Solved

What happens when client PCs are set up to use a router as an alternate DNS server?

Posted on 2007-04-04
10
211 Views
Last Modified: 2010-04-18
I've got an easy question: we have a small Windows Server 2003 network with a single DNS server (running Windows 2003) integrated into Active Directory. We have all of the client PCs set up to use our router as a alternate DNS server so that if the DNS server fails, at least our employees can still access the internet.

My question is, are there any problems associated with this type of setup? If so why, and can they be averted?
0
Comment
Question by:bslorence
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 75 total points
ID: 18853249
Yes, there are problems with this.  Your clients should ONLY know about the Windows Server DNS.  Active Directory uses DNS to locate servers and services.  There's NO GUARANTEE that your clients will ALWAYS use the server DNS unless it's down.  As a result, they could sometimes ask your ISP "hey where's the global catalog server?" and your ISP's DNS would say "I have no idea what you're talking about - go $@#& yourself".  And the client would then sit there going... hmmm... what do I do now?  Maybe I'll just keep looking and forget about asking.  Eventually, you'll get through... but misconfigured DNS like this is a major cause of slow logons and problems accessing servers.

To fix it, remove all but the Windows Server from your list of DNS servers.  And if you want to  have a backup DNS server, get another Windows Server (Note: if you're using Small Business Server, you can only have ONE SBS server in a netork - other servers are fine, but ONLY one SBS server.
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 50 total points
ID: 18853263

Yes there are.

You can't guarantee that the PCs on your network will always use the Preferred DNS Server for internal name resolution. Because of that you may find that you occasionally suffer excessively long logon times and problems accessing network resources.

It's not a setup I would recommend, the availability of the internet during (hopefully) minimal server downtime is a poor return on the performance costs.

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18853271

Sorry Leew, bit slow typing that.

Chris
0
 
LVL 1

Author Comment

by:bslorence
ID: 18853292
Why won't the PCs always use the Preferred DNS server? What are a few common causes for a PC using an alternate DNS server?
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18853300
This will probably be an issue in resolving Active Directory resources, esp. your domain controller(s), if your local DNS server fails. Your router is in all likelihood simply forwarding DNS requests to an ISP DNS server that does not host the zone containing your AD SRV records, which means that if your local DNS server fails, your clients will not be able to log onto Active Directory, browse file shares, etc.  They -will- likely still be able to browse the Internet and other things that don't specifically require the ability to resolve your AD DNS records.

The workaround for this, quite simply, is to install additional DNS servers.  If you have multiple DCs in your environment (and please tell me you do), it's easy enough to simply configure each DC as a DNS server, which will provide you redundancy for both AD as well as DNS.

Hope this helps.

Laura E. Hunter - Windows Server: Networking

0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 18853304
The preferred server is busy and the client doesn't want to wait.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18853318
In re: "why won't the PCs always use the Preferred server":  whenever a client needs to resolve a DNS query, it will send the query to its primary DNS server.  If that DNS server doesn't respond within a sufficient time (I believe 5 seconds), the client will re-send the query to its secondary DNS, then its tertiary DNS, and so on.  A simple "blip" in network connectivity could cause a client to send a query to its secondary DNS even if the primary is up and running normally.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18853353

It's all down to the DNS Client, if it doesn't get a fast enough response from your Preferred DNS server it'll use the Alternate.  This isn't an easy issue to quantify.

Bear in mind that each client that accidentally queries the Router for DNS resolution during logon will hang around for up to 10 minutes trying to find what isn't there. It should be noted that a Negative Answer from the Router's DNS Server is still a valid answer. Windows XP caches Negative Responses for 5 minutes which goes towards explaining that 10 minutes hanging around.

You may notice the same kind of problems accessing network resources (file servers, etc) just because it's slipped over once.

Chris
0
 
LVL 1

Author Comment

by:bslorence
ID: 18853403
Thanks guys!

I'm splitting the points because both Leew and Chris-Dent answered at pretty much the same time with... pretty much the same answer. I appreciate the help!
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18853409

You're welcome :)

Chris
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now