Solved

DNS name resolution problem

Posted on 2002-05-30
21
206 Views
Last Modified: 2010-04-13
Our DHCP servers assign 4 DNS server addresses along with and IP lease to the clients. 2 of the DNS servers are local and the other 2 are run by our ISP and are public.  the 2 local DNS servers are listed first in the DHCP scope.  Our two local DNS servers have a authoritative zone for our servers on the DMZ, that zone contains the private addresses for the servers.  The public DNS servers contain the public addresses for the same servers.  The problem I am having is that my Windows 2000 client will sometime correctly use the first DNS server in it list (assinged by DHCP) and other time it will ignore the 2 local addresses and go right the to public DNS servers for resolution.  When that happens the client gets the public address and is therefore slower.  I can't figure out why my workstation sometimes uses the local DNS servers and other times ignores them.  Any help is appreciated.  Our local DNS servers are Windows 2000 w/ sp2.
0
Comment
Question by:g0swell
  • 5
  • 5
  • 4
  • +4
21 Comments
 
LVL 2

Expert Comment

by:rburton
Comment Utility
You could just assign local DNS servers to the clients and then have secondary zones on the servers so that the clients will get external DNS from the servers. This is how our company is set up. Just an Idea.
0
 
LVL 1

Expert Comment

by:birdski
Comment Utility
 The only reason it would go for the 3rd dns entry would be if the internal dns servers were unavailable.  Is it necessary to have your isp's dns address handed out to internal clients?   You could also just make a hosts file to put on your workstation as a temporary workaround.
 
0
 
LVL 9

Expert Comment

by:TooKoolKris
Comment Utility
What you need to do is setup forward addresses on your local DNS servers so that only what they can't resolve will go to the ISP's DNS servers. Then you tell DHCP to only give out the local DNS IP's. This way when someone needs to query it will check your local DNS servers and if and only if it can't resolve from your local ones will it query the ISP's DNS servers. This is a simple setup so if you’re interested I will explain how to set that up.

TooKoolKris
MCSE+I, CCNA, A+

0
 
LVL 11

Expert Comment

by:geoffryn
Comment Utility
Windows 2000 does not strictly follow the DNS server search order.  The system will always make its next query to the last server to successfully respond to the previous query. SO it is possible to have teh server query external DNS servers even though the local server can service the query. The way to avoid this is to use a split DNS with forwarders as TooKoolKris has suggested.
0
 
LVL 6

Expert Comment

by:st_steve
Comment Utility
The "standard" in DNS set up is one suggested by "TooKoolKris": set up DNS servers locally, and use forwarders to the root DNS servers on the net (or your ISP). Set up your clients to use your local DNS.

Public access DNS servers:

http://support.open-rsc.org/servers/

Disable "recursion" on local DNS as well.
0
 

Author Comment

by:g0swell
Comment Utility
Our local DNS servers are setup to forward any request they can't resolve locally.  They are also setup to not use recurssion to avoid extra traffic accross our internet pipe.  I have the public DNS servers still in the lease for redundancy in case something happened to our Active Directory or DNS so clients could still access the internet.  I am interested by what geoffryn said about Windows using the last DNS that responded to a query.  Is there documentation about that.  That seems like the most logical answer but I don't understand how the clients used the public DNS server even once.  The clients are setup to use the local DNS servers and the local DNS servers are setup to forward.  On paper the client would ask the local DNS and the local DNS would get the answer from the public DNS then the local DNS would give the answer to the client.  The client should never see the public DNS server but that does seem like what is happening.  Please provide documentation on the following "Windows 2000 does not strictly follow the DNS server search order.  The system will always make its next query to the last server to successfully respond to the previous query" so I can explore that avenue.
0
 
LVL 6

Expert Comment

by:st_steve
Comment Utility
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/windows2000serv/maintain/c19w2kad.asp

About Win2k DNS servers but no documentation about the "last DNS responding". Search on the same site "TechNet".
0
 
LVL 1

Expert Comment

by:igore
Comment Utility
You should not assign the addresses of the Public DNS servers through DHCP, the client machines have no reason to query them and it just needlessly confuses your LAN setup to put them in your DHCP scope.  The local DNS serves should be able to resolve all queries using the Public DNS servers as forwarders.  You might want to look over your site definitions as well in ADS&S.
0
 
LVL 6

Expert Comment

by:st_steve
Comment Utility
This is what "TooKoolKris" has indirectly suggested. "igore", why do you think your answer is better than his/hers??

You keep locking questions, what's going on??
0
 
LVL 1

Expert Comment

by:igore
Comment Utility
If you are answering the question you should post an answer, not a comment.  If you are making a comment without answering the question you should post a comment.

And yes, my answer is similar to the comment made by "TooKoolKris", both are correct.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Expert Comment

by:igore
Comment Utility
If you are answering the question you should post an answer, not a comment.  If you are making a comment without answering the question you should post a comment.

And yes, my answer is similar to the comment made by "TooKoolKris", both are correct.
0
 
LVL 9

Expert Comment

by:TooKoolKris
Comment Utility
igore,
     You are obviously a newbie on this site and therefore should have the benefit of the doubt. However it is considered rude by the experts on this site to take someone else’s comments and propose them as the answer for yourself. There is no need to make a repeat of comments already posted. Thanks.

TooKoolKris
MCSE+I, CCNA, A+

0
 
LVL 6

Expert Comment

by:st_steve
Comment Utility
ToolKoolKris

igore is not a newbie, his account was created 07/31/1998. That's more than a year before I joined this site.


Igore

To repeat someone else's comment (even from another question) is frowned upon, but to post someone else's comment as YOUR answer?? You've been a member of this site for almost 4 years, you should know better!


Back to you "g0swell". You better decide on whether to accept or reject the answer, since this question is not in the "locked questions" area and no one is going to bother posting any more comments until you unlock it (or accept the answer).
0
 
LVL 9

Expert Comment

by:TooKoolKris
Comment Utility
st_steve,

He may have created an account for asking questions on that date however he's only been answering questions since 10/01 and only 12 at that most of which are in 5/02. So the term newbie still applies in my book, your comments have been noted however your fact finding mission was at best sloppy.

TooKoolKris
MCSE+I, CCNA, A+

0
 
LVL 1

Expert Comment

by:igore
Comment Utility
The reason I spent my time on answering this question was because an answer had not been posted to it, only a lot of comments.  Still, I did not mean to ruffle any feathers and I certainly wasn't doing a copy/paste job with the answer.  I only noticed later how similar the answer I proposed was to one of the comments.  Shouldn't taht comment have been made as an answer so g0swell could accept or reject it?

And I actually did answer a couple of questions back in '98 (if anyone can remember that far back)

Igore
MCSE+I on NT 4.0 & W2K,MCP+SB,CCSE,CCA,CNA (alphabet soup)
0
 
LVL 6

Expert Comment

by:st_steve
Comment Utility
There's a lot of bitching going on over in this question. "Experts" here are missing the point of this site: to help people, not to bith about other people or not to "score points".

Sheesh..people telling me I'm sloppy in fact finding! That I haven't heard of before!

I better just STOP talking!
0
 
LVL 1

Expert Comment

by:igore
Comment Utility
I agree, I'm not sure if you can accept (or reject for that matter) Comments as answers, since it's been a few years since I asked a question, but if it's possible and g0swell is actively monitoring this thread he should reject my answer and accept kooltoolbox's comment.
0
 

Author Comment

by:g0swell
Comment Utility
I am aware of the technically correct way to set this up but as I said I was trying to keep some sort of redunancy for the clients by using the public DNS servers.  I am looking for somebody to address my original question, "Why do the clients sometimes not use the first DNS server listed in the TCP/IP scope?".  Geoffryn made an intersting statement but I am a "book" kind of guy and was hoping for some proof so I can justify changing our configuration to the powers that be here.
0
 
LVL 9

Expert Comment

by:TooKoolKris
Comment Utility
The query request to a DNS server has a small TTL associated with it. If the first DNS server in the list is busy when the query comes it will send it to the next one in the list and so on and so on. If your clients are getting to the public ones that are listed after the local DNS servers it's because at the time of the query request the first 2 were probably busy. By adding forwarders to your local DNS servers you can decrease the busy time for them by having them send the query request for zones that they don't manage directly to the public DNS servers instead of them trying to resolve first.

Here are some articles to explain things further:

Frequently Asked Questions About Windows 2000 DNS (Q291382)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291382

Windows 2000 May Send Unexpected DNS Request (Q263091)
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q263091

There are many links inside these articles that point to the subject in question as well.

Hope these help

TooKoolKris
MCSE+I, CCNA, A+

0
 
LVL 11

Accepted Solution

by:
geoffryn earned 200 total points
Comment Utility
0
 

Author Comment

by:g0swell
Comment Utility
This article seems to be what is happening.  Lately our internet connection has been under duress and just like the article explains, when I renew the lease or reboot I will be back to using the correct order.  Thanks to geoffryn for answering the question I was asking.  I knew I could fix it by removing the public servers, I wanted to know why my problem was happening.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Syteline and a new domain controller 4 694
VSS on host & VM 10 391
Active Directory Replication 10 1,129
Retrieve process time in memory in VB 6 115
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now