Slave DNS server not taking over.

  • Thread starter Thread starter techjohnny
  • Start date Start date
T

techjohnny

Hello, Group:

I've got an Active Directory providing the primary DNS to clients, and
the backup DNS server is running Bind 9 as a slave.

Today, the primary DNS server failed, but the clients still couldn't
resolve, even though I was able to manually use the nslookup, change
servers, and verify that the slave responded to requests from clients.

The clients are using DHCP and have a primary and secondary dns server,
but the secondary doesn't automatically kick in when the primary fails.

The slave dns server is properly receiving requests from the primary
and the zones are all up-to-date.

Thanks,

--TJ
 
Hello, Group:

I've got an Active Directory providing the primary DNS to clients, and
the backup DNS server is running Bind 9 as a slave.
Click to expand...

This configuration is an security risk. Change the zone type to "AD
integrated" so you can permit "secure updates". For secondary
DNS-Servers the "AD integrated" Zone looks like an standard primary zone.
Today, the primary DNS server failed, but the clients still couldn't
resolve, even though I was able to manually use the nslookup, change
servers, and verify that the slave responded to requests from clients.

The clients are using DHCP and have a primary and secondary dns server,
but the secondary doesn't automatically kick in when the primary fails.

The slave dns server is properly receiving requests from the primary
and the zones are all up-to-date.
Click to expand...

Do you tested the SRV-RECORDS with nslookup on the secondary server?


For example:

http://support.microsoft.com/kb/816587/en-us
 
Read inline.
Hello, Group:

I've got an Active Directory providing the primary DNS to clients, and
the backup DNS server is running Bind 9 as a slave.

Today, the primary DNS server failed, but the clients still couldn't
resolve, even though I was able to manually use the nslookup, change
servers, and verify that the slave responded to requests from clients.
Click to expand...

Were you able to verify with nslookup that the BIND was able to resolve
names?
The clients are using DHCP and have a primary and secondary dns
server, but the secondary doesn't automatically kick in when the
primary fails.
Click to expand...

Alternate DNS servers don't "kick in" when the preferred fails, it is up to
the DNS client to decide which DNS server to use. The DNS client in Windows
will "stick" to whichever DNS server answers for 15 minutes or until TCP/IP
is reset manually.

The DNS Client Service Does Not Revert to Using the First Server in the List
in Windows XP: http://support.microsoft.com/kb/320760/en-us

The DNS Client Service Does Not Revert to Using the First Server in the
List: http://support.microsoft.com/kb/286834/en-us

The slave dns server is properly receiving requests from the primary
and the zones are all up-to-date.
Click to expand...

Are either of the DNS servers using forwarding?
They aren't forwarding to each other are they?
If they are using forwarders they should forward to the ISP, or to your
router if it supports being a DNS proxy.

How long was the Primary down?
The default expire on a MS DNS zone is 1 day, so if the primary was down for
1 day since the secondary last refreshed its zone, the secondary zone would
expire. Also, since you are talking about Active Directory, was the DC able
to still authenticate users?
 
The secondary server is not forwarding, but is using root.hints.

The primary server is running again, so I don't know how much longer it
would've taken, but things are fine now.

Thanks,

--JP
 
This is interesting. so the ramifications are are that the XP client wont
switch to the secondary DNS server for upto 15min? Or am I missing
something?
 
I've come to the conclusion that the primary DNS server wasn't down
long enough to test the secondary.

Thanks,


--JP
 
Back
Top