DNS, Active Directory

I have domain controllar and DNS configured in the same server.
I have two NIC cards.
Is it possible to bind both NIC card IP address in DNS
Pls help.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Neil RussellTechnical Development LeadCommented:
Multihomed (Dual NIC/IP) configurations on a DC are a non supported configuration.  You will have more problems with this kind of setup than it will ever resolve for you.

A DC Should ONLY ever have a single installed NIC.  Even an unconfigured but installed NIC can cause problems.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Skumar_CCSAAuthor Commented:
Understand but the solution were asked to implement two NIC with different subnet.

When I checked the DNS configuration I found that both the IPs listed in the listen list for client resolution.

I checked the network binding order and changed in the below order.

NIC 1 --> Top 1
NIC 2 --> Top 2

When I do ipconfig I can see the binding order too..
But in the DNS listener list I see management IP in the first sequence.
Neil RussellTechnical Development LeadCommented:
Can I ask why you need two NICS on a windows Domain controller?

IF you have Two NICS and two IP's on different subnets registered in DNS for the same name, how is a client going to talk to the server on a guaranteed IP for its subnet?

I have yet to hear anybody answer the question "WHY do you need two NICS?"  with a valid answer yet.
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Not supported but have seen it working where one NIC has no IP addresses assigned for DNS server.  It can still cause issues and if you need access to the DC from a different subnet, why don't you just implement a router and use routes.
Neil RussellTechnical Development LeadCommented:
"Not supported but have seen it working where one NIC has no IP addresses assigned for DNS server.  It can still cause issues "

But the question was about having BOTH register in DNS and yes, it can STILL cause problems.
There should NEVER be a reason to have DUAL cards in a DC.  a DC has a purpose and that purpose does not require or indeed work correctly, with Dual NIC's.
Skumar_CCSAAuthor Commented:
There are two type of traffic flow in the network.

All infra related monitoring software, antivirus and backup must go through management network NIC 2, All production date go through NIC 1.

DNS servers will have original host created while joining hosts in the domain, and manually create one host with management IP for all hosts.
DNS Records:
experts.domain.ca (this have production IP)
experts-it.domain.ca (this have management IP)

DNS both NIC cards it will have resolve names accordingly when traffic flow over NICs

Will it work without causing
Neil RussellTechnical Development LeadCommented:
Easiest problem to describe is this.

What happens to ALL your clients on the "Management" network when they issue DNS requests? Where do they go? Where do they look? Are you going to give every machine in your org that needs 2 nics, 2 DNS names? Or do you intend configuring everything on the management network to use static IP Addresses and no DNS services?

The management overhead of using two NICS for a management network is massive.  And the benefits? Has somebody read a book/blog/overheard a conversation in the pub?   The theory is good but in practice....

Unless you FULLY understand ALL of the network discovery protocols in use and how everything ties into nics, you can cause one hell of a mess very quickly.

There are far better ways to manage you network traffic that to have two nics in every device on the network.

Quick question...
Are all of these NIC's going to have a different set of switches to the main infra switches? Or are you going to switch everything through a single set of switches?
Will SzymkowskiSenior Solution ArchitectCommented:
DNS and Duel NIC's (interfaces) on a machine does not route traffic, its not a router. This is where you run into issues like the others have already pointed out.

When you have 2 NIC's you should only ever register 1 in DNS. If you register both you will get both entries in DNS and it then becomes a freefrall when clients try to do name resolution. The client will pick up whatever host name is bound to the IP and it could be the IP from the management network. In that case it would not properly communicate and if you are using something like Exchange (for example) it will break due to not pointing to the correct IP address.

I have seen in some environments where they want to do a complete image/snapshot of a DC (for recovery purposes, this is the case if all DC's are compromised they can restore the individual image and promote additional DC's as needed) and they setup a management network to connect to. Now there are a few things that need to be done especially when it is a DC.
- Management NIC CANNOT be registered in DNS (also disable Netbios over TCP/IP network adapter properties)
- Binding Order Management NIC needs to be the last one in the list
- DNS Listeners you need to manaully set DNS not to listen on management network (as is automatically listens on all interfaces)

Aside from that you should not be Duel NIC a DC and if you do you need to ensure the steps above are in place or it will cause issues.

Adam ResnickGlobal IT ManagerCommented:
Have we established that this is a DC? The original question was regarding DNS, lest we become Microsoft-centric in the solution. That said, if the goal is isolation of datatype streams and the two networks are pre-existing, you'd be better off splitting the DNS function across two systems. If cost is an issue, virtualize using VMWare's standalone freeware server and run both instances on the same hardware, tying each instance to a NIC. If you aren't opposed to a greater spend to get a centralized DNS system, you could consider this:

Neil RussellTechnical Development LeadCommented:
@Adam Resnick

Did you read the question?  "I have domain controllar and DNS configured in the same server."
Adam ResnickGlobal IT ManagerCommented:
@Neilsr - you are correct, my apologies. Went back and re-read the question.
Since clients queries and AD management tools use the same ports and protocols, for example LDAP you can not separate out management traffic easily. If any of your management tools need to do AD authentication then these ports will need to be bound to both NICs and you will have problems.
It appears to me that what this person wants isn't supported by normal DNS protocols. He wants a DIFFERENT reply to be given to the same DNS query depending on which network interface the DNS query arrives on. This would allow clients on the management subnet to connect to the server on its management IP, and clients on the user network to connect on the "normal" IP.

DNS doesn't work in this way. It can return a list of addresses, or it can round robin. The only way to achieve what the original question asks is to have two separate DNS servers and point the management clients at this other server. However this would break other things...

SO my answer would be "its not possible"....
Neil RussellTechnical Development LeadCommented:
As already stated by all the experts, what you are asking for is not possible.  You can not have multiple nics in servers and have a single DNS system respond with the "Correct" one for a particular task.

As I stated in the first reply to your post, it will only cause issues and not resolve any problems.
Seth SimmonsSr. Systems AdministratorCommented:
I've requested that this question be closed as follows:

Accepted answer: 500 points for Neilsr's comment #a40523281

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Will SzymkowskiSenior Solution ArchitectCommented:
Seth, not sure why you are only accepting one answer for this. There are obviously several comments that provide valuable info. Also as EEnookami has also stated that points should be distributed as well.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.