DNS Round Robin - Impact of one wrong entry

Similar Messages

• Exchange 2013 and DNS Round Robin downside?

  Hi guys,
  I have a question regarding Exchange Server 2013 (SP1) and the use of DNS round robin.
  I have a customer that currently is running 2 CAS servers with NLB and we are currently investigating if it would be appropriate to move to a DNS RR solution so we can remove the CAS servers and install the CAS role on the Mailbox servers.
  (yes I know that CAS with NLB and Mbx with DAG cannot be used on the same server)
  What would be the downside of DNS RR?
  Request 1 will go to first MBX server, Reqeust 2 to second MBX server, Request 3 to third MBX server and then start over again. If MBX server 1 goes offline, it will still be used within the DNS RR solution and clients will be redirected towards that server.
  But how will clients react? Will Outlook 2010/2013 timeout since the server is not responding and do a autodiscover lookup again and then hopefully jump on the DNS that points towards another server?
  Is this true for pop/imap or a receive connector for SMTP relay aswell?

  Hi Fredrik,
  Hope this helps  out...
  Round robin doens't check the load on the network interfaces.It just passes on to the next one; for example Server1, Server2
  If server1 has a lot of traffic on his nic he still get more traffic onto his nic when round robin wants to.
  NLB gives some checkes on the load on the interfaces. Therefore it will make sure that that all servers has about the same amount of traffic.
  In Windows NLB we can able to create port rules for the virtual ip which is not applicable when you go DNS Round Robin
  DNS round robin the clients will see different IP addresses Wherea NLB uses single IP Address
  DNS round robin is not a good solution for redundancy. If one of the nodes goes down, you first have to go and remove its A record from the DNS server but then it may take some time before such a change is propergated. In the meantime you may have a number
  of clients attempt to access the dead IP.
  With load balancing you can remove a host from the set immediately (if it doesn't detect an unresponsive host automatically). The only affect of a downed server on the clients would be if some of the clients had session
  data on that server.
  Exchange Queries

• NLS Redundancy using DNS Round Robin

  Hello, I have searched the internet and this forum for my question but I couldn't find the answer anywhere.
  Would it be an option to use DNS Round Robin as a 'fail over' mechanism for the DA NLS Server?
  To explain our situation a little: We have a few branch offices and it happens sometimes that the site-to-site VPN tunnel between the branch office and the main office breaks (e.g. internet outage in the main office). In those situations it would be best to
  have a NLS server in another office to prevent users from losing conenctivity to the network because of the first NLS server being unreachable (we have a full-mesh network between the offices).
  But how does the DA mechanism respond to a DNS result with multiple IP addresses when querying for the NLS server? Most browsers will go to the 2nd IP address in case the 1st IP address is unreachable in such a situation. Will DirectAccess also do this?
  I hope I explained our situation and question OK.

  Jason,
  I may have found something else. Apparently netmask ordering uses a default subnet mask of /24 (255.255.255.0) This is why the subnet must match. Apparently you can change the netmask used by netmask ordering:
  Description of the netmask ordering feature and the round robin feature in Windows Server 2003 DNS
  http://support2.microsoft.com/kb/842197
  Not every customer may use this solution, but it might provide an solution for some customers. It all depends on their address scheme. Allow me to explain...
  Imagine you have one datacenter and three branch offices. Each branch office owns a /16 subnet:
  - Datacenter (10.100.0.0/16)
  - Branch Office 1 (10.110.0.0/16)
  - Branch Office 2 (10.120.0.0/16)
  - Branch Office 3 (10.130.0.0/16)
  Of course the whole /16 sunnet is not used on a site, intead multiple VLAN's with a /24 subnet are used at each site. A VLAN for servers and clients.
  Now imagine you have an NLS in each server VLAN at each site. You configure RR for those NLS. If you query from a server next to an NLS, that NLS will be on top of the DNS query result. if you query from a client in another VLAN, the client will get
  random DNS results because the client has another network ID. This is because the default netmask used by netmask ordering is 255.255.255.0 (/24).
  If you change the netmask used by netmask ordering to 255.255.0.0 (/16) that will give you the nearest NLS on top.
  But not every customer uses a /16 subnet for each site. So, that's why it won't be usable for everybody.
  Ok, it is not an Enterprise solution and does not get the nobel prize, but what do you think?
  Boudewijn Plomp | BPMi Infrastructure & Security
  This posting is provided "AS IS" with no warranties, and confers no rights. Please remember, if you see a post that helped you please click "Vote as Helpful", and if it answered your question, please click "Mark as Answer".
  Ah, ok...sorry I assumed you knew that! Normally NMO needs to be 'tuned' to match the branch office subnets to get the expected/best results. That KB is pretty invaluable to setup it up properly. Like you say it does depend on customer having logical/consistent
  subnet boundaries definitions for it to work effectively though. I never said NMO was perfect :)
  Jason Jones | Security Consultant | Microsoft Consultant Services (MCS)

• Exchange 2013 CAS DNS Round robin Public DNS Record

  Dear All,
    If I am going to use DNS round robin as CAS redundancy. How should I map the public DNS record? Do I need to map 2 public IP for 2 CAS server to the mail domain? THanks
  Best Regards,
  Elroy

  Dear Elroy
  I am not sure about the success rate of your implementations but yes if it is round robin what you require you need add 2 ip addresses.
  Suggestion:
  Why don't you implement a CAS with a load balancer and then you can map the Public IP to the one IP on the Load Balancer.
  Good Luck.

• E2013 namespace, unbound and DNS round robin

  Hi,
  Just check Ross Smith's blog abuot
  namespace for E2013. He stated on "Figure 1" that VIPs per DAGs are behind single namespace "mail.contsoso.com" and clients reach those by DNS round robin. Anybody knows the answers for the questions:
  How clients find the other VIP1 if VIP2 is down, but client has got on the responce from the DNS with VIP2's IP?
  Do you need to have one IP per DAG? Would be it be possible to have one VIP only?
  Petri

  Hi,
  The re-connection is based on TTL value. You can look the following thread:
  https://social.technet.microsoft.com/Forums/exchange/en-US/8381c957-1189-4380-9e05-48f10ec15933/support-dns-roundrobin-for-exchange-2013-clients?forum=exchangesvravailabilityandisasterrecovery
  HLB can detect when a specific Client Access server has become unavailable and remove it from the set of servers that will handle inbound connections, but DNS round robin can't do this.
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Belinda Ma
  TechNet Community Support

• How to configurate Weblogic using DNS round robin?

            Thanks to Cameron for your reply.
            So if I cluster servers using DNS round robin,
            how can I configurate?
            Could you show me step by step please?
            Because I've tried to config it so many times.
            Thanks again.
            

            Thanks to Cameron for your reply.
            So if I cluster servers using DNS round robin,
            how can I configurate?
            Could you show me step by step please?
            Because I've tried to config it so many times.
            Thanks again.
            

• UCCE + EM + DNS (ROUND ROBIN)

  Hello guys,
  We have a client using UCCE + CVP with Extension Mobility, we are going to point the CUCM EM (Publisher + Subscriber) to a DNS Server, the redundancy worked fine at our lab, althought take at least 1 to 2 minutes to Extension Mobility comes back, however, we have not tested it in an enviroment with UCCE. Is there any problem using DNS with contact center?
  PS
  We know that the DNS is not recomended by Cisco, ACE should be used as a SLB and HA to EM, but as this is a POC cenario, we are testing other solutions.
  UCCE   8.5.(4)
  CVP     8.5(1)
  CUCM  8.5.1.14048-1

  It's ok to use DNS with UCCE.
  Sent from Cisco Technical Support iPhone App

• Can I stop having to change password after one wrong entry?

  It seems the requirement to change password for apple id is now 1 failed attempt..instead of being able to recover and use same password after answering security questions, I have to change passwords...this has become a pain.  Can this be changed?

  I just made to bad attempts at entering my password into the iTunes Store and got the request to update my password before proceeding. I clicked through the links for Apple to send me an email (vice using the security questions). I ignored the email and entered my correct password and downloaded the music I wanted. You do not actually have to change your password, just go through some of the motions to initiate the process and then you can stop.

• RDS 2012 Connection Broker and round robin DNS?

  Hi,
  I have a set-up with three session host servers and one of them is also a connection broker. Round robin DNS is configured for the three servers and the clients, who are all on our internal networks, can connect just fine to the farm name. My
  questions is, is there any point in having round robin configured since the connections still need to go through the CB? Could i just have one DNS-record for the farm name pointing to the CB? My initial though was that round robin would add
  redundancy, but does it realy? I've tried to find answers on this but none of the articles and posts i've found are realy clear to me.
  Quite often the initial connection for clients is slow and my theory is that it's caused by the RR DNS records.

  Hi,
  Thank you for posting in Windows Server Forum.
  I think we need to have DNS RR entries for our RDS environment because DNS RR will be used by RDP clients to connect to the RD Connection Broker servers. Once when we allowed the entries of all server to DNS RR, when there is alternate connection need to capture
  for following server it will provided by DNS RR. 
  During the connection process, the end nodes (RDVH, RDSH, RDWA) will get configured with all the RD Connection Broker server names, and they will randomly choose one to connect to. The RDP clients will use the DNS Round Robin name configured to connect to the
  RD Connection Broker servers randomly.
  More information.
  RD Connection Broker High Availability in Windows Server 2012
  http://blogs.msdn.com/b/rds/archive/2012/06/27/rd-connection-broker-high-availability-in-windows-server-2012.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Exchange 2013 CAS - Round Robin DNS not working properly

  I have exchange 2013 server (2MB, 2CAS) server. I created two dns records for mail.test.com, autodiscover.test.com pointing to my two CAS servers.
  But the problem is if i switched of one cas server, client outlook not connecting automatically to other CAS server. By restarting the outlook also its not working. By restarting the system or running the command ipconfig /flushdns in command prompt, it
  working.
  is there any configuration iam missing, please advice how to achieve decent load balancing in Exchange 2013 CAS without going for third party Loadbalancer...

  I have exchange 2013 server (2MB, 2CAS) server. I created two dns records for mail.test.com, autodiscover.test.com pointing to my two CAS servers.
  But the problem is if i switched of one cas server, client outlook not connecting automatically to other CAS server. By restarting the outlook also its not working. By restarting the system or running the command ipconfig /flushdns in command prompt, it
  working.
  is there any configuration iam missing, please advice how to achieve decent load balancing in Exchange 2013 CAS without going for third party Loadbalancer...
  If a CAS role server is down or unable to service clients, you have to remove it from  DNS round-robin consideration manually. There is no health check with DNS round-robin unlike a true load balancer.
  Also, I would set the TTL to a low value for the CAS servers in the round-robin.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• RD Web Access / RD Connection Broker - NLB/Round Robin or both?

  Hi
  Can someone point me to documentation that can assist with Infrastructure scaling and HA config of the RD Web Access/RD CB roles?
  We have a successful PoC consisting of RD Web and RD CB on a single server (no GW required as we're using UAG) and several hosts.  Now looking to port to production, thinking of scalability and HA.  Looking to serve 300-750 users.
  Thinking so far:
  RD Web Access role across 2 servers using NLB
  RD Connection Broker across 2 servers - (maybe same as Web Access machines?) But CB appears to operate using DNS Round robin.  (https://msfreaks.wordpress.com/2013/12/23/windows-2012-r2-remote-desktop-services-part-2/)?
  Can CB use NLB? 
  Which is preferred for the CB role, NLB or DNS round robin?
  Cheers
  Lea

  Thanks Amy, they're really useful links.  Why is it so hard to find these....or even an implementation/scaling guide for 2012?
  TP - you are my hero, thanks for answering so many of my posts :-)
  I was hoping RD Connection Brokers supported NLB as I've also read this is a far superior technology (see below). Here's my architecture thinking:
  1.  Install the CB role on two individual servers
  2.  Add NLB to the CBs
  3.  Follow
  here , here and thanks Amy
  here for SQL and HA mode (we run Full SQL on an independent server)
  Question(s):
  a.  If SQL is not using AlwaysOn and therefore an SPF, what are the consequences of SQL outage?  Does RDS fail completely?
  b.  If SQL is an SPF, is it worth enabling HA for CB presumably to gain load balancing?  This
  is a fascinating graph that would suggest little need based on latency for our farm of 20 or so hosts!  All servers are on VMware 5.5 therefore inherent redundancy.
  We may still choose HA but possibly for MS patching reasons such the farm (minus SQL server) can be patched without downtime...
  I found this NLB/RRDNS description useful also 
  Network Load Balancing is superior to other software solutions such as round robin DNS (RRDNS), which distributes
  workload among multiple servers but does not provide a mechanism for server availability. If a server within the host fails, RRDNS, unlike Network Load Balancing, will continue to send it work until a network administrator detects the failure and removes the
  server from the DNS address list. This results in service disruption for clients. Network Load Balancing also has advantages over other load balancing solutions—both hardware- and software-based—that introduce single points of failure or performance bottlenecks
  by using a centralized dispatcher. Because Network Load Balancing has no proprietary hardware requirements, any industry-standard compatible computer can be used. This provides significant cost savings when compared to proprietary hardware load balancing solutions.
  Thanks again
  Lea

• Round robin DNS for load balancing between multiple network adapters (Xserve)

  I'm attempting to use 'round robin' DNS to load balance between the two ethernet adapters of an Xserve.
  Both ethernet adapters are connected to the same LAN and have static IP addresses of 192.168.2.250 and 192.168.2.251.
  The DNS zone for the server's local domain/host (macserver.private) has a machine record with both IP addresses (set up in the Lion Server UI).
  Having read up on round robin DNS, I would have expected DNS requests for 'macserver.private' to be answered with the two IP addresses ordered at random, achiving my aim of requests being served at random via each ethernet adapter.
  However this doesn't seem to be the case. Doing a 'nslookup' from any of the network clients results in the two IP addresses being listed in the same order everytime. And pinging 'macserver.private' only ever results in a response from the same address.
  Does anyone know why this is the case? Does Lion Server use a non-standard DNS configuration? Are there any additional settings I need to configure in Lion's DNS server to make adopt a round robin approach to responding to requests?
  Thanks in advance for any help!

  Be careful what you wish for
  Round Robin DNS is rarely the best option for 'load balancing'. At the very least it's subject to caching at various point on the network - even at the client side, once the client looks up the address it will cache that response - this means that subsequent lookups may be served from the client's cache and not refer back to the server. Therfore any given client will always see the same address until the cache expires.
  I suspect this is what you're seeing.
  You can minimize this by setting a lower TTL on the records. This should result in the response being cached for a shorter period, meaning the client will make more requests to the server, with a higher change of using the 'other' address.
  However, you're also going to run into issues with the server having two interfaces/addresses in the same LAN. This isn't recommended.
  As Jonathon mentioned, you may be better off just bonding the two interfaces. This will provide an automatic level of dynamic load balancing without the latency of DNS caches, as well as automatic failover should one link fail (as opposed to round robin DNS which will cause 50% of requests to fail until the client cache expires and a new lookup is performed (and, even then, there's still a chance the client will try to use the failed link).

• Round-robin Load balancing doesn't work after one instance reboot

  Hi,
            We have two weblogic instances in a cluster. All Http requests are routed through the plug-in for load-balancing(round-robin). One instance in a cluster is shutdown for production maintenance. Now all requests are being forwarded to the second instance. When the first instance is started, only the new users are forwarded to the first instance. The requests from users already logged in are not forwarded to the first instance. Due to this the second instance is over-loaded.
            How to prevent this and make weblogic to distribute the load even after the server restart? This is a production problem and I highly appreciate your responses.
            Thanks,
            Prasad Dantuluri

  it worked when I removed the value entered in the "Unicast Broadcast Channel" and restarted the cluster. Don't know what is supposed to go in that field but hey.

• Change DNS host name automatically when one device is down

  Hi all
  I am first copying below the question which I have posted in a thread related to DNS few days back .
  You cannot vote on your own post                    
  Hi
  our network team has setup Bluecoat proxy server in our main office and DR site . We have configured GPO to populate the details of proxy server hostname in the proxy setting  eg : Proxy server .  IP1 is the IP address for the device in Head office
  and IP2 is the IP address assigned for device in DR site. currently  we have given a DNS entry as
  Proxyserver - IP1.
  So DNS resolves the IP address of device in Head office and authentication and internet access works.
  But we want to use the DR device  to be used automatically   (only )when head office device is not reachable. But how to configure the settings for DNS I am not sure.
  I don't want to use round robin as it will send the traffic to both head office and DR in a load balancing fashion .
  for this request I had received an advice to use a script to monitor the first device continuously and if not reachable  then change the Hostname in DNS to that of second device  .
  Let me know if anyone can help me on this.
  Thanks in advance
  Midhin 

  Hi Midhin,
  Agree with Jrv, I also recommend you can consult proxy vendor for a better solution.
  In addition, if you still want to update host name in DNS via Powershell, please refer to the script to update A record in DNS:
  $Zone = "dns zone"
  $oldobj = Get-DnsServerResourceRecord -ZoneName $Zone -RRType "A" -Name "hostname"
  $newobj = Get-DnsServerResourceRecord -ZoneName $Zone -RRType "A" -Name "hostname"
  $NewObj.RecordData.IPv4Address = "newipaddress"
  Set-DnsServerResourceRecord -NewInputObject $NewObj -OldInputObject $OldObj -ZoneName $Zone
  If there is anything else regarding the powershell script issue, please feel free to post back.
  Best Regards,
  Anna Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Sortlist - round robin - netmask ordering confusion

  I went through a crisis not long after splitting my Win2003 AD network into two VLANs, crisis documented at http://discussions.apple.com/thread.jspa?threadID=2361165
  In a nutshell, Windows DNS uses netmask ordering to resolve the "best" IP address to client queries based on their IP address. If a given host (on LAN) has more than one IP address on different VLAN/subnets, a query to a DNS server should give both IP answers, though only the one on the same subnet as the client is often accessible to that client. Thus, netmask ordering adds some intelligence to that process, overriding round-robin, and it works pretty well.
  Enter OS X Server using BIND, and set up a secondary zone to a Windows primary, and that all goes out the window. It seems OS X Server uses Round Robin by default. Though BIND is supposed to have similar functionality to Windows server's netmask ordering in a function called "sortlist," I can't figure out how to use that in OS X Server.
  Anyone ever mess with that?

  Camelot wrote:
  I'm not entirely sure I understand what you're asking. There is no concept in DNS of subnets - a host record maps to a network address (and vice versa), and subnets don't come into play.
  Unless what you're referring to is the ability of the name server to offer different replies based on the client's IP address…?
  If so, that is possible in BIND, via views, but there is no GUI support for multiple views in Server Admin (all zones exist in a single view served to all clients).
  If you want to offer different results to clients based on their address you'll need to implement a secondary view containing the zone data that should be visible to those clients. You'll also lose the ability to manage your DNS via the GUI. It's not that hard to do, but it does mean you'll typically be working in the shell to maintain your zone files.
  My nutshell approach was not clear, but you got the gist. But there is a concept of subnets implemented in Window server. I split our school network into two VLANs for security (keep students from even seeing admin servers) but needed to keep domain in Active Directory and our Windows servers. Thus, the domain controllers are multi-homed. School admin subnet is 172.16/16, student subnet is 172.20/16. Without netmask ordering or round robin enabled, Mac clients requesting internal DNS resolution would always get the 172.16.x.x address of the domain controllers, so they could not authenticate to the domain (the AD plugin apparently can only use the first IP returned in a query, it won't try others if unsuccessful). Netmask ordering enabled the DNS server to look at the IP of the DNS client and reply to queries with the IP which is in the client subnet first, then additional IPs, if any. The next bump I hit was that netmask ordering assumes a Class C subnet, not very well-documented, but a simple command fixed that, and it's worked excellent ever since-- until I tried designating a Mac server as a secondary and set some Mac clients to point to the Mac server for DNS resolution. They then get round-robin replies, so the ADplugin, which must make several DNS queries, gets confused. Research led me to sortlist, but whether it's that or "views" as you suggest, it's probably not something I want to jump into. I am going to give up on my Magic Triangle dreams and convert student and teachers to Open Directory over the summer, just create a new domain.
  P.S. technically, MS discourages having DCs multi-homed, but not having anything layer 3 to route between my new VLANs, it was my only option. In addition, the administrative file server I needed to keep away from student hacking is also the main Domain Controller (PDC emulator master), so adding routes to make the DC work across subnets would have defeated the security purpose. It's a smaller private school, limited resources. Thx.