Windows 2003 SP1 AD DC DNS fails to resolve multihomed A record using Forwarder

---

• From: "Imhotep, The Mummy" <the.rajinator@xxxxxxxxx>
• Date: 21 Feb 2007 17:25:02 -0800

---

Has anyone seen this problem?

A Windows 2003 DNS server fails to resolve a hostname when only one of
its Forwarders is down. We have multiple forwarders listed and only
one was unavailable (the top one in the list). Isn't Windows 2003
supposed to use the next in the list??? (We have not disabled
recursion, the time-out is 5s).

Note that the hostname that we were attempting to resolve has multiple
IP addresses listed in DNS so that we can use round robin; and the
hostname was in the zone hosted by the Forwarders.

More details:
We have a single Windows 2003 domain/tree/forest, say
corp.ourcompany.com. We have many DCs.

The corp.ourcompany.com DNS zone is delegated to several of our DCs.

The ourcompany.com DNS zone is hosted on our Unix BIND 9.2.2 DNS
servers. These servers also forward queries to the ISP DNS servers.

The "Forwarders" tab on the Windows DNS servers lists a few of the
Unix BIND servers. We do not use Conditional Forwarding. (Recursion
is not disabled, 5s time-out.)

Workstations in our domain use the Windows DNS servers for name
resolution.

This morning many of our users complained about not being able to
connect to a hostname, say host1.ourcompany.com (note that this is
owned by the Forwarders).

Upon further investigation the named daemon on the *first* Forwarder
on the list was not running. The BIND server was pingable but named
was not running at all (configuration error - the daemon hadn't been
started after a reboot).

All the other BIND servers in the Forwarders list were running and
were able to resolve host1.ourcompany.com.

Other hostnames eg Internet hostnames and other hostnames in the
ourcompany.com zone were resolvable. (We would have had 1 million
'phone calls if nobody could surf the Web!)

The only thing maybe special about this scenario is that
host1.ourcompany.com has multiple IP addresses (the ourcompany.com
BIND Unix servers use round robin to distribute load).

.

---

• Follow-Ups:
  • Re: Windows 2003 SP1 AD DC DNS fails to resolve multihomed A record using Forwarder
    • From: Kevin D. Goodknecht Sr. [MVP]

• Prev by Date: DNS does not work!
• Next by Date: Re: YO ADRIAN, I DID IT!
• Previous by thread: DNS does not work!
• Next by thread: Re: Windows 2003 SP1 AD DC DNS fails to resolve multihomed A record using Forwarder
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Need help with DNS design and settings ... about forest root and tree root domains. ... The name servers box is usually populated automatically (at least I ... thought so) with the DNS servers you have the AD integrated zones on. ... > forwarders for internet queries, I put the address of my 2 external DNS ... (microsoft.public.win2000.dns) Re: Need help with DNS design and settings ... we often point all servers at the ... provided all DNS servers have a consistent copy of the zone. ... Name server box is only the servers authoritative for that zone. ... >>> forwarders for internet queries, I put the address of my 2 external DNS ... (microsoft.public.win2000.dns) Re: DNS + Forwarders ... ADI zones, if all servers hold all the same zones, should be identical. ... Every site with a local Internet connection could have a forwarder to the ... Unfortunaly I don't know why some of the servers have "enable forwarders" ... The two DCs in head office are the main DNS servers. ... (microsoft.public.win2000.dns) Re: Forwarders versus root hints ... do you really want your internal DNS servers, ... > use root hints for pointing to the parent domain, forwarders are usually ... (microsoft.public.windows.server.dns) Re: Very slow DNS ... There are many faulty DHCP servers that don't do things ... > If I would be you, I would give the machine a hostname (permanent one ... ISP's DNS servers that're at fault. ... (alt.linux)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)