I'm exploring the idea of using DNS split-horizon (or split-brain) to manage a dual-homed domain controller (DC), which I know isn't the best setup. I'm trying to figure out if I can create a zone scope for a specific management IP range while keeping the default scope for the other systems. Would that help ensure that machines get the correct DNS responses when they're getting replies from both DC addresses? The issue I'm facing is that when I ping the DC, I sometimes get an address from network 1 and sometimes from network 2 due to the DC having two host records with the same name. I'm considering options like implementing split-brain, modifying host files on clients, or renaming the DC host record for the other network.
1 Answer
It's actually best if your DC only has one IP interface. You can still access it from multiple networks without needing two physical connections. Just set up routing between the networks, and if security is a concern, use a firewall to enforce rules for proper access to the DC. That way, both networks can reach your domain controller without all the complexity of dual homing.
Got it! Unfortunately, I can't change the setup much, so I'm looking for possible workarounds since the dual NICs are already in place.