Multiple DNS server entries on Client PC

  • Thread starter Thread starter Ziek
  • Start date Start date
Z

Ziek

I have a client PC who is getting 5 different DNS server names through our
DHCP server.

For some reason, this client seems to be using entry #4 in this list. The
way we assigned the DNS servers are like this:

entry #1 = primary
entry #2 = seconday
entry #3 = tertiary
entry #4 = fail over DNS server (at our ISP) in case our in-house boxes are
down
entry #5= fail over #2 DSN server (at our ISP) in case in-house boxes are
down.

We can't figure out why this client is using DNS entry #4, without even
attempting entry #1 !

Are we confusing the PC by assigning that many dns entries?
 
In
Ziek said:
I have a client PC who is getting 5 different DNS server names
through our DHCP server.

For some reason, this client seems to be using entry #4 in this list.
The way we assigned the DNS servers are like this:

entry #1 = primary
entry #2 = seconday
entry #3 = tertiary
entry #4 = fail over DNS server (at our ISP) in case our in-house
boxes are down
entry #5= fail over #2 DSN server (at our ISP) in case in-house boxes
are down.

We can't figure out why this client is using DNS entry #4, without
even attempting entry #1 !

Are we confusing the PC by assigning that many dns entries?
Click to expand...

If DNS one does not respond to a query fast enough it will try DNS two, if
dns two does not respond fast enough it tries DNS three, If DNS three does
not respond fast enough it tries DNS four. If DNS four responds with any
answer (positive or negative) that is the one it uses for all further
queries until it times out or TCP/IP is reset.
That is why you should never use your ISP's DNS any position on any AD
domain member.
 
In
Ziek said:
I have a client PC who is getting 5 different DNS server names
through our DHCP server.

For some reason, this client seems to be using entry #4 in this list.
The way we assigned the DNS servers are like this:

entry #1 = primary
entry #2 = seconday
entry #3 = tertiary
entry #4 = fail over DNS server (at our ISP) in case our in-house
boxes are down
entry #5= fail over #2 DSN server (at our ISP) in case in-house boxes
are down.

We can't figure out why this client is using DNS entry #4, without
even attempting entry #1 !

Are we confusing the PC by assigning that many dns entries?
Click to expand...


To add to Kevin's post and the reason behind it all....

Tthe list doesn't get reset to go back and try the first one unless, the
machine is restarted or the DNS client service is restarted, or fudging a
registry entry on all the machines (not practical if you ask me). It also
depends on what is being queried for it to drop down to DNS entry #4. If
it's an outside resource and the Root zone exists on the internal DNS, then
I can see why it's happening or just as you said Kevin, the machine is not
answering quick enough during a recursion.

To also add, using multiple DNS entries is a fail over solution providing
FAULT TOLERANCE and it's NOT load balancing solution, apparently why you may
have chosen to have mutliple entries. So this means that ALL DNS servers
MUST have the same exact zone information in them. If you have AD, then no
way will the ISP have your internal AD information, so therefore it is not a
fault tolerant solution to have your ISP's set.

Use of a forwarder is the answer for Internet resolution. To configure
forwarding (in case you're not sure how to - and be sure to delete the Root
zone, or the option is grayed out, which this also shows how-to):
http://support.microsoft.com/?id=300202

Here's a couple links on the way the DNS resolver service works. Keep in
mind:

261968 - Explanation of the Server List Management Feature in the Domain
Name Resolver Client:
http://support.microsoft.com/?id=261968

286834 - The DNS Client Service Does Not Revert to Using the First Server in
the List:
http://support.microsoft.com/?id=286834

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Is there any way in hell that the client didn't even attempt to use DNS #1?

For instance, let's say I reboot the machine, so everything is fresh. And
then I try to go to an internal website (one which the ISP's DNS would know
nothign about).

If I ping this host and get "no reply", and after doing a network trace , I
see that it attempted to resolve this host name by asking DNS #4, should I
assume that it *did* try DNS #1/2/and 3, but #4 answered sooner than the
first three, even through the first three are internal??!


"Ace Fekay [MVP]"
 
In
Ziek said:
Is there any way in hell that the client didn't even attempt to use
DNS #1?

For instance, let's say I reboot the machine, so everything is fresh.
And then I try to go to an internal website (one which the ISP's DNS
would know nothign about).

If I ping this host and get "no reply", and after doing a network
trace , I see that it attempted to resolve this host name by asking
DNS #4, should I assume that it *did* try DNS #1/2/and 3, but #4
answered sooner than the first three, even through the first three
are internal??!
Click to expand...
Even at reboot, when the machine starts it is using DNS, if for some reason,
and there can be many, if the preferred DNS server are slow to respond (they
all get one second, the first server to respond becomes the system's
preferred DNS) Then answer doesn't have to be a positive answer, the system
accepts any answer as the only answer, and the query stops.

There is a TechNet article that shows the flowchart for DNS resolution but I
can't find it.

The best practice is to NOT use any DNS server except the internal DNS.
 
In
Ziek said:
Is there any way in hell that the client didn't even attempt to use
DNS #1?

For instance, let's say I reboot the machine, so everything is fresh.
And then I try to go to an internal website (one which the ISP's DNS
would know nothign about).

If I ping this host and get "no reply", and after doing a network
trace , I see that it attempted to resolve this host name by asking
DNS #4, should I assume that it *did* try DNS #1/2/and 3, but #4
answered sooner than the first three, even through the first three
are internal??!
Click to expand...

Yes, I would say so, unless there;s something amiss with the 1st three
settings or your search suffix is not set properly. Kevin pretty much
explained the rest as for timing.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Kevin D. Goodknecht [MVP] <[email protected]> posted their thoughts,
then I offered mine
There is a TechNet article that shows the flowchart for DNS
resolution but I can't find it.
Click to expand...
<snip>

Here it is:
Chapter 6 - All About Windows 2000 DNS {DNS Resolver Chart included]:
http://www.microsoft.com/resources/.../server/reskit/en-us/tcpip/part2/tcpch06.mspx

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
this is not how w2k resover behaves..

it's like this: try first dns on the preferred connection
for 1s,
if no response, try first dns on all conections for 2 s,
if no response, try all dns on all connections for 2s,4s,
and 8s. then time out.

besides this, the primary or connection dns suffix may
need a look too...as the internal should have a faster
response.
 
In
the confused said:
this is not how w2k resover behaves..

it's like this: try first dns on the preferred connection
for 1s,
if no response, try first dns on all conections for 2 s,
if no response, try all dns on all connections for 2s,4s,
and 8s. then time out.

besides this, the primary or connection dns suffix may
need a look too...as the internal should have a faster
response.
Click to expand...

That sounds like pretty much what Kevin said, except in a nutshell without
elaborating. Check the links I offered on it, it explains it explicitly. As
for the suffixes, each query per DNS entry for the current eligible resolver
goes thru the girations with the resolver sequence.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Ace, there are quite some difference, what Kevin
described was the old windows resolver behavior...
 
In
the confused said:
Ace, there are quite some difference, what Kevin
described was the old windows resolver behavior...
Click to expand...
I was describing how the DNS resolver works in his case, he only has one
connection. It goes down the list the first DNS that responds gets moved to
the Preferred DNS position until the connection is reset.
 
if just one connection, it still will not do the old or
bind fashion.

this new way is redesigned starting w2k, as a client can
have 12(?) servers listed. Not sure for XP, probably
more.
 
In
the confused said:
if just one connection, it still will not do the old or
bind fashion.

this new way is redesigned starting w2k, as a client can
have 12(?) servers listed. Not sure for XP, probably
more.
Click to expand...

How many DNS servers was not the question. It still uses the first DNS that
responds. That is what I said, I said nothing about how many DNS server you
can use and neither did the original poster.

Go back and read the original post.
 
In
the confused said:
if just one connection, it still will not do the old or
bind fashion.

this new way is redesigned starting w2k, as a client can
have 12(?) servers listed. Not sure for XP, probably
more.
Click to expand...

I guess you didn't read that link...

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
you guys always come in pair...

This is what Kevin said and I made the comment because I
think this is a general statement regarding how a
resolver works:

"If DNS one does not respond to a query fast enough it
will try DNS two, if dns two does not respond fast enough
it tries DNS three, If DNS three does not respond fast
enough it tries DNS four. If DNS four responds with any
answer (positive or negative) that is the one it uses for
all further queries until it times out or TCP/IP is
reset."

In the original case, as only one connection exists, the
resolver will first try #1, then try #1, then try #1-5
all together, and all together again, ...anything similar
to what described above?
 
Back
Top