WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out this quarters report on the threats that shook the industry in Q4 2017.
Solved
DNS Host (A) Record -- Different Record for Each Subnet
Posted on 2011-02-28
We have a centralized domain with a private IP scheme 172.16.X.Y -- X = location number, Y = individual address. This is across multiple locations. Our RF guns load a software that has the default location of the RF server as the word "RFSERVER." Obviously, I could make a Host (A) record to forward the word RFSERVER to the correct address for our main location's RF server - 172.16.1.Y.
My problem is we have multiple locations on one domain, with different subnets, but all pass DNS info back and forth through Active Directory. How do I make a Host (A) record to forward RFSERVER to 172.16.2.Y, and then another to forward to 172.16.3.Y, etc.? Is this even possible?
I don't want the RF guns at 172.16.2.Y sending RF info to RFSERVER if it forwards info to 172.16.1.Y (each location has it's own RF server). So, if our RF server's IP is 122 at all locations, it should load like this:
Location 1: 'RFSERVER' forwards to 172.16.1.122
Location 2: 'RFSERVER' forwards to 172.16.2.122
Location 3: 'RFSERVER' forwards to 172.16.3.122
etc
Any help would be appreciated. Thanks.
My problem is we have multiple locations on one domain, with different subnets, but all pass DNS info back and forth through Active Directory. How do I make a Host (A) record to forward RFSERVER to 172.16.2.Y, and then another to forward to 172.16.3.Y, etc.? Is this even possible?
I don't want the RF guns at 172.16.2.Y sending RF info to RFSERVER if it forwards info to 172.16.1.Y (each location has it's own RF server). So, if our RF server's IP is 122 at all locations, it should load like this:
Location 1: 'RFSERVER' forwards to 172.16.1.122
Location 2: 'RFSERVER' forwards to 172.16.2.122
Location 3: 'RFSERVER' forwards to 172.16.3.122
etc
Any help would be appreciated. Thanks.
-
5
4
3
12 Comments
You need for that Sites and appropriate Subnets. Then assign subnets with particular Site and that's all :) Each Site has to have at least one DC. To create Sites and Subnets you have to use AD Sites and Services console.
More about sites at
http://support.microsoft.com/kb/909429
Regards,
Krzysztof
More about sites at
http://support.microsoft.com/kb/909429
Regards,
Krzysztof
Just create an A record on the DNS, also add static record for 'RFSERVER' with wins server if you have one which will support clients that are not joined to the domain. if you don't have wins just install it is very simple.
note that all subnets must have the same dns server ip. you have a one dhcp I assume.
hope this helps.
note that all subnets must have the same dns server ip. you have a one dhcp I assume.
hope this helps.
Each site has it's own DC. All sites are set up in ADSS with appropriate DC servers. Replication is working correctly through this. I also have subnets set up and tied to each Site. For example, the subnet 176.16.1.0/24 is tied to Location1, the subnet 176.16.2.0/24 is tied to Location2, etc.
I have DNS and DHCP installed at each site DC. DNS is replicated across AD, but each DC acts as its own DHCP server (no replication).
So, are you saying I need to set up WINS at each DC and set it up in there?
I have DNS and DHCP installed at each site DC. DNS is replicated across AD, but each DC acts as its own DHCP server (no replication).
So, are you saying I need to set up WINS at each DC and set it up in there?
No, you don't need WINS for that. It would work fine with DNS. Just create A records in DNS with appropriate IPs and check if it works. DNS mechanism will do that
Krzysztof
Krzysztof
JGoodwin,
how are you routing between sites, though Site to site vpn; same building with different routers, or other ways. that is important to know.
how are you routing between sites, though Site to site vpn; same building with different routers, or other ways. that is important to know.
Basically, if I ping RFSERVER at Location1, I want it to ping resolve to and ping 172.16.1.122. If I ping RFSERVER at Location2, I want it to resolve to and ping 172.16.2.122.
In looking at DNS, I only have one Forward Lookup Zone and it is our main (and only) domain. Then I have Reverse Lookup Zones for our main site and other sites. The Forward Lookup Zone is where I can create Host (A) records. Can I create multiple Host (A) records for the word 'RFSERVER?' Will the resolve and ping like the above examples?
In looking at DNS, I only have one Forward Lookup Zone and it is our main (and only) domain. Then I have Reverse Lookup Zones for our main site and other sites. The Forward Lookup Zone is where I can create Host (A) records. Can I create multiple Host (A) records for the word 'RFSERVER?' Will the resolve and ping like the above examples?
Right. That's the only way for that in DNS :) Create as many A records as you need, each with IP address from particular Subnet. When you ping that name from subnet it will return appropriate IP
Krzysztof
Krzysztof
You may want to create only one main DNS for all sites, in addition to the local dns which will make it easier later on to add A record on one domain. If you can do that now. you may add it to each site as mentioned, but router has to resolves the 'RFSERVER' to a static public IP, or to forwrd the ports needed from the static public IP.
We do only have one DNS and I basically set up Reverse Lookups at all remote locations.
I got this working at our main location. If I ping RFSERVER it resolves to 176.16.0.122. However, if I try from an RF gun, even though it shows "Pinging Host RFSERVER [172.16.1.122], the pings fail.
I noticed that when creating the new Host (A) records, there was an option to "Create associated pointer (PTR) record" and also another option "Allow any authenticated user to update DNS records with the same owner name."
Should I have checked either of these options?
If I ping from my computer, it works just fine.
I got this working at our main location. If I ping RFSERVER it resolves to 176.16.0.122. However, if I try from an RF gun, even though it shows "Pinging Host RFSERVER [172.16.1.122], the pings fail.
I noticed that when creating the new Host (A) records, there was an option to "Create associated pointer (PTR) record" and also another option "Allow any authenticated user to update DNS records with the same owner name."
Should I have checked either of these options?
If I ping from my computer, it works just fine.
Thanks for all the help guys, but Krzysztof seemed to have all the right answers. I'm now resolving via ping to the correct address at each site because of my previously set up subnets.
For the RF gun issue, that is a whole other problem as I have to set up hosts records within the device.
For the RF gun issue, that is a whole other problem as I have to set up hosts records within the device.
Featured Post
Administration of Active Directory does not have to be hard. Too often what should be a simple task is made more difficult than it needs to be.The solution? Hyena from SystemTools Software. With ease-of-use as well as powerful importing and bulk updating capabilities.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Sometimes it necessary to set special permissions on user objects. For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This Micro Tutorial hows how you can integrate Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease.
The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
584 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.