Hello,
Here is my environment:
- Multi-homed DC/DNS server (I know this is not recommended, but there is no way around it to meet the requirements of the system). There is what I will call the "normal" connection over which the server serves clients (192.168.1.100), and the"management" connection for remote management and logging (192.168.10.100).
- Round robin is turned off on the DC/DNS server, so that clients on the 192.168.1.0/24 subnet receive the 192.168.1.100 address for the server when they query the DNS.
- I have a workstation outside a routed firewall - its address is 192.168.50.10. There is no NAT on the firewall (the NAT screws up the DNS records, and the workstation could not join the domain unless NAT was off). Since it is not on the 192.168.1.0/24 subnet, turning off round robin doesn't seem to be helping make sure that this workstation receives the 192.168.1.100 address for the server when querying the DNS. My firewall logs show the machine attempting to communicate to the 192.168.10.100 address, which is not allowed by the ACLs. Nslookup on the workstation returns both entries, but their order is random (not consistent).
- This is a disconnected system without a distributed AD hierarchy (everything is in the lab.local domain).
How can I set up the DNS server such that it will respond to DNS queries from the workstation with the correct IP of the multi-homed DC?
Is there a way to configure the DNS server such that is sees the 192.168.50.0/24 subnet as being "closest" to the 192.168.1.0/24 subnet so that the subnet prioritization will take care of this?
