0

I am managing a global windows domain which consists of two primary datacenters and several branches. The datacenters and branches all have domain controllers and DNS servers (mostly for local caching) in a fairly simple heirarchy. We are leveraging DNS netmask ordering so that resolution of our domain (let's call it contoso.com) returns a domain controller in the requesting device's same subnet. This works extremely well. However, for "reasons", we have 2 VPN subnets that fall in different /16 subnets without a DNS server in them. This means we can't leverage subnet mask prioritization there, and contoso.com is resolving to any domain controller at random. This is visible in pings, reaching netlogon, etc. despite us having the symptomatic /16's mapped to the datacenters in ADSS.

Is there any other method of weighting resolution (something like SRV priority?) so that subnets without a local DNS server know to prioritize the datacenter DCs?

Any insight is greatly appreciated!

Improve this question
1
  • Netmask ordering does not affect netlogon or any native Windows resolution. Additionally, you shouldn't rely on the netmask functionality. This is particularly true for code. Don't expect name.com to resolve to a specific IP address from code That's on you to sort out.
    – Greg Askew
    Commented May 9 at 16:38

1 Answer 1

Reset to default
0

The solution we landed on was a simple round robin composed of A records for our primary datacenter domain controllers, and modifying references to use that instead. Doesn't work in every case, but it took care of the biggest issues. We'll be avoiding resolution of the domain itself as much as possible in subnets not covered by netmask ordering.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .