[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 393
  • Last Modified:

Multi-NIC DNS

Quick Question,
I have a server that acts as the DNS/AD/DC/WINS/File Share in my network and it has 2 NICS x.x.x.9 and x.x.x.10 (same subnet).  We often have issues resolving DNS names intermittently (usually accessing shared drives on that server or on our other file server).  Would this be due to having dual NICS set up on the same Subnet?  
Often a reboot of the client, changing the preferred DNS from .9 to .10 or vice a versa, or disabling and enabling the CLIENT NIC fixes the issue.
0
JamesonJendreas
Asked:
JamesonJendreas
  • 10
  • 6
  • 2
1 Solution
 
omarfaridCommented:
Why do you need both NICs to be in the same subnet?

If you need both IPs for the same server, then assign them to the same NIC (I think in advanced options).

Normally putting multipe NICs in the same subnet is not recommended.
0
 
PlaceboC6Commented:
That shouldn't cause a problem.  Just make sure that your clients aren't pointing to a third party DNS server anywhere in the list.
0
 
JamesonJendreasAuthor Commented:
Well they are also pointing to our ISP's DNS server, should they not be?
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
PlaceboC6Commented:
Never do that.

You can configure your DNS server's forwarders tab to point to the ISP if you like.  But never configure a client or server in you domain environment to point to ISP.  It will cause random resolution problems, script problems,  group policy problems etc.
0
 
JamesonJendreasAuthor Commented:
Yea I know they shouldn't be on the same subnet, this was configured before I got here, and I've been spending A GREAT DEAL OF TIME fixing things my predecessors did not do correctly (like all our  rPTR and A records, found that out when we had spammers relay through us and no one would accept an email from us after that).  The main reason that I have yet to change this is that we have an FTP running on one,  and a website (for internal use) and a second FTP used as a software repository for my Thin Clients on another. Granted I could put these on he same IP, but it's more what would have to be done on the client side that would be a hassle (although it is one of my to do things).
0
 
omarfaridCommented:
Well, pointing to the ISP DNS servers has advantages and disadvantages. If you feel that it is causing problems then don't point them to ISP DNS servers.
0
 
PlaceboC6Commented:
It really doesn't matter if they are on the same subnet to me.  

The only real problem I see is that you have the ISP configured as an alternate DNS server which will cause you some problems.
0
 
JamesonJendreasAuthor Commented:
"Never do that.

You can configure your DNS server's forwarders tab to point to the ISP if you like.  But never configure a client or server in you domain environment to point to ISP.  It will cause random resolution problems, script problems,  group policy problems etc."

THANKS!!!!! Once again, setup before i was here and thought it was kind of odd, but assumed that since they had done that it would work.
0
 
PlaceboC6Commented:
If you have 2 DC's running DNS or more,  there is no advantage to pointing to the ISP as an alternate.

The only thing the ISP would get you is the ability to resolve internet addresses in the event your domain controller went down.

If you have two dns servers of your own you will be ok.  Additionally, just because the dc is listed as preferred doesn't mean that the clients won't try to hit the alternates in the event the DC is busy.  Which could be causing your random problems.

The ISP will not be aware of your local domain resources.
0
 
PlaceboC6Commented:
Here is more info for the DC itself:

Do not configure the DNS client settings on the domain controllers to point to your Internet Service Provider's (ISP's) DNS servers. If you configure the DNS client settings to point to your ISP's DNS servers, the Netlogon service on the domain controllers does not register the correct records for the Active Directory directory service. With these records, other domain controllers and computers can find Active Directory-related information. The domain controller must register its records with its own DNS server.

To forward external DNS requests, add the ISP's DNS servers as DNS forwarders in the DNS management console. If you do not configure forwarders, use the default root hints servers. In both cases, if you want the internal DNS server to forward to an Internet DNS server, you also must delete the root "." (also known as "dot") zone in the DNS management console in the Forward Lookup Zones folder.

http://support.microsoft.com/kb/825036
0
 
JamesonJendreasAuthor Commented:
So it's generally a better Idea to have the local DNS server resolve to the ISP for the clients.  It makes sense to me, especially with things like our email system that that we connect via DNS names, and on the internal DNS they resolve to the internal IP, but if your outside it would resolve to our external IP.  Even though both are pointing to the same machine, we'd want to be going through the internal regardless.
0
 
PlaceboC6Commented:
Yeah.  The DC should point to itself (if you only have one) under its own client settings.

Then open the DNS console,  right click on the server name, and configure the Forwarders Tab to point to the ISP.

Then your DNS server will forward external requests to the ISP on behalf of your local clients.

0
 
JamesonJendreasAuthor Commented:
We do not have any redundancies on our system, that is, we have a single DC that is our AD/DHCP/WINS/DNS, then we have another server that runs File and Print sharing.

And if I'm not supposed to point the DC's DNS to our IP's, but internally, what happens if the DC is the DNS, is it just a matter then of telling the DNS to forward the requests to the ISP? I guess that would be diffrent then setting it up to go directly to the ISP DNS.

Acronym power!
0
 
PlaceboC6Commented:
If you have a single DC,  and it goes down.  Then name resolution will be broken in your environment because everyone is pointing to the DC.  Then again,  if the server goes down...you will have big problems with authentication and accessing interenal resources.

A DC doesn't require much power in a small environment...honestly if you had another license you could install Server on a desktop PC and promote it to a DC and stuff DNS on it.  Then you'll have a backup.  You always want 2 DC's if you can help it.  

If you lost your DC and your backup was bad...you lose everything.

If you have 2 DC's,  you'd be just fine.

Additionally you could promote the second server to a DC if it is only a file/print server as is.
0
 
JamesonJendreasAuthor Commented:
That was a consideration I had made, to take the other server and promote it to a DC, and I most likely will.  We haven't had any issues without a backup, but it only takes once to need it.
0
 
PlaceboC6Commented:
If nothing else...pull up NTBACKUP on the DC.  Run a backup of all of C: and check the system state box.  Copy the backup file to your file server.

Do this at least once a month and you won't lose everything you have.

Yes you are right....one "OH CRAP" is all it takes.  I see it every day.
0
 
PlaceboC6Commented:
So where are we now?   Monitoring for further failure?
0
 
PlaceboC6Commented:
Did I answer your questions?
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 10
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now