DNS Config Windows Server with SAN connectivity

valmatic
valmatic used Ask the Experts™
on
This is a Windows DNS Server question.

On the windows server that has the DNS role, this server connects to a SAN as well. So basically the server has 8 nic ports. 4 are teamed for the windows environment, and the other 4 ports are used for multipath to the SAN.

So in the dns config section i go to the properties tab of the dns server. On the interface tab it shows 5 ips. The 1 that entails my windows team, and then the 4 that go to the san. I unchecked all of the SAN ips since my clients were associating this san ip to the server when looking for a logon server etc.. However when i uncheck all my san ips that goofy self test it does on the monitoring tab always says it fails.

However when i put in this server to my laptops static dns list it seems to work fine for web, browsing pc names on the network. I even flushed all the caches locally and on the server to make sure.

Does it matter if the monitor tab fails? If i put all my san ips back in under interfaces it passes, but then the server advertises these address on my network as a way to get to it which is wrong obviously. I am content with not worrying about the monitoring tab if this is normal for people who have had a server running dns server which also connected to a san.

Any comments or suggestions welcome. Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
You'll want to make sure the server is pointing to itself or a secondary DC for DNS. This is an absolute necessity for an AD server. The monitoring tests run using the DNS settings of the NIC, and you will want to make sure the SAN NICs are not set to use DNS and that they are not registering themselves in the DNS Forward Lookup Zone (Look at your domain FLZ and see if the NIC IPs are associated with an A record that points to the DC. If the SAN NIC IPs show in there, you need to remove those records and reconfigure the NICs not to register themselves in DNS)

To configure the SAN NICs to not register, go to the Adapter Properties screen (go to adapter settings in Control Panel's Network and Sharing center) click on IPv4 and click properties, then click Advanced, then the DNS tab and remove the checkmark next to "Register this connection's addresses in DNS" to stop that from happening.

Author

Commented:
Thanks for the info Adam. So the server had the other AD DNS server as server1 and itself as server 2 on its own nic settings.

I did disable all that register this adapter in dns for the 4 san interfaces. The thing i noticed if the san interfaces are checked on the interfaces tab of the dns properites that they register static records into dns. At first i kept deleting them and boom they would come back. Once i unchecked them from the interfaces tab on the dns config those static entries have not come back yet.

The question is now do i care that the self test on the monitoring tab fails?
kevinhsiehNetwork Engineer

Commented:
A DC will pretty much always register all of its IP addresses in DNS...unless you block that by deleting all of the dynamic DNS entries and put in a static DNS entry for the server in DNS. This prevents the additional addresses from getting dynamically registered in DNS. I do this for my Hyper-V hosts all the time. Very easy.
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Author

Commented:
Yes i kept deleting the san ip entries and it said they were static entered, and as soon as i refreshed the server they came right back. The only thing that kept them from coming back was un-clicking them as i described on the interfaces tab on the dns config.

Can anyone expand on my main question - do i really need to be concerned about the monitor tab self tests not working?
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
No. But you do need to be concerned about the SAN ips registering in DNS as A records for the DC. That will break AD very fast.
Senior Information Technology Consultant
Commented:
to answer your original question, no you don't really need to worry about the self test.

to stop the nics from registering themselves in DNS, open up the IPv4 properties in the nic control panel.  click advanced then click the DNS tab.
down at the bottom there is a checkbox you need to clear titled "register this connection's address in DNS"  that should prevent re registering of the nic.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial