Configuring multihomed servers
For multihomed DNS servers (that is, DNS servers with more than one IP address), you can configure the DNS Server service to selectively enable and bind only to IP addresses that you specify by using DNS Manager. This allows you to ensure that only servers and clients configured to use the specified IP addresses can successfully send queries to the DNS server. For proxy servers that are connected to the Internet, for example, you can use this to ensure that only clients on the internal network can access DNS data. By default, the DNS Server service binds to all IP interfaces that are configured for the computer. These interfaces can include the following:
- Any additional IP addresses that are
configured for a single network connection
- Individual IP addresses that are configured
for each separate connection where more than one network connection
is installed on the server
For multihomed DNS servers, you can restrict DNS support for selected IP addresses. When this feature is enabled, the DNS Server service listens for and answers only the DNS requests that are sent to the IP addresses that are specified on the Interface tab in the server properties.
When to specify interfaces
By default, the DNS Server service listens on all IP addresses and accepts all client requests that are sent to its default service ports (UDP 53 or TCP 53). If you do not want the DNS server to respond to requests received on certain addresses, for example if those addresses correspond to external interfaces, you can configure the DNS server to respond to requests received on only some of its interfaces.
Additional considerations for multihoming DNS servers
When you configure additional IP addresses and enable them to be used with a DNS server, consider the following:
- Additional system resources are consumed at
the server computer.
- Although DNS provides the means to configure
multiple IP addresses for use with any of your installed network
adapters, there is no performance benefit for doing so.
- Even if the DNS server is handling multiple
zones registered for Internet use, it is not necessary or required
by the Internet registration process to have different IP addresses
registered for each zone.
Given these considerations:
- Be aware that, when you add IP addresses for
use with DNS servers, each additional address might only slightly
increase server performance. In instances in which a large overall
number of IP addresses are enabled for use, server performance can
be degraded noticeably.
- In general, when you add network adapter
hardware to the server computer, assign only a single primary IP
address for each network connection.
- Whenever possible, remove nonessential IP
addresses from existing server TCP/IP configurations.
For more information about how to specify interfaces with the DNS Server service, see Restrict a DNS server to listen only on selected addresses.