"A. Mos" <> wrote in message
news:20FF8D62-D223-424A-8A07-...
> We have 2 external DNS (windows 2003 SP2 primary/secondary) not AD, if the
> primary one is down there is no failover to the secondary DNS server. Any
> isea?
> --
> A. Mos
> System Analyst
A. MOs,
Whether AD or not AD, the failover between DNS servers listed on the NIC
depends on the Client Side Resolver Service doing the work, not the DNS
server itself. The client side controls this. Read the following for a
better understanding. It is based on AD, but the way the client side
resolver works is just the same and applies to how it handles multiple
addresses.
================================================== ================
DNS Client side resolver service on all Windows 2000 and newer machines:
To summarize, if there are multiple DNS entries on a machine (whether a DC,
member server or client), it will ask the first entry first. If it doesn't
have the answer, it will go to the second entry after a time out period, or
TTL, which can last 15 seconds or more as it keeps trying the first one, at
which then it REMOVES the first entry from the eligible resolvers list, and
won't go back to it for another 15 minutes. This can cause issues within AD
when accessing a resource such as a printer, folder, getting GPOs to
function, etc.
If the ISP's is the first one in the list in the NIC's properties, obviously
it will be knocked out when a client is trying to login. This will be be
noticed by a significantly long logon time period the client will experience
before it goes to the second one, your internal DNS. So now the first one is
knocked out for 15 minutes. Then say the client decides to go to an internet
site. It will be querying the internal DNS at this point. As long as the
internal DNS is configured with forwarders to an outside DNS, or use it's
Roots, it will resolve it.
So why even bother with an ISP in the client? This is another good reason to
ONLY use the internal DNS server in the VPN's DHCP service for VPN clients.
Keep in mind, the client will probably be configured with an ISP's anyway if
outside the network. Fine, otherwise it can't find the VPN server on the
internet anyway. But once the VPN authenticates and is connected, the VPN
interface will be the first on the binding order, which now you WANT to only
have the internal DNS servers in that interface.
DNS Client side resolver service
http://technet.microsoft.com/en-us/l.../cc779517.aspx
The DNS Client Service Does Not Revert to Using the First Server in the List
in Windows XP
http://support.microsoft.com/kb/320760
================================================== ================
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Similar Threads
Linear Mode
