A
Absolutely
Several times I've noticed that machines will not always look to a secondary
DNS server when the primary goes down. Why is this?
DNS server when the primary goes down. Why is this?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
A
Aaron Anderson
it's my experience that windows 2000 just isn't very good about this. xp and
server 2003 tend to work just fine.
What's your specific set up?
server 2003 tend to work just fine.
What's your specific set up?
A
Absolutely
2 2000 Servers (SP4), one with AD, the other member. DC is primary DNS and
member is secondary. Member is also mail server (IMail) and DHCP.
Workstations are 2000 and XP.
At some point last week the primary stopped responding to DNS queries
(restarting the DNS service cured it), but even though the secondary was
running fine, nothing would look to it for answers.
member is secondary. Member is also mail server (IMail) and DHCP.
Workstations are 2000 and XP.
At some point last week the primary stopped responding to DNS queries
(restarting the DNS service cured it), but even though the secondary was
running fine, nothing would look to it for answers.
K
Kevin D. Goodknecht Sr. [MVP]
Absolutely said:2 2000 Servers (SP4), one with AD, the other member. DC is primary
DNS and member is secondary. Member is also mail server (IMail) and
DHCP. Workstations are 2000 and XP.
At some point last week the primary stopped responding to DNS queries
(restarting the DNS service cured it), but even though the secondary
was running fine, nothing would look to it for answers.
How have you determined that the clients are not using the Alternate DNS?
Are these two DNS servers configured to use a forwarder? What are the
forwarders?
G
Guest
To add to the below - bear in mind that a client will consider a DNS server
alive so long as the server can be contacted (via an ICMP ping).
That means, that if the DNS service has hung, clients will *not* revert to
the secondary server, since the primary is still available.
This is as per RFC 2182 behaviour.
hth,
neil
alive so long as the server can be contacted (via an ICMP ping).
That means, that if the DNS service has hung, clients will *not* revert to
the secondary server, since the primary is still available.
This is as per RFC 2182 behaviour.
hth,
neil
A
Absolutely
What is happening is that the primary is hanging and connectivity to it is
lost (perhaps a bad NIC, but haven't determined that yet). If I try to go
into the properties of the secondary I just get a warning that it can't load
the zone.
lost (perhaps a bad NIC, but haven't determined that yet). If I try to go
into the properties of the secondary I just get a warning that it can't load
the zone.
A
Absolutely
Also if attempting nslookup when the hanging on the primary occurs, I get
this from the workstations:
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.25.20: Timed out
*** Can't find server name for address 192.168.25.40: Server failed
*** Default servers are not available
Default Server: UnKnown
The two IPs are the DNS servers.
this from the workstations:
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.25.20: Timed out
*** Can't find server name for address 192.168.25.40: Server failed
*** Default servers are not available
Default Server: UnKnown
The two IPs are the DNS servers.
K
Kevin D. Goodknecht Sr. [MVP]
Absolutely said:Also if attempting nslookup when the hanging on the primary occurs, I
get this from the workstations:
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.25.20: Timed out
*** Can't find server name for address 192.168.25.40: Server failed
*** Default servers are not available
Default Server: UnKnown
After you get these messages from nslookup, will the DNS servers answer any
queries?
These messages may or may not be a sign of a problem with the DNS server, it
could just mean there is no reverse lookup zone or PTR record. It would be a
sign of a bigger problem if the DNS server could answer no queries.
Is there a firewall?
You never did answer my question about forwarding configuration.
A
Absolutely
Didn't try to query, but I don't believe either server would resolve
anything. The way I found out about this is that my mail server was
returning messages as undeliverable. When I looked further I found it could
not resolve the names of receiving mail servers.
Forwarders are set to my circuit provider's DNS servers on both the primary
and secondary. The only firewall is between the WAN and LAN. DNS servers
and mail server is on the LAN.
anything. The way I found out about this is that my mail server was
returning messages as undeliverable. When I looked further I found it could
not resolve the names of receiving mail servers.
Forwarders are set to my circuit provider's DNS servers on both the primary
and secondary. The only firewall is between the WAN and LAN. DNS servers
and mail server is on the LAN.
A
Absolutely
Any thoughts?
Absolutely said:Didn't try to query, but I don't believe either server would resolve
anything. The way I found out about this is that my mail server was
returning messages as undeliverable. When I looked further I found it
could not resolve the names of receiving mail servers.
Forwarders are set to my circuit provider's DNS servers on both the
primary and secondary. The only firewall is between the WAN and LAN. DNS
servers and mail server is on the LAN.
K
Kevin D. Goodknecht Sr. [MVP]
Absolutely said:Any thoughts?
These messages from nslookup are not indicative that DNS is not resolving.
This is a message from nslookup that it (nslookup) cannot find the PTR
records for the DNS server IPs. Hence, you get Can't find server *NAME* for
address <DNSserverIPaddress>
That is why I asked if nslookup will resolve any further queries.
A
Absolutely
Ok, so how do I determine if the workstations are in fact using the
secondary? And, even if they are, what would be the issue?
All I know is that as far as I can tell I have everything configured
correctly and if the primary goes down, things stop working.
secondary? And, even if they are, what would be the issue?
All I know is that as far as I can tell I have everything configured
correctly and if the primary goes down, things stop working.
K
Kevin D. Goodknecht Sr. [MVP]
In
Make sure the DNS server is listening on the correct IP address, has a good
gateway address in TCP/IP properties, and can contact the forwarder and root
servers on port 53 UDP.
Post the ipconfig /all from the Alternate DNS server machine and a client.
Do this to see if the Alternate DNS can resolve names.
nslookup <hit enter>
server <AlternateDNSIP> <hit enter>
www.microsoft.com <hit enter>
You should also try nslookup from the machine that hosts the Alternate DNS
against the forwarder and root servers.
Absolutely said:Ok, so how do I determine if the workstations are in fact using the
secondary? And, even if they are, what would be the issue?
All I know is that as far as I can tell I have everything configured
correctly and if the primary goes down, things stop working.
Make sure the DNS server is listening on the correct IP address, has a good
gateway address in TCP/IP properties, and can contact the forwarder and root
servers on port 53 UDP.
Post the ipconfig /all from the Alternate DNS server machine and a client.
Do this to see if the Alternate DNS can resolve names.
nslookup <hit enter>
server <AlternateDNSIP> <hit enter>
www.microsoft.com <hit enter>
You should also try nslookup from the machine that hosts the Alternate DNS
against the forwarder and root servers.
A
Absolutely
Make sure the DNS server is listening on the correct IP address, has a
good
gateway address in TCP/IP properties, and can contact the forwarder and
root
servers on port 53 UDP.
Post the ipconfig /all from the Alternate DNS server machine and a client.
DNS server is listening on all addresses, the gateway is good and can
contact the forwarder and root servers. Here is the ipconfig info:
This is the secondary DNS server......................................
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : jr4
Primary DNS Suffix . . . . . . . : jr.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : jr.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter
(PI
LA8470B)
Physical Address. . . . . . . . . : 00-D0-B7-91-5C-21
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.25.40
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.25.1
DNS Servers . . . . . . . . . . . : 192.168.25.20
192.168.25.40
This is a client........................................................
Windows IP Configuration
Host Name . . . . . . . . . . . . : jeremyamd64
Primary Dns Suffix . . . . . . . : jr.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : jr.local
jr.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : jr.local
Description . . . . . . . . . . . : NVIDIA nForce Networking
Controller
Physical Address. . . . . . . . . : 00-04-61-92-9F-E8
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.25.103
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.25.1
DHCP Server . . . . . . . . . . . : 192.168.25.40
DNS Servers . . . . . . . . . . . : 192.168.25.20
192.168.25.40
Lease Obtained. . . . . . . . . . : Wednesday, April 05, 2006
2:35:56 PM
Lease Expires . . . . . . . . . . : Thursday, April 13, 2006 2:35:56
PM
K
Kevin D. Goodknecht Sr. [MVP]
In Absolutely <[email protected]> typed:
Do you think my question is unimportant?
Does nslookup resolve any queries after the initial "can't find server name
for address 192.168.25.40"?
Nslookup reports this message because it is performing a reverse lookup on
the DNS server IP address.
Also, you have a second IP address that is not on the same subnet, it has no
gateway, and as DNS servers often do, that will try to connect to the
primary from this second address, which causes zone transfers to fail. You
should not have IP address on the same NIC on different subnets.
Do you think my question is unimportant?
Does nslookup resolve any queries after the initial "can't find server name
for address 192.168.25.40"?
Nslookup reports this message because it is performing a reverse lookup on
the DNS server IP address.
Also, you have a second IP address that is not on the same subnet, it has no
gateway, and as DNS servers often do, that will try to connect to the
primary from this second address, which causes zone transfers to fail. You
should not have IP address on the same NIC on different subnets.
A
Absolutely
Disregard that second address. That was there temporarily while I was
playing with a new firewall. Issue existed prior to that being there.
Oh, and in answer to your question, no.
playing with a new firewall. Issue existed prior to that being there.
Oh, and in answer to your question, no.
K
Kevin D. Goodknecht Sr. [MVP]
Absolutely said:Disregard that second address. That was there temporarily while I was
playing with a new firewall. Issue existed prior to that being there.
Oh, and in answer to your question, no.
Wow, it has been over a month since originally asked about nslookup, this
thread has been going on for 6+ weeks now, I can help you resolve this, but
it is like pulling teeth to get information from you. I had to go back and
refresh my memory on what's been done and tried, with all due respect, I
can't help you if you dodge every question.
What kind of firewall?
Are there any rules on the firewall that would prevent either of the servers
from using recursion?
Does your ISP's DNS support recursion?
Do you have recursion disabled?(Advanced tab)
Can you nslookup the ISP's DNS from the DNS server machines?
Replace the Root hints file.
249868 - Replacing Root Hints with the Cache.dns File:
http://support.microsoft.com/default.aspx?scid=kb;en-us;249868&Product=win2000
As for the secondary zones not loading when the primary is down, increase
the expire time on the zone, 1 day is generally not enough if you are using
a secondary zone, 2 to 4 weeks is the recommendation.
Create a reverse lookup zone and PTRs for the DNS server's IPs so it will
stop the nslookup message.
A
Absolutely
Sorry for the delayed responses. I have very limited time to work on this.
I'll review what you've sent and let you know. Thanks.
I'll review what you've sent and let you know. Thanks.