Solved

What happens when client PCs are set up to use a router as an alternate DNS server?

Posted on 2007-04-04
10
209 Views
Last Modified: 2010-04-18
I've got an easy question: we have a small Windows Server 2003 network with a single DNS server (running Windows 2003) integrated into Active Directory. We have all of the client PCs set up to use our router as a alternate DNS server so that if the DNS server fails, at least our employees can still access the internet.

My question is, are there any problems associated with this type of setup? If so why, and can they be averted?
0
Comment
Question by:bslorence
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 75 total points
ID: 18853249
Yes, there are problems with this.  Your clients should ONLY know about the Windows Server DNS.  Active Directory uses DNS to locate servers and services.  There's NO GUARANTEE that your clients will ALWAYS use the server DNS unless it's down.  As a result, they could sometimes ask your ISP "hey where's the global catalog server?" and your ISP's DNS would say "I have no idea what you're talking about - go $@#& yourself".  And the client would then sit there going... hmmm... what do I do now?  Maybe I'll just keep looking and forget about asking.  Eventually, you'll get through... but misconfigured DNS like this is a major cause of slow logons and problems accessing servers.

To fix it, remove all but the Windows Server from your list of DNS servers.  And if you want to  have a backup DNS server, get another Windows Server (Note: if you're using Small Business Server, you can only have ONE SBS server in a netork - other servers are fine, but ONLY one SBS server.
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 50 total points
ID: 18853263

Yes there are.

You can't guarantee that the PCs on your network will always use the Preferred DNS Server for internal name resolution. Because of that you may find that you occasionally suffer excessively long logon times and problems accessing network resources.

It's not a setup I would recommend, the availability of the internet during (hopefully) minimal server downtime is a poor return on the performance costs.

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18853271

Sorry Leew, bit slow typing that.

Chris
0
 
LVL 1

Author Comment

by:bslorence
ID: 18853292
Why won't the PCs always use the Preferred DNS server? What are a few common causes for a PC using an alternate DNS server?
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18853300
This will probably be an issue in resolving Active Directory resources, esp. your domain controller(s), if your local DNS server fails. Your router is in all likelihood simply forwarding DNS requests to an ISP DNS server that does not host the zone containing your AD SRV records, which means that if your local DNS server fails, your clients will not be able to log onto Active Directory, browse file shares, etc.  They -will- likely still be able to browse the Internet and other things that don't specifically require the ability to resolve your AD DNS records.

The workaround for this, quite simply, is to install additional DNS servers.  If you have multiple DCs in your environment (and please tell me you do), it's easy enough to simply configure each DC as a DNS server, which will provide you redundancy for both AD as well as DNS.

Hope this helps.

Laura E. Hunter - Windows Server: Networking

0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 18853304
The preferred server is busy and the client doesn't want to wait.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18853318
In re: "why won't the PCs always use the Preferred server":  whenever a client needs to resolve a DNS query, it will send the query to its primary DNS server.  If that DNS server doesn't respond within a sufficient time (I believe 5 seconds), the client will re-send the query to its secondary DNS, then its tertiary DNS, and so on.  A simple "blip" in network connectivity could cause a client to send a query to its secondary DNS even if the primary is up and running normally.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18853353

It's all down to the DNS Client, if it doesn't get a fast enough response from your Preferred DNS server it'll use the Alternate.  This isn't an easy issue to quantify.

Bear in mind that each client that accidentally queries the Router for DNS resolution during logon will hang around for up to 10 minutes trying to find what isn't there. It should be noted that a Negative Answer from the Router's DNS Server is still a valid answer. Windows XP caches Negative Responses for 5 minutes which goes towards explaining that 10 minutes hanging around.

You may notice the same kind of problems accessing network resources (file servers, etc) just because it's slipped over once.

Chris
0
 
LVL 1

Author Comment

by:bslorence
ID: 18853403
Thanks guys!

I'm splitting the points because both Leew and Chris-Dent answered at pretty much the same time with... pretty much the same answer. I appreciate the help!
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18853409

You're welcome :)

Chris
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now