From LedHed's Wiki
Jump to: navigation, search

Overview

DNS Netmask Ordering will cause a DNS server to return an A Record who's IP is within the same network as the client who requested it.


How it works

Netmask ordering is handy if you want to have 3 servers in different geographical areas, but want them to have the same name. Netmask Ordering will cause the client to access the server that is closest to it. Take for example an update server (updates.ledhed.net). You can host that server at 3 different sites (A =10.1.1.1, B=10.1.2.1, C=10.1.3.1), a client at site B with an IP address of 10.1.2.69 who does an NSLookup for updates.ledhed.net would get 10.1.2.1 as the response.


MS Catch 22

In Server 2012 and above, Netmask Ordering and Round Robin are enabled by default. In this case RR takes president and basically nullifies Netmask ordering. MS also set Netmask Ordering to scope to a Class C network which is a rather small subnet. Fortunately you can change this by running:

Dnscmd /Config /LocalNetPriorityNetMask <INV_MASK_HEX>

Where <INV_MASK_HEX> is:
Class A: 255.0.0.0 (/8) = 0x00ffffff
Class B: 255.255.0.0 (/16) = 0x0000ffff

You can math it out for other sized subnets. Each 2 zeros after the 0x represent an octet. If you remember your network binary conversion a /24 (or 255.255.255.0) address would be 11111111.11111111.11111111.00000000. MS wants the inverse (00000000.00000000.00000000.11111111) which is 00.00.00.ff in hex. So the inverse hex netmask for /24 would be 0x000000ff. You can google hex, but it basically goes like this 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f where 0=0 and f=15. 15 in binary = 1111 so ff = 1111 1111 or eight 1's, eight 1's in binary = 255. How does eight 1's equate to 255. Ughh I knew you'd ask.
Imagine 8 slots: 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1
1=true, 0=false
If you put a 1 in each slot and then sum the numbers marked true (1's) then thats 128+64+32+16+8+4+2+1=255.

Take another number like 97
In Binary it looks like this:

        64  +  32                         +  1  = 97
| 128 | 64  |  32 |  16 |  8  |  4  |  2  |  1  |
-------------------------------------------------
|  0  |  1  |   1 |   0 |  0  |  0  |  0  |  1  |


In Hex it looks like this:

      4 + 2     =6                 1 =1
| 8 | 4 | 2 | 1 |    | 8 | 4 | 2 | 1 |
-----------------    -----------------
| 0 | 1 | 1 | 0 |    | 0 | 0 | 0 | 1 |


So 97 (Decimal) is 0x61 (Hex) is 01100001 (Binary)

Was that confusing? If so you should probably seek better examples on the internet. ;)


Conclusion

Umm, that took a bit of a tangent. However the point of this article is that you can disable RR and use Netmask Ordering to access network services that are closest to you, but you may have to alter the default 'LocalNetPriorityNetMask' to suit your network topology.


Reference

https://support.microsoft.com/en-us/help/842197/description-of-the-netmask-ordering-feature-and-the-round-robin-featur