DNS failover to secondary server not working

  • Thread starter Thread starter pgri
  • Start date Start date
P

pgri

Hello,

We've set up DNS on a Windows 2000 server (SP4)to handle
all our internal domain names.

The DHCP server specifies 3 DNS servers: the primary is
the internal DNS server and the secondary and tertiary are
external internet DNS servers. Users have no problem
resolving IP addresses internally or externally unless the
primary server is shut down or the DNS service is stopped.

At that point if you try to access an internet site
the "page cannot be displayed" message appears. I was
under the impression that if the primary DNS server was
unavailable the request would failover the the secondary
server.

What do we need to do to configure failover to work
properly?

Thanks
 
Thought the IP configuration might be useful...

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : peterg-dell8200
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink
10/100 PCI For Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-04-76-B8-FA-88

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 208.10.202.125

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 208.10.202.36

DHCP Server . . . . . . . . . . . : 208.10.202.59

DNS Servers . . . . . . . . . . . : 208.10.202.59
64.90.1.18
64.90.1.14
Primary WINS Server . . . . . . . : 208.10.202.129

Lease Obtained. . . . . . . . . . : Monday, June 30,
2003 7:06:48 AM

Lease Expires . . . . . . . . . . : Thursday, July 24,
2003 7:06:48 AM
 
In
pgri said:
Thought the IP configuration might be useful...

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : peterg-dell8200
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink
10/100 PCI For Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-04-76-B8-FA-88

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 208.10.202.125

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 208.10.202.36

DHCP Server . . . . . . . . . . . : 208.10.202.59

DNS Servers . . . . . . . . . . . : 208.10.202.59
64.90.1.18
64.90.1.14
Primary WINS Server . . . . . . . : 208.10.202.129

Lease Obtained. . . . . . . . . . : Monday, June 30,
2003 7:06:48 AM

Lease Expires . . . . . . . . . . : Thursday, July 24,
2003 7:06:48 AM
Click to expand...

One thing I would suggest if this is an AD infrastructure, is to remove
those external DNS addresses, or other *major* issues *will* arise with AD
funtionality.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
pgri said:
We're not using AD.
Click to expand...


I see, no AD. No prob.

Here's a little background on how mutliple entries work:

The way the DNS client side resolver service on a client machine works,
(whether it's a DNS server pointing to itself, a DC, a client machine, or
any Windows machine for that matter) is that if the first entry doesn't
respond or comes back as a Null, it goes to the second entry and tries
again. But it takes the first entry out of the "eligible resolvers list" and
never goes back to it unless you restart the machine, restart the DNS client
service or make a reg entry to alter that behavior. If there are 3 entries,
then it repeats to the third and removes both entry 1 and 2 out of the
eligible resolver list. So there is no "failover" per se, unless ALL the
entries have the SAME EXACT ZONE INFORMATION.

It's designed to be a fault tolerance solution and not a load balance
solution. So this would explain the behavior that you're experiencing. If
there is specific info on the internal DNS that you ALWAYS need, I would
suggest to install another DNS server internally, make sure all your zones
are on both machines (Primary/Secondary) and point only to both of them.

To achieve Internet access while only using your own DNS servers, use a
forwarder on BOTH machines, as outline how-to in
http://support.microsoft.com/?id=300202.

Hope that helps you in your solution.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top