External DNS

Discussion in 'DNS Server' started by A. Mos, Aug 17, 2009.

  1. A. Mos

    A. Mos Guest

    We have 2 external DNS (windows 2003 SP2 primary/secondary) not AD, if the
    primary one is down there is no failover to the secondary DNS server. Any
    isea?
     
    A. Mos, Aug 17, 2009
    #1
    1. Advertisements

  2. Meinolf Weber [MVP-DS], Aug 17, 2009
    #2
    1. Advertisements


  3. A. MOs,

    Whether AD or not AD, the failover between DNS servers listed on the NIC
    depends on the Client Side Resolver Service doing the work, not the DNS
    server itself. The client side controls this. Read the following for a
    better understanding. It is based on AD, but the way the client side
    resolver works is just the same and applies to how it handles multiple
    addresses.

    ==================================================================
    DNS Client side resolver service on all Windows 2000 and newer machines:


    To summarize, if there are multiple DNS entries on a machine (whether a DC,
    member server or client), it will ask the first entry first. If it doesn't
    have the answer, it will go to the second entry after a time out period, or
    TTL, which can last 15 seconds or more as it keeps trying the first one, at
    which then it REMOVES the first entry from the eligible resolvers list, and
    won't go back to it for another 15 minutes. This can cause issues within AD
    when accessing a resource such as a printer, folder, getting GPOs to
    function, etc.

    If the ISP's is the first one in the list in the NIC's properties, obviously
    it will be knocked out when a client is trying to login. This will be be
    noticed by a significantly long logon time period the client will experience
    before it goes to the second one, your internal DNS. So now the first one is
    knocked out for 15 minutes. Then say the client decides to go to an internet
    site. It will be querying the internal DNS at this point. As long as the
    internal DNS is configured with forwarders to an outside DNS, or use it's
    Roots, it will resolve it.

    So why even bother with an ISP in the client? This is another good reason to
    ONLY use the internal DNS server in the VPN's DHCP service for VPN clients.
    Keep in mind, the client will probably be configured with an ISP's anyway if
    outside the network. Fine, otherwise it can't find the VPN server on the
    internet anyway. But once the VPN authenticates and is connected, the VPN
    interface will be the first on the binding order, which now you WANT to only
    have the internal DNS servers in that interface.

    DNS Client side resolver service
    http://technet.microsoft.com/en-us/library/cc779517.aspx

    The DNS Client Service Does Not Revert to Using the First Server in the List
    in Windows XP
    http://support.microsoft.com/kb/320760
    ==================================================================

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum to benefit from collaboration
    among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
    Microsoft Certified Trainer

    For urgent issues, please contact Microsoft PSS directly. Please check
    http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MCT], Aug 18, 2009
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.