We have 3 sites in our organization.
Site A: 192.168.59.0/24, Site B: 192.168.60.0/24, Site C: 192.168.70.0/24
Site A and B are in the same Geographical Location and connected by a 1GBit connection. Site C is connected over a 1MBit WAN link in another geographical location.
Site A has 1 DC with WSUS installed. Site B has 2 DC, 1 DC has WSUS installed. Site C has 1 DC with WSUS installed.
All servers are 2008 R2 servers. The WSUS server in site A is the Master WSUS server, and the two servers in Site B and Site C are replicas.
I have set up DNS round robin and netmask ordering for the WSUS servers, which is working fine. All the clients in their respective sites / subnets are contacting the appropriate WSUS server for the site / subnet.
The issue is with the server themselves. The WSUS server in Site C sometimes contacts the WSUS server in Site A or B. This means downloading updates over a 1Mbit WAN link, rather than from itself! The same happens with the other two WSUS servers in the other sites, and the 1 DC without WSUS. Only the domain controllers are contacting WSUS servers outside their subnet, not other servers that have statically assigned addresses. (e.g. SQL...).
AD sites and services has been configured correctly i.e. appropriate subnets configured and assigned to the appropriate site. The correct servers are showing in the appropriate sites.
IPv6 is enabled in our environment. Is the issue related to the fact the servers are looking in DNS via IPv6? If so, how do I create the appropriate AAAA record for WSUS in DNS? And why is it just the domain controllers that this is occurring?