Monday, January 26, 2009

How to Disable Subnet Prioritization

Windows uses a scheme called "subnet prioritization" to attempt to reduce network traffic by re-ordering DNS round-robin records so that the records that are "closest" to the host are the only records used.

For example, suppose there are three A records for the same name in DNS, appserver.domain.com. One with IP 10.0.8.100, one with 10.0.15.100, and one with 10.0.26.100.


If a Windows client with the IPv4 address of 10.0.15.20 performs a DNS query for appserver.domain.com, subnet prioritization will re-order the IP addresses so that it will always use the 10.0.15.100 address.


Subnet prioritization is enabled by default in both the Windows DNS server and the DNS client.


DNS server subnet prioritization (AKA, netmask ordering) can be demonstrated using the Windows NSLOOKUP command. Repeated lookups of appserver.domain.com from the client always give the same results:


C:\nslookup appserver.domain.com
Server: dns.domain.com
Address: 10.1.1.10

Name: appserver.domain.com
Addresses: 10.0.15.100, 10.0.8.100, 10.0.26.100


Here, the DNS server is reordering the IP addresses, based on the requestor's IP address. If true DNS round-robin is working, the records would rotate in a (A, B, C), (B, C, A), (C, A, B) fashion. Subnet prioritization obviously throws a wrench in round-robin DNS if you're using that as your load balancing or fault tolerance solution.



To disable subnet prioritization on DNS servers:
  • Open the DNS Management console

  • Navigate to the DNS server and open its properties

  • Click the Advanced tab

  • Uncheck Enable netmask ordering and check Enable round robin

  • Click OK

But this only solves half the problem because the Windows client will reorder the DNS results, too. Repeated nslookups will now show that the IP address for appserver.domain.com is rotating correctly, but pinging appserver.domain.com from the client will still always resolve to 10.0.15.100. You must still disable subnet prioritization on the client.

To disable subnet prioritization on Windows DNS clients:

  • Run Regedit

  • Navigate to HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

  • Click Edit > New > DWORD Value

  • Name the new value PrioritizeRecordData (its value data will be 0)

  • Close Regedit

Note: Both of these changes go into effect immediately. There is no need to restart services or the computers.


6:14 PM