VirtualBacon

Preventing DNS Registration of Specific IPs on a DNS Server

A few months back we ran into an issue where our DNS servers would become unavailable. It did not happen to all of them at the same time but it did happen only to physical servers, not VMs, and it happened within a couple of weeks. Looking back at what had changed on our network we realized that the problem began to happen when we connected the servers to a new backup network. The VMs were not affected because they are backed up through the VMware backup API and did not need to be on the backup network.

As it turned out the addition of the second IP address to the new NIC interface in and of itself did not cause a problem at the time of the configuration change, but when the server was restarted days or weeks later the DNS Server service picked up on the added IP address, added it to the list of interfaces to listen for DNS requests on, and registered the address in DNS. Needless to say this was not convenient as the backup network is isolated from the production network. Disabling NetBIOS in the Advanced TCP/IP settings, and unchecking "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks", on the Properties tab of the second network adapter was not enough as the DNS Server itself was registering all of its IP addresses.

The steps we took to fix the problem were to:

1. In the DNS server management console clear the check box for the newly added IP address. The DNS server adds it by default.

  • Open the DNS management console.
  • Right-click on the DNS server name (add it to the console if it is not already there) and select Properties.
  • On the Interfaces tab:
    Under Listen on:
    Select Only the following IP addresses: and uncheck the IP addresses you do not want the DNS server to listen on.
  • Delete the unwanted DNS A record from the forward lookup zone for the domain in question.

You may need to flush the DNS cache on clients having a problem in order to obtain the correct response.

 

[amazon asin=B0043D2EKY&template=iframe image&chan=default]

Tagged as: No Comments
   
Website Security Test