RE: [ActiveDir] DNS resolution - prioritization

[Marcus.Oh]

Dfs is site aware.  Since \\example.com\netlogon is managed by Dfs, the client will receive the location closest to it based on site.  What you were referring to on returning DNS records is called “netmask ordering”.  You’re right about the limitations of it.   :m:dsm:cci:mvp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Tuesday, September 06, 2005 11:18 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DNS resolution - prioritization   I agree client logon won't be a issue, as clients & DC fit in the site boundary.   But some of my startup script access netlogon as \\example.com\netlogon, and I suppose accessing any network resource by UNC has nothing to do with site boundary, it is pure DNS resolution.   also what about domain DFS traffic ? will it consider site boundaries while, finding the nearest replica partner? or it will use plain DNS resolution?   - Kamlesh   On 9/6/05, Phil Renouf <[EMAIL PROTECTED]> wrote: Just wondering what the actual issue is here though, when a client logs in they will get a DC within their local site, that shouldn't be dependant on the clients subnet mask, just whether their IP falls within the scope of a site defined in AD. If there is a DC in that site then they should be reffered to that DC during logon processes.   The behaviour of ping is not going to be site aware, but logon traffic will be.   Phil   On 9/6/05, Kamlesh Parmar <[EMAIL PROTECTED] > wrote: Thanks Roger for the reply, Problem is not the site setting, you see... when I ping for my domain's DNS name... or access the netlogon folder on DC as  \\example.com\netlogon This DNS resolution, will NOT consider site boundaries and give me appropriate IP of local DC. this DNS resolution will ask for client's subnet mask and if it finds any matching IP of DC which falls into this client network, it will provide that DC IP as first one. (making sure traffic remains inside LAN) but, since client IP network is restrictive /21,  the server which is there in the same physical LAN but in different subnet, will not be returned as first choice. I hope it clears it a bit. On 9/6/05, Roger Seielstad <[EMAIL PROTECTED] > wrote: I'd create smaller subnet records in AD (probably matching the /25 VLANs) and assign those to the sites which house the domain controller which you want them to use. You can keep the /21 subnet entry as a catch all as well, just in case.   -------- Roger Seielstad E-mail Geek     From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Kamlesh Parmar Sent: Monday, September 05, 2005 3:30 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS resolution - prioritization   Dear All,   We have around 50 sites with 80 DCs, all in single domain.   Now issue is three sites, have very restrictive network configuration for subnets. (all having 500+ machines)   i.e. their subnet specification in AD is  10.*/21 but at the network level they have divided this subnet into VLANs with mask of /25, all inclusive in mask /21 defined for subnet at AD level.   Problem:  when machine tries to find the nearest DC using domain DNS name, DNS server doesn't give IP of nearest DC first. as server falls into only into one of the /25 subnets. ( "subnet mask request" in DNS server is enabled) And as a result, machines go to other DCs for netlogon related activities/scripts. (generating unnecessary WAN traffic, slow login)   I am working with Network team to initiate the feasibility of so many VLANs, (long process) and if its possible to merge some VLAN, then I will move the DC in that subnet.   Any solution other than hard coding nearest DC in host file of all these machines.   Regards, Kamlesh -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Fortune and Love befriend the bold" ~~~~~~~~~~~~~~~~~~~~~~~~~~~   -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Fortune and Love befriend the bold" ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Fortune and Love befriend the bold" ~~~~~~~~~~~~~~~~~~~~~~~~~~~