Re: Fowarder failover

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "Ace Fekay [Microsoft Certified Trainer]" <firstnamelastname@xxxxxxxxxxx>
Date: Tue, 25 Nov 2008 00:08:00 -0500

In news:4DE61A2B-95B1-4E8B-AF48-DFF3FDE51BD1@xxxxxxxxxxxxx,
BenP <BenP@xxxxxxxxxxxxxxxxxxxxxxxxx> requesting assistance, typed the following:

Thanks for response, but... doesn't answer my question. I have
forward only configuration so no root queries.

What I have found is the default forwarder query timeout - 5 seconds
- is still suitable and provides working failover. This is due to
client side interaction, even if client side query - generally 2
seconds - times out first pass the forwarder list failover will still
operate and bring back successful answer, the second client pass will
then have answer.

I have a datacentres infrastructure plus want to populate forwarders
list via GPO. Just want to know if I can get 4 working forwarders;
two per datacentre, or have to use 3 before setting up my policies.

I don't believe you can configure Forwarders in a DNS server's properites using a GPO. GPOs set numerous options for users and computers, but not a Forwarder for a DNS server. That would be a DNS server properties setting. You can set search suffixes in a GPO.

I am curious if you have a link on how to configure forwarders in a DNS server properties via a GPO.

Forwarders can be set using DNSCMD if you have numerous servers to configure.
More info about DNSCMD:
http://msmvps.com/blogs/ad/archive/2008/03/28/dnscmd-reference.aspx

These are the available list of GPO settings that I am aware of:

Windows 2003 AD Group Policy Settings Reference
http://www.microsoft.com/downloads/details.aspx?FamilyID=7821c32f-da15-438d-8e48-45915cd2bc14&displaylang=en

Group Policy Settings Reference for Windows Server 2008 and Windows Vista SP1
http://www.microsoft.com/downloads/details.aspx?familyid=2043B94E-66CD-4B91-9E0F-68363245C495&displaylang=en

Also, I must agree with the others concerning forwarding and limiting the list. Thinking out loud, it would seem that the client machine's client side resolver may time out before waiting for the 5 second time out for 3 failed forwarders, in a scenario where you have 4 forwarders listed and the first three go down, and go on to the next one in the list in it's IP properties.

You can also alter the Forwarder time-out:
How to Configure a DNS server to use forwarders: (shows how to alter forwarder time-out)
http://technet.microsoft.com/en-us/library/cc773370.aspx

Here is a good post by Kevin Goodnecht explaining the forwarders time out and scenarios with too many.
http://help.lockergnome.com/windows2/Strange-forwarding-issues-ftopict482618.html
quoted from above link:
-------------------
"Actually, the DNS service will stick to the Forwarder that provides an
answer, no matter where it is in the list, if one forwarder times out(no
answer) it will move to the next forwarder in the list, if the next
forwarder provides an answer it uses it until it times out. The problem for
you is, that it may not get back around to the first forwarder, before the
Forwarding timeout expires, and it starts using recursion itself and goes to
the root hints.

Now, if you check the box "Do not use recursion" the DNS server will use
only its forwarders, and will not use root hints. But this cannot guarantee
that one of the other servers being used as a forwarder answer the query,

I recommend that if there is a domain that cannot be reached through the
internet root, that you add a secondary zone for that domain on the Win2k
DNS server. "
-------------------

I hope this helps to answer your questions concerning Forwarder failover.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

.

Follow-Ups:
- Re: Fowarder failover
  - From: BenP

References:
- Fowarder failover
  - From: BenP
- RE: Fowarder failover
  - From: oz.ozugurlu
- RE: Fowarder failover
  - From: BenP

Prev by Date: Re: DNS and Netbios name
Next by Date: Re: Resolving DNS
Previous by thread: RE: Fowarder failover
Next by thread: Re: Fowarder failover
Index(es):
- Date
- Thread

Relevant Pages

Re: nslookup fails
... Does this DNS server have a Forwarder configured? ... > run a query to the forwarders IP address using ... > first query is making sure your DNS server can resolve the root servers to ...
(microsoft.public.windows.server.dns)
Re: How to configure a client for iterative query for name resolut
... "Do not use recursion for this domain". ... If the DNS server is configured to use recursion and the forwarder is unable ... that you can set your client up to perform only iterative ...
(microsoft.public.windows.server.general)
Re: recursive query
... >> Have you tried giving the DNS server a forwarder? ... lookup, ... If ISA is in the mixed make sure the ISA has rules to support the type of ...
(microsoft.public.win2000.dns)
RE: DNS forwarders
... Remove the ISP forwarder entries from all the remote sites and replace ... thereby limiting DNS server exposure to the Internet. ... all of the external DNS queries in the network are resolved through it. ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.dns)
Re: How to configure a client for iterative query for name resolut
... If the DNS server is configured to use recursion and the forwarder is unable ... that you can set your client up to perform only iterative ...
(microsoft.public.windows.server.general)