Solved

DNS name resolution problem

Posted on 2002-05-30
21
214 Views
Last Modified: 2010-04-13
Our DHCP servers assign 4 DNS server addresses along with and IP lease to the clients. 2 of the DNS servers are local and the other 2 are run by our ISP and are public.  the 2 local DNS servers are listed first in the DHCP scope.  Our two local DNS servers have a authoritative zone for our servers on the DMZ, that zone contains the private addresses for the servers.  The public DNS servers contain the public addresses for the same servers.  The problem I am having is that my Windows 2000 client will sometime correctly use the first DNS server in it list (assinged by DHCP) and other time it will ignore the 2 local addresses and go right the to public DNS servers for resolution.  When that happens the client gets the public address and is therefore slower.  I can't figure out why my workstation sometimes uses the local DNS servers and other times ignores them.  Any help is appreciated.  Our local DNS servers are Windows 2000 w/ sp2.
0
Comment
Question by:g0swell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 4
  • +4
21 Comments
 
LVL 2

Expert Comment

by:rburton
ID: 7045295
You could just assign local DNS servers to the clients and then have secondary zones on the servers so that the clients will get external DNS from the servers. This is how our company is set up. Just an Idea.
0
 
LVL 1

Expert Comment

by:birdski
ID: 7045310
 The only reason it would go for the 3rd dns entry would be if the internal dns servers were unavailable.  Is it necessary to have your isp's dns address handed out to internal clients?   You could also just make a hosts file to put on your workstation as a temporary workaround.
 
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 7046955
What you need to do is setup forward addresses on your local DNS servers so that only what they can't resolve will go to the ISP's DNS servers. Then you tell DHCP to only give out the local DNS IP's. This way when someone needs to query it will check your local DNS servers and if and only if it can't resolve from your local ones will it query the ISP's DNS servers. This is a simple setup so if you’re interested I will explain how to set that up.

TooKoolKris
MCSE+I, CCNA, A+

0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 11

Expert Comment

by:geoffryn
ID: 7047739
Windows 2000 does not strictly follow the DNS server search order.  The system will always make its next query to the last server to successfully respond to the previous query. SO it is possible to have teh server query external DNS servers even though the local server can service the query. The way to avoid this is to use a split DNS with forwarders as TooKoolKris has suggested.
0
 
LVL 6

Expert Comment

by:st_steve
ID: 7048292
The "standard" in DNS set up is one suggested by "TooKoolKris": set up DNS servers locally, and use forwarders to the root DNS servers on the net (or your ISP). Set up your clients to use your local DNS.

Public access DNS servers:

http://support.open-rsc.org/servers/

Disable "recursion" on local DNS as well.
0
 

Author Comment

by:g0swell
ID: 7048543
Our local DNS servers are setup to forward any request they can't resolve locally.  They are also setup to not use recurssion to avoid extra traffic accross our internet pipe.  I have the public DNS servers still in the lease for redundancy in case something happened to our Active Directory or DNS so clients could still access the internet.  I am interested by what geoffryn said about Windows using the last DNS that responded to a query.  Is there documentation about that.  That seems like the most logical answer but I don't understand how the clients used the public DNS server even once.  The clients are setup to use the local DNS servers and the local DNS servers are setup to forward.  On paper the client would ask the local DNS and the local DNS would get the answer from the public DNS then the local DNS would give the answer to the client.  The client should never see the public DNS server but that does seem like what is happening.  Please provide documentation on the following "Windows 2000 does not strictly follow the DNS server search order.  The system will always make its next query to the last server to successfully respond to the previous query" so I can explore that avenue.
0
 
LVL 6

Expert Comment

by:st_steve
ID: 7048552
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/windows2000serv/maintain/c19w2kad.asp

About Win2k DNS servers but no documentation about the "last DNS responding". Search on the same site "TechNet".
0
 
LVL 1

Expert Comment

by:igore
ID: 7048606
You should not assign the addresses of the Public DNS servers through DHCP, the client machines have no reason to query them and it just needlessly confuses your LAN setup to put them in your DHCP scope.  The local DNS serves should be able to resolve all queries using the Public DNS servers as forwarders.  You might want to look over your site definitions as well in ADS&S.
0
 
LVL 6

Expert Comment

by:st_steve
ID: 7048612
This is what "TooKoolKris" has indirectly suggested. "igore", why do you think your answer is better than his/hers??

You keep locking questions, what's going on??
0
 
LVL 1

Expert Comment

by:igore
ID: 7048670
If you are answering the question you should post an answer, not a comment.  If you are making a comment without answering the question you should post a comment.

And yes, my answer is similar to the comment made by "TooKoolKris", both are correct.
0
 
LVL 1

Expert Comment

by:igore
ID: 7048682
If you are answering the question you should post an answer, not a comment.  If you are making a comment without answering the question you should post a comment.

And yes, my answer is similar to the comment made by "TooKoolKris", both are correct.
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 7048979
igore,
     You are obviously a newbie on this site and therefore should have the benefit of the doubt. However it is considered rude by the experts on this site to take someone else’s comments and propose them as the answer for yourself. There is no need to make a repeat of comments already posted. Thanks.

TooKoolKris
MCSE+I, CCNA, A+

0
 
LVL 6

Expert Comment

by:st_steve
ID: 7049214
ToolKoolKris

igore is not a newbie, his account was created 07/31/1998. That's more than a year before I joined this site.


Igore

To repeat someone else's comment (even from another question) is frowned upon, but to post someone else's comment as YOUR answer?? You've been a member of this site for almost 4 years, you should know better!


Back to you "g0swell". You better decide on whether to accept or reject the answer, since this question is not in the "locked questions" area and no one is going to bother posting any more comments until you unlock it (or accept the answer).
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 7049799
st_steve,

He may have created an account for asking questions on that date however he's only been answering questions since 10/01 and only 12 at that most of which are in 5/02. So the term newbie still applies in my book, your comments have been noted however your fact finding mission was at best sloppy.

TooKoolKris
MCSE+I, CCNA, A+

0
 
LVL 1

Expert Comment

by:igore
ID: 7049820
The reason I spent my time on answering this question was because an answer had not been posted to it, only a lot of comments.  Still, I did not mean to ruffle any feathers and I certainly wasn't doing a copy/paste job with the answer.  I only noticed later how similar the answer I proposed was to one of the comments.  Shouldn't taht comment have been made as an answer so g0swell could accept or reject it?

And I actually did answer a couple of questions back in '98 (if anyone can remember that far back)

Igore
MCSE+I on NT 4.0 & W2K,MCP+SB,CCSE,CCA,CNA (alphabet soup)
0
 
LVL 6

Expert Comment

by:st_steve
ID: 7050019
There's a lot of bitching going on over in this question. "Experts" here are missing the point of this site: to help people, not to bith about other people or not to "score points".

Sheesh..people telling me I'm sloppy in fact finding! That I haven't heard of before!

I better just STOP talking!
0
 
LVL 1

Expert Comment

by:igore
ID: 7050633
I agree, I'm not sure if you can accept (or reject for that matter) Comments as answers, since it's been a few years since I asked a question, but if it's possible and g0swell is actively monitoring this thread he should reject my answer and accept kooltoolbox's comment.
0
 

Author Comment

by:g0swell
ID: 7050929
I am aware of the technically correct way to set this up but as I said I was trying to keep some sort of redunancy for the clients by using the public DNS servers.  I am looking for somebody to address my original question, "Why do the clients sometimes not use the first DNS server listed in the TCP/IP scope?".  Geoffryn made an intersting statement but I am a "book" kind of guy and was hoping for some proof so I can justify changing our configuration to the powers that be here.
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 7051154
The query request to a DNS server has a small TTL associated with it. If the first DNS server in the list is busy when the query comes it will send it to the next one in the list and so on and so on. If your clients are getting to the public ones that are listed after the local DNS servers it's because at the time of the query request the first 2 were probably busy. By adding forwarders to your local DNS servers you can decrease the busy time for them by having them send the query request for zones that they don't manage directly to the public DNS servers instead of them trying to resolve first.

Here are some articles to explain things further:

Frequently Asked Questions About Windows 2000 DNS (Q291382)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291382

Windows 2000 May Send Unexpected DNS Request (Q263091)
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q263091

There are many links inside these articles that point to the subject in question as well.

Hope these help

TooKoolKris
MCSE+I, CCNA, A+

0
 
LVL 11

Accepted Solution

by:
geoffryn earned 200 total points
ID: 7051364
0
 

Author Comment

by:g0swell
ID: 7053589
This article seems to be what is happening.  Lately our internet connection has been under duress and just like the article explains, when I renew the lease or reboot I will be back to using the correct order.  Thanks to geoffryn for answering the question I was asking.  I knew I could fix it by removing the public servers, I wanted to know why my problem was happening.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question