do that.

Instead "the client will get an IP of a logon server in its own
SITE" (by default, and an another site if none is available.)

The key here is that the clients get a Logon server from the
same SITE usually. Not the same SUBNET (unless the site
HAPPENS to be a single subnet.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> 314861 - How Domain Controllers Are Located in Windows XP:
> http://support.microsoft.com/?id=314861
>
> How can I enable or disable subnet prioritization on the DNS server
> (Written by John Savill, AD MVP and author of an AD book):
> http://www.windowsitpro.com/Article/...7027.html?Ad=1
>
> Ace
>

In news:%234yq9LP2GHA.4796@TK2MSFTNGP06.phx.gbl,
Herb Martin <news@LearnQuick.com> stated, which I commented on below:

> The point was that NONE of this (sites) is related to DNS
> round robin.
>
> They are completely separate: round robin existing even in
> non-domain environments and Sites being AD specific, while
> Round Robin can work EVEN WITHIN a Site, since a Site
> can contain multiple subnets.

I thought you were arguing otherwise.

>
> The main mistake you made was in assuming/implying that
> each SITE would be a single Subnet when you wrote "the
> client will get an IP of a logon server in its own subnet".

So I meant in it's own SITE, not subnet.

Ace