0

I want to have some Windows computers point (map) to one server, and other Windows computers to point to another server - but using the same "FQDN".

Ideally, the routes should be based on subnet location of the Windows computer.

This can be achieved using a HOSTS file on each machine (as example below), but is there a way to do this in the infrastructure? Loadbalancer/DNS/IPTables? What is a good way of doing it?

Machine1: fakeaddress.domain.com realaddress1.domain.com

Machine2: fakeaddress.domain.com realaddress2.domain.com

I've found it difficult phrasing my question to get a good answer.

MrBeatnik
  • 83
  • 1
  • 1
  • 8

2 Answers2

1

I suppose you are talking about resolving names in zones you control (for which you run the authoritative nameservers), if that is not the case, then what follows do not apply.

Do your two sets of computers use the same recursive server for DNS queries? If not, the authoritative DNS server will see the different IPs (of the 2 separate recursive servers) and can change its reply based on that (for example with views in bind).

Also, if you control both the recursive and authoritative you can try to find out if they support Client Subnet in DNS Queries (RFC7871) in which case, even with only one recursive, it will send with its queries to the authoritative server an information on the client subnet, information from which the authoritative server could change its reply to accomodate the client "location".

Community
  • 1
Patrick Mevzek
  • 9,921
  • 7
  • 32
  • 43
  • Unfortunately they use the same DNS servers, and there is only one zone. – MrBeatnik Feb 22 '17 at 10:20
  • Then, since the authoritative nameserver will see the recursive name server IP address (and not the client ones), I fail to see how it can reply differently. Except with the Client Subnet in DNS Queries EDNS extension. – Patrick Mevzek Feb 22 '17 at 23:13
0

I think what you might be looking for is called subnet prioritization. It's a feature that depends on the client and as far as I know only available on Windows operating systems. In short: it makes a client prefer the entry in a DNS record which is directly connected to the same network segment as the client.

If not, can you clarify what you are trying to achieve and why?

Vincent De Baere
  • 1,793
  • 10
  • 10
  • Unfortunately the clients are not on the same subnet as the server. Effectively we are two physical sites, but we have a super high speed link between sites, and so it has been configured as 1 site in DNS/AD/etc. However I need virtual clients to connect to a specific server on one site. The virtual clients on both sites come from a single "golden master" and therefore have a hardcoded "FQDN" or IP for the server they need to communicate with, but we don't want cross site traffic - they need to stay within their own site. Hosts file can do it with a script at VM build time, but was curious. – MrBeatnik Feb 22 '17 at 10:22