Re: Issue with DNS failover in domain
- From: "Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 23 Apr 2009 00:40:25 -0400
"Domon" <Domon.3r2vrb@xxxxxxxxxxxxx> wrote in message news:Domon.3r2vrb@xxxxxxxxxxxxxxxx
Hi
The forwarders on DC1 and DC2 are pointing to another DNS server, not
to each other. When I issue an nslookup to resolve a DNS name in command
prompt, I saw that it is contacting DC1 when DC1 is supposed to to down.
It should failover to DC2.
Regards
Nslookup will look at the first entry in the DNS list in the NIC's properties.
As far as how the machine's resolver service behaves when a DNS server is down, is a different process. Nslookup has an internal resolver independent of the machine, therefore this is not a valid test.
What is the other DNS server the forwarders are set to? I assume you mean they're correctly configured to your ISP's.
The following is an explanation how the client side resolver works. Each machine has a client side resolver, including domain controllers, otherwise they wouldn't be able to find their own domain!
======================================================================================================
======================================================================================================
DNS Client side Resolver service Query Process
If the server gets a response, even if it is a negative ('not found') response, it's a response and will not go to the alternate. If after the query to the first one times out (after 3 tries), it removes it from the 'eligible' resolvers list and then goes to the next one in the order listed. It will not go back to the first one until a specified timeout period (read first link below) unless one of three other things happen: restart the machine, restart the DNS Client Service or DHCP Client Service, or set a reg entry to force the TTL to reset the list after each query.
Sorry about all the links. They all give little but in some cases not the whole picture. The DNS Whitepaper is pretty good to start with.
How DNS Works: DNS Resolution, Client Side Resolver (Time out period, devolution, and much more)
http://technet.microsoft.com/en-us/library/cc772774.aspx#w2k3tr_dns_how_gaxc
W2k DNS White Paper- search thru for Fully-Qualified Query and Disabling the Caching Resolver:
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/nameadrmgmt/w2kdns.asp
How DNS query works Domain Name System(DNS):
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/0bcd97e6-b75d-48ce-83ca-bf470573ebdc.mspx
DNS Resolver Cache Service [incvluding NetFailureCacheTime and NegativeCacheTime reg entries]:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/cnet/cnbc_imp_qxht.asp
286834 - DNS Client Service Doesn't Revert to Using First Server in List [explained in the DNS white papers] reg to alter it too:
http://support.microsoft.com/default.aspx?scid=kb;en-us;286834
261968 - Explanation of the Server List Management Feature in the Domain Name Resolver Client:
http://support.microsoft.com/?id=261968
SP4 Changes DNS Name Resolution - Actual Query Timeout settings the resolver uses - (XP too):
http://support.microsoft.com/default.aspx?scid=kb;en-us;198550
------
DNS Forwarder Resolution and Time Out Process:
Information on how a DNS Forwarder time-out works with using multiple Forwarder:
Keep in mind, if you have too many forwarders listed, and only one is recommended (I believe 6 is the most it will use), the client side resolver may time out waiting for the 4th forwarder to get queried and will go to the next DNS server listed in the client's IP properties.
Configure a DNS server to use forwarders (you can change the time-out period)
http://technet.microsoft.com/en-us/library/cc773370.aspx
This is a good post by Kevin Goodnecht, Microsoft MVP Directory Services, explaining the forwarders time out and scenarios with too many Forwarders listed.
http://help.lockergnome.com/windows2/Strange-forwarding-issues-ftopict482618.html
quoted from above link:
----
"Actually, the DNS service will stick to the Forwarder that provides an
answer, no matter where it is in the list, if one forwarder times out(no
answer) it will move to the next forwarder in the list, if the next
forwarder provides an answer it uses it until it times out. The problem for
you is, that it may not get back around to the first forwarder, before the
Forwarding timeout expires, and it starts using recursion itself and goes to
the root hints.
Now, if you check the box "Do not use recursion" the DNS server will use
only its forwarders, and will not use root hints. But this cannot guarantee
that one of the other servers being used as a forwarder answer the query,
I recommend that if there is a domain that cannot be reached through the
internet root, that you add a secondary zone for that domain on the Win2k
DNS server. "
----
======================================================================================================
======================================================================================================
.
- Follow-Ups:
- Re: Issue with DNS failover in domain
- From: Dole Bludger
- Re: Issue with DNS failover in domain
- References:
- Issue with DNS failover in domain
- From: Domon
- Re: Issue with DNS failover in domain
- From: Meinolf Weber [MVP-DS]
- Re: Issue with DNS failover in domain
- From: Domon
- Issue with DNS failover in domain
- Prev by Date: Re: Issue with DNS failover in domain
- Next by Date: Dns Active directory 2008 error
- Previous by thread: Re: Issue with DNS failover in domain
- Next by thread: Re: Issue with DNS failover in domain
- Index(es):
Relevant Pages
|
Loading
