DNS - preffered ethernet connection over Wi-Fi?

Tonito Dux 956 Reputation points
2021-10-13T06:32:47.687+00:00

Hi,

I have a situation with Veeam Backup where machines only respond / do backup if there are in a subnet which corresponds to our Ethernet connected machines. Wi-Fi has another subnet. In DNS manager we always see the laptops for example are shown to be in this Wi-Fi network but the fact is that all of the laptops are connected with ethernet cable over the dockingstation. How do I force the clients to report to DNS manger with ethernet connection subnet? I was thinking that I will need to adjust the metric over GPO somehow like in the screenshot here:

140049-metric.jpg

Is there another way from DNS manager directly?

Appreciate the answers.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,023 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Reynolds 9,391 Reputation points
    2021-10-14T10:43:26.407+00:00

    Hi @Tonito Dux

    The metric will not fix the issue, this is used to define the routing table order, so the LAN interface take prescedence over the WiFi are both are connected.

    There are number of reasons why a clients might not be registering the IP address of their connection. First I would check that the register this connection option is enabled on all the network cards. This is causes the OS to send an DNS update command to the DNS server.

    140500-register-connection.png

    Check that the DHCP to providing the same DNS server on both LAN and WiFi connections.

    Also check the configuration the forward DNS zone to ensure that it has updates enabled and set to either 'secure only', or 'non-secure or secure'

    140547-zone-properties.png

    From a workstation that has the wifi IP address in DNS, connect it to the LAN and run the following command: 

    ipconfig /registerdns

    This is will force the network to register it IP address with DNS. Check if the DNS entry is updated, if not delete the record in DNS and run the command again, and see if the record is created.

    Gary.

    1 person found this answer helpful.
    0 comments
  2. Limitless Technology 39,376 Reputation points
    2021-10-13T09:13:30.15+00:00

    Hi there,

    The DNS server will respond to the query in a round-robin fashion if the DC has multiple NICs registered in DNS. The DNS will serve the client with all the records available for that DC. To prevent this issue, we need to make sure the unwanted NIC address isn't registered in DNS.

    Steps to avoid registering unwanted NICs in DNS on a multihomed domain controller
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/unwanted-nic-registered-dns-mulithomed-dc

    ------------------------------------------------------------------------------------------------------------------------------------

    If the reply is helpful, please Upvote and Accept it as an answer

  3. Tonito Dux 956 Reputation points
    2021-10-16T07:11:52.607+00:00

    Hi Gary,

    thank you for your answer. This seems like a good suggestion to try out, but I have one question. If the laptops are outside of the company, and they connect over VPN which gives them the 3.0 subnet, and company Wi-Fi subnet is 4.0 - what happens then? Will they be registered assuming they connect over a Wi-Fi connection? What could be the possible ramification, not sure.

    Dynamic updates was always set to "Secure only", but another thing I have to share is that our aging/scavenging is set to 1 day on both settings, this was set on purpose but I am not sure if this is helping or dragging some other issues along with it. Our dyn. DNS update credentials were not set on all DCs for over a year now, I manage to see this issue but I am still receiving receiving " error 9005 (DNS operation refused.)". I have lots of things to try out and bring this DNS infrastructure to work flawlessly. I will report back here but it will take a while.

    Cheers

    0 comments
  4. Gary Reynolds 9,391 Reputation points
    2021-10-16T23:04:57.03+00:00

    Hi @Tonito Dux

    You have a couple of things in the mix here, and you might need to break each one down to determine how things are currently work, but more importantly I think you need to define what good looks like.

    I'm assuming the primary objective here are the backups. Based on this I think you need to define what are your requirements for backups, in terms of frequency, scope, valid connection, etc. This will provide a starting point to test from and confirm that the backup solution, network configuration, mode of use can meet these requirements, or you need to change the requirements\expectation to align with the current solution and configuration.

    A couple of things to consider:

    Transport medium for the backup: do you want to backup machines over the LAN, WiFi, or VPN connections, LAN is best as it provides a reliable two way connection and typically can handle the additional bandwidth of the backup traffic. Wifi is typically best for client initiated traffic, and due power saving features, it can be unreliable for server initiated traffic, also wifi has limited shared bandwidth, so using it for backup traffic could significantly impact the usability for other users, i.e. if you have a client at the limits of AP range, and the client is using a low encoding method and this will consume more bandwidth, and increase backup time. VPN, has a different set of limitation, the user's internet connection and fixed bandwidth of the VPN terminator, software capability. The scope of the backups, frequency, number of users will be factors in deciding which transports will be supported, or limitation will be understood.

    Both I and LimitlessTechnology-2700 have suggested way to force or limit which network card in the clients are registering their IP address, two different approaches, but you need to define your requirements to decide which approach is correct, i.e. if backups are only to be completed on the LAN, stop the wifi card from registering, or both cards register if both transports are supported. Note: to answer your other question: You only need to do LimitlessTechnology-2700 suggestion on the DCs if you have multiple NICs in the DCs, if you only have single NICs please ignore, or your DC will not be discoverable.

    DNS updates, this is a big one, and is probably the root cause of your problem. There are two options here, let the clients manage their own registrations, or central manage them from the DHCP server. It sounds like you might have a bit of both at the moment. The suggestion here is understand how all these components work together, there are few and its not immediately obvious how they interact, and then test to confirm your understanding is correct. Here are few article to get you started 51810.windows-server-integration-between-dns-and-dhcp.aspx, dd145315(v=ws.10), dd334715(v=ws.10), configure-dns-dynamic-updates-windows-server-2003, and 21724.how-dns-aging-and-scavenging-works.aspx

    Once you have stable name resolution, you can look at the backup and if your requirements can be supported by the various network transport type, and if you limit or change the scope of the backups.

    I hope that helps.

    Gary.

    0 comments