Logo

DNS Round Robin and Netmask Ordering

This video will look at two DNS features, DNS round robin and netmask ordering. These features allow for simple load balancing and also provide a method for directing a user to local resources rather than remote resources

Show lesson content
Round Robin
On a DNS server it is possible to create multiple host records with the same name. In this example, 3 DNS records have been created with the host name of WWW. These DNS host records have the IP Address of SRV1, SRV2 and SRV3. With Round Robin enabled on a DNS server, when multiple DNS records exist with the same name, the DNS Server will cycle through the available DNS records on the DNS server. So the first workstation to request a DNS record of WWW may get the DNS record with the IP Address for SRV1 in it. The second workstation will get the DNS record with the IP Address of SRV2 in it and the 3rd workstation will get the DNS record with the IP Address of SRV3. When the 4th workstation requests the DNS records, the DNS server will simply loop back to the first DNS record or, in other words, it will simply cycle through the available DNS records in the DNS server. Round Robin can be used with simple load balancing. As shown, a third of the requests will go to each server in this example. However, the DNS server does not take into account the load on any of the servers when making this decision. The DNS server also does not consider where the user is located in relation to the server that they are accessing. The user could be accessing a server on the other side of the world rather than a local server.

Netmask Ordering
If Netmask ordering is enabled on a DNS server, the DNS server will look at the IP Address of the client that is performing the DNS query. When multiple DNS records exist on the same host name, the DNS server will respond back with a host name that is in the same network as the client when possible. In some cases there may be multiple DNS records in the same network as the client. If round robin is also enabled, the DNS records will be cycled through that are on that network.

Demonstration
This demonstration will look at how to enable and disabled round robin and netmask ordering as well as how to create DNS records to use with round robin and netmask ordering.

1. To make changes to the DNS server settings for round robin and netmask ordering, open server manager and from the tools menu select the option DNS. When DNS Manager opens, it may prompt you for the DNS server to manage. If it does not or you want to manage a different DNS server later, right click on DNS at the top and select the option “Connect to DNS server”.

2. To create a new host record in DNS, right click on the zone that you want to create the DNS record in and select the option “New Host (A or AAAA)”. To create a second, third, etc. DNS record of the same name keep repeating the procedure using the same name. CName cannot be used for only round robin records. This means that if the IP Address of the host were to change, you would need to change the IP Address in the DNS record. In this example, the following DNS records were created. WWW with IP Address 192.168.2.30, www with IP Address 192.168.2.31 and www with IP Address 192.168.3.5.

3. To configure the DNS server settings, Right click on the DNS server name in DNS manager and select the option properties. In the properties, select the tab advanced. By default the options “Enable Round Robin” and “Enable Netmask Ordering” are enabled. To enabled or disable these settings is a matter of ticking or clearing the tick box.

Demonstration NSLookup
NSLookup refers to name server lookup and is a tool provided in Windows and Linux to query DNS servers. In this case it is used to look at what DNS records are being returned when www is queried.

1. Open a command prompt by right clicking on the start menu and selecting the option command prompt.

2. From the command prompt run “NSLookup www”. This will return all the DNS host names that match www. If you run the command multiple times in a row, the records will be returned depending on the robin robin and netmask ordering settings configured on the DNS server.

3. If you have an IPv6 setting configured on the workstation you are running NSLookup on, NSLookup will contact the DNS server using that IPv6 address. This means that netmask ordering will not work since the address of the client will be IPv6. If you want to test only IPv4 addresses, you can run NSLookup with the IPv4 address of the DNS server, for example run “NSLookup www 192.1682.2”

Demonstration
Netmask ordering uses a setting on the DNS server to determine if the IP Address of the client is in a local or remote network. This can be changed using the command DNSCMD.

1. To set the subnet mask that DNS will use with netmask ordering running the command “DNSCMD NYDC1 /Config /LocalNetPriorityNetwork 0x000000ff”. The last part of command determines the subnet to be used for example 255.255.255.0 0x000000ff, 255.255.0.0 0x0000ffff and 255.0.0.0 0x00ffffff

Demonstration IPv6
If you have IPv6 addresses in the DNS server the DNS server settings work differently than with just IPv4 records.

1. To create IPv6 records, right click on the zone and select “New Host (A or AAAA)”. Enter in the name www and then enter in the IPv6 address.

2. If you run “NSLookup www” this will return the IPv6 DNS records and then the IPv4 DNS records. With round robin enabled, the DNS records will cycle through as expected, however if a ping command is run you will find the workstation will always contact a local DNS server regardless of whether the option netmask ordering is enabled or disabled. The decision of which server to contact is made by the client and a local server will always be contacted over a remote server. So effectively when IPv6 is used the netmask ordering setting on the server is ignored.

3. If you have multiple IPv6 host records on the same network and round robin is enabled, the client will cycle through the local host records as expected. That is, the round robin settings work with IPv6 and works the same way with IPv6 addresses as it does with IPv4 addresses.

Summary Client IPv4 to IPv4
Using IPv4 addresses for the workstation and host records on the DNS server the following will occur.

If round robin is enabled and netmask ordering is disabled, the DNS server will cycle through all the host’s entries regardless of which networks the host records are located.

If round robin and netmask ordering are enabled, the DNS server will cycle through when possible the host records that are on the same network as the client. If only 1 host record is available on the same network, than that host record will always be returned. If multiple DNS records are on that DNS server, these DNS records will be cycled through.

If you are using round robin, make sure the netmask that it is using is correct for that network running the command “DNSCMD (server) /Config /LocalNetPriorityNetMask (Mask in Hex)”.

Summary Client IPv6 to IPv4
If the workstation uses an IPv6 address to contact a DNS server, and if IPv4 host records are being used, this will break netmask ordering. Since the DNS server uses the client’s IP address to work out if it is on the local network or not, it does not have this information to decide which IP Address to return. In order for it to work, the client needs to connect to the DNS server using an IPv4 address.

Round robin will still work as expected.

Summary Client IPv6 to IPv6
When the workstation is using IPv6 and the DNS server has IPv6 host names, netmask ordering is performed by the client. This effectively means that the DNS server setting is ignored. Round robin still works as expected.

References
“DNS Round Robin and Destination IP address selection” http://blogs.technet.com/b/networking/archive/2009/04/17/dns-round-robin-and-destination-ip-address-selection.aspx
“Description of the netmask ordering feature and the round robin feature in Windows Server 2003 DNS” http://support.microsoft.com/kb/842197

Credits

Lesson tags: 70-640-active-directory
Back to: 70-640 Introduction to Active Directory > DNS

Active Directory is a system which offers centralized control of your computers.

Modules

Active Directory Infrastructure

Lessons

Group Policy

Lessons