Announcement

Collapse
No announcement yet.

NLB on domain controllers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NLB on domain controllers

    Greetings!

    After having a lot of troubles because of systems administrators' laziness to update the lists of DNS servers on their machines, we've decided to create a dedicated IP address for all the clients, and put all DNS servers (which are also domain controllers) under this single IP.

    I came up with the idea of building an NLB cluster for DNS services. The problem is: when I activate NLB on one of the nodes, this node registers its name with NLB clusters address. I then disabled the option "Register this connection addres etc..."on the active network connection, but it still registers the shared IP address. Of course, it immediately influences AD services, so I had to roll back.

    The NLB'ed DNS itself works correctly. Any ideas why do DC keep registering their NLB address?..

  • #2
    Re: NLB on domain controllers

    What do you think to achieve with this???
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: NLB on domain controllers

      To make changes in DNS servers' addresses transparent to network clients.

      Comment


      • #4
        Re: NLB on domain controllers

        Eugh... you really shouldn't do something as bizarre as NLB on a DC because some jackass admins aren't doing things the right way.

        Comment


        • #5
          Re: NLB on domain controllers

          Is there a reason why you don't have dynamic updating setup on the DNS servers? What are your DNS servers?

          Comment


          • #6
            Re: NLB on domain controllers

            Originally posted by Garen View Post
            Eugh... you really shouldn't do something as bizarre as NLB on a DC because some jackass admins aren't doing things the right way.
            I thought about something similar....
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: NLB on domain controllers

              Originally posted by Dumber View Post
              I thought about something similar....
              It would be interesting how an NLB would cope with the FSMO roles. I dread to think.

              Comment


              • #8
                Re: NLB on domain controllers

                Yeah but I can't find an article where it states that NLB on DC's are unsupported configurations.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: NLB on domain controllers

                  If the DNS registration would have worked as it was planned, it would not affect FSMO roles. Not to mention that everything worked just as good as it should, until DCs started registering NLB shared address to their names. Then the Directory logs on DCs showed errors connecting to another DCs, like "\\dc1.one.one cannot be contacted". Sure it can't, because DNS returns an NLB address.

                  All the NLBs we have on other systems register their IP addresses correctly, so I think it has something to do with DC elevated permissions.

                  Comment

                  Working...
                  X