We use CXOne CaaS phone system which then assigns an RTC server to our logged in agents based on where the DNS is being queried from.
Our primary DC sits in France, and we have a local RODC which goes back to the primary DC to get the DNS queries, but this is forcing the Caas Solution to pick up france servers for routing.
Is there no way to make it to do Australian queries, without manually adding in DNS records?
Tried:
host file manually changing each DNS is not ideal, as I.P could change from provider
Related
As a training purpose for school I would like to install an Active Directory with an external DNS.
Serveur A : WS2k16 - Role: DNS
Serveur B : WS2k16 - Role: ADS
Is it possible to do it this way?
Thanks in advance for your help
Hosting DNS somewhere other than a domain controller (DC) is a valid configuration - one that is not uncommon in large enterprise environments. I often use ISC BIND to provide DNS for our Active Directory environment, and I've occasionally used stand-alone Windows DNS servers to host the DNS service. You lose some of the "magic" that Microsoft has added to their AD/DNS integration (e.g. AD-integrated DNS has hostnames replicated to all domain controllers for redundancy), but both DNS and AD function properly.
Provided the DC can made dynamic updates in the appropriate zones (e.g. _msdcs.domain.ccTLD), all of the host records AD needs get set up for you when you're using an external DNS server.
Even if the zones are not set up to allow the DC to make dynamic updates, the DC has a file in %systemroot%\system32\config\netlogon.dns which contains the records that need to be manually created. Clients won't be able to use the domain until the DNS records are manually created, you've got the potential for something to change on the DC and require a manual update, and IIRC there are event log entries on the DC every reboot complaining about the failure to auto-register records. The configuration is not ideal, but it does work.
Using netlogon file solved the problem, many thanks.
I can now register new computers on the ADS.
Anyway the ne computer are not inserted in the DNS entries, any clue how to solve it?
I have a webapplication in multiple Regions in the Azure Cloud and i'm using the Traffic Manager in Performance mode zu redirect the user to the closest Region.
What's concerning me is the following:
With this site https://www.whatsmydns.net i checked my Webapplication to see, which Datacenter is selected.
The funny thing is, that people from California gets redirected to the server in Westeurope but there is a Server in US Central too.
So from the site of the traffic manager the ping to the europe server is faster then to US central.
But i believe, that the difference between these too can not be high...
Now i have the fear, that it can happen that a user jumps between US Central and Europe all the time because he is in such a zone where the latencies to the available servers are nearly identical.
I also store files in a Azure Storage account in each region. If the user now jumps, i would have to transfer these files between the regions all the time...
So i was wondering if there is a possibility to redirect the user by his GEOIp to a specific region than by latency?
One of the benefit of the traffic manager is in my eyes that i can use one domain for all regions...
the only solution for my problem i can think of is a own cloudservice which replaces the traffic manager and redirects the user to the different regions by their IP like us-center.DOMAIN.com, we-eu.DOMAIN.com etc...
Are there any other solutions?
Thanks for your help!
Br,
metabolic
If you believe Traffic Manager is routing queries incorrectly, that should be raised with Azure Support.
Traffic Manager 'Performance' mode routing is based on an internal 'IP address to Azure data center latency map. The source IP of the DNS query (which is typically the IP of your DNS server) is looked up in the map to determine which Azure location will offer the best performance. There is an implicit assumption that the IP address of the DNS server is a good proxy for the location of the end user.
The 'Performance' mode in Azure Traffic Manager is deterministic. Identical queries from the same address will be routed consistently. The only exception is that routing may change during occasional map updates, which affect only a small %age of the IP address space.
A more common cause of routing changes is customers moving from place to place. For example, during travel, or simply by picking up a Wifi network that uses a DNS service in a different location, with a different IP address.
A Geo-IP based routing is not currently supported by Traffic Manager. However, please note that it would work in the same way as the 'performance' routing, just that it would use a different map. Users could still be routed to different locations as a result of map updates or changing DNS servers.
As you describe, if your application requires a strong, un-violable association between a user and a region, one option is re-direct users at the application level (e.g. via HTTP 302).
I need to assign a secondary IP for a subdomain to redirect into. This is in case a first IP is not working.
Does creating multiple A records with the same name allow the browser to cycle through them in case one of them is not working?
Multiple A records associated with a domain are in fact the basis of DNS round robin load balancing.
However, do not confuse this with automatic failover. If one of the IP addresses is not working, then the browser(which is a client) would not automatically retry the others.
So which IP would a browser use? Well, the nameservers return the A records in different order at different times, to a querying client. Typically, the client just uses the first A record value that it gets. Further, the client would not query again until the TTL expires for that A record. All this querying of the nameservers, and caching until TTL is managed by a component called stub resolver, which works on request from browser.
Suppose registrar's Names server goes down, then my website will not available.
For sure they have a second name server.
But I will not rely on that one (in case of an serious outage at the registrar)
I'm not able to configure a second name server outsite of the registrar.
So I was thinking: will increase the TTL to let's say 24 hours decrease the dependency of the availability of the name server?
So, if the outage is less than 24 hours, and the TTL is 24 hours, will my website be available despite the name server outage?
How requests to your site actually work:
Your site is just an IP
Your site has a domain name - a sugar which helps users to remember it
When a program wants to access your site by domain name - it does a system call to OS: gethostbyname which returns an IP address of the site and then program continues.
OS has a DNS cache - which means that it queries nameservers only when cache is expired.
OS queries not nameservers of your site, but nameservers which are preconfigured by provider (if user didnt override the setting).
Provider checks its cache and if it is expired/not exists - queries root servers
Root servers check their cache and if if it is expired/not exists - query domain zone servers
Domain zone servers contain info about the site (because it is registered in them) and if site IP is not cached in them - they query its nameserver and get the IP
Soo.. in all steps between 3-8 your site ip address is getting cached and it all depends on cache ttl on all those servers and when the site was accessed last time on them.
To answer your question - TTL of 24h increases availability but not significantly.
We build a set of virtual appliances used throughout the company. The networking on the VM is set to NAT to prevent external DNS records from being created, unfortunately at least once a month someone switches it to bridged so other people can connect.
The problem with this is they all have the same hostname, as soon as the external DNS record is created everyone is routed to this new address causing issues until we track down the culprit and change it back to NAT or change the hostname.
Is there a method in a 2008 R2 AD environment to blacklist a hostname and prevent a DNS record from being created? DNS is configured so a record can be created by anyone with a network device which makes it messy. Adding an A record pointing to 127.0.0.1 won't work as people work with the VM from outside it with a client.
This is a multi-domain environment and the root domain has DNS restricted, if there's a way to force the VM to request a DNS record in that space that could work.
Edit: To clarify, the DNS record is created via DHCP
Create static host records for those required, then set the permissions to them to deny writes. That should prevent them from being updated.