Configuring multihomed servers
For multihomed DNS servers (that is, DNS servers with more than one IP address), you can configure the DNS Server service to selectively enable and bind only to IP addresses that you specify by using DNS Manager. This allows you to ensure that only servers and clients configured to use the specified IP addresses can successfully send queries to the DNS server. For proxy servers that are connected to the Internet, for example, you can use this to ensure that only clients on the internal network can access DNS data. By default, the DNS Server service binds to all IP interfaces that are configured for the computer. These interfaces can include the following:
-
Any additional IP addresses that are configured for a single network connection
-
Individual IP addresses that are configured for each separate connection where more than one network connection is installed on the server
For multihomed DNS servers, you can restrict DNS support for selected IP addresses. When this feature is enabled, the DNS Server service listens for and answers only the DNS requests that are sent to the IP addresses that are specified on the Interface tab in the server properties.
When to specify interfaces
By default, the DNS Server service listens on all IP addresses and accepts all client requests that are sent to its default service ports (UDP 53 or TCP 53). If you do not want the DNS server to respond to requests received on certain addresses, for example if those addresses correspond to external interfaces, you can configure the DNS server to respond to requests received on only some of its interfaces.
Additional considerations for multihoming DNS servers
When you configure additional IP addresses and enable them to be used with a DNS server, consider the following:
-
Additional system resources are consumed at the server computer.
-
Although DNS provides the means to configure multiple IP addresses for use with any of your installed network adapters, there is no performance benefit for doing so.
-
Even if the DNS server is handling multiple zones registered for Internet use, it is not necessary or required by the Internet registration process to have different IP addresses registered for each zone.
Given these considerations:
-
Be aware that, when you add IP addresses for use with DNS servers, each additional address might only slightly increase server performance. In instances in which a large overall number of IP addresses are enabled for use, server performance can be degraded noticeably.
-
In general, when you add network adapter hardware to the server computer, assign only a single primary IP address for each network connection.
-
Whenever possible, remove nonessential IP addresses from existing server TCP/IP configurations.
Note | |
For more information about how to specify interfaces with the DNS Server service, see Restrict a DNS server to listen only on selected addresses. |