In our environment, most Windows Servers are dual-homed.
The first NIC, called 'Public' is the one:
- used by the servers to communicate with Active Directory
- with a default gateway set
- via which the applications should be exposed
- via which the RDP connections should be established
The second NIC, called 'Management' is mainly used to take backups and for monitoring purposes.
Both NICs are in separate (and symmetric) private VLANs. For example:
- Domain controllers: 10.2.0.0/24
- Public: 10.2.1.2/24 with default gateway set to: 10.2.1.1 (pfSense firewall interface)
- Management: 10.2.2.2/24, no default gateway set (10.2.2.1 being the pfSense firewall interface)
Currently, we do the following:
- the first NIC registers itself in DNS (FQDN, for example someserver.ourdomain.local)
- the second NIC does not register itself in DNS and we manually create forward & reverse records in a separate zone, for example: someserver.mgt.ourdomain.local
What we would like to achieve is to enable DNS registration for the second NIC so that we don't have to manually create the records in DNS.
We have added 'mgt.ourdomain.local' in the list of allowed DNS suffixes (msDS-AllowedDNSSuffixes) as described here
This allows us to define the 'DNS Suffix for this connection' value in the IPv4 settings of the second NIC (management). That, combined with 'Use this connection's DNS suffix in DNS registration' almost does what we want.
It successfully registers 'someserver.mgt.ourdomain.local', but the problem is that it also registers 'someserver.ourdomain.local'.
And thus, we have two DNS entries for someserver.ourdomain.local and we would like to avoid that.
Is there a registry setting that could stop the machine's DNS suffix to be registered and to only register in DNS using the suffix specified at the adapter level?
No comments:
Post a Comment