Solved

DNS Domain name failover

Posted on 2009-04-01
20
506 Views
Last Modified: 2012-05-06
Greetings to all, I have a server farm comprising of multiple servers running Windows Server 2003 SP2 which are all joined to a domain. There are two Domain Controllers (both with Global Catalog enabled) which are running DNS server. I have verified that both are AD intergrated and are able to replicate changes to each other without problems.

My problem is as follows: I login to server APPS01 and run "ping domain.name" from command prompt, the domain name resolves to DC1 (for example). Then I shutdown DC1 to simulate a system failure and observe for any problems. I discovered that some of my applications will fail because the applications cannot resolve "domain.name" after DC1 is shutdown? When I re-ping "domain.name", it seems the domain name does not failover to the next DC?

Note that I have already disabled login caching, so after shutting down DC1, users are still able to login through DC2. But the domain name does not failover unless I manually run a refresh DNS cache. I've tried to modify the TTL values for all SOA entries in DNS from 1 hour to 5 minutes, but that did not appear to work. Is there another method I can try?
0
Comment
Question by:harnamsc
  • 11
  • 8
20 Comments
 
LVL 5

Expert Comment

by:theoaks
ID: 24036681
first, is there a names server record fo reach dns server in your dns domain?

also, under your dns zone for "domain.com" under a folder called "DomainDNSZones", is there a host (a) record for each dns server in your dns domain?

azzzzzzzzzzz
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24036687
and.....

under your dns zone for domain.com, is there a host record for each dns server?
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24036700
could also help to try and runa nslookup to your two dc's to first verify that they are acting as dns servers and run some records through and see if they resolve.. maybe even try resolving the domain name to both dns servers and verify that they have each spit back the two ip's of your dc's.
0
 
LVL 1

Author Comment

by:harnamsc
ID: 24037022
theoaks: I've checked my DNS, under "DomainDNSZones" both my DCs have host records, same for the dns zone "domain.name". As for resolving domain name to both servers, when I run "ping domain.name" from both DCs they both resolve to DC1 currently.
 
 
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24037048
dont run a ping. do an nslookup.

ie

Command Prompt type nslookup hit enter

then type: domain.com hit enter

look at the results, there should be more than one ip outputted,for each dc


0
 
LVL 1

Author Comment

by:harnamsc
ID: 24037112
Okay I've checked, both DC's show up when I run nslookup "domain.name" from any of the application servers.
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24037151
also make sure you do the nslookup to your secondary dns server. if that is showing both aswell then check your clients are configured to go to both dns servers.

at the nslookup command line type

server <ipofsecondserverhere> hit enter

this will allow you to query the other server.


0
 
LVL 5

Expert Comment

by:theoaks
ID: 24037161
also, what applications are trying to query the domain controllers? are they just requesting ad information fro the dc's? or do you have some server side apps running on your dc's?
0
 
LVL 1

Author Comment

by:harnamsc
ID: 24037429
Nslookup to the secondary server works just fine. As for the application itself, I'm not sure. It was installed by our application team. All I know is that it uses the domain.name to locate the DC for authenticating the application. There is no option to specify DC.hostname so we're stuck with the way it is.
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24037865
some app can take a while to move to the next dc, like exchange....

this is normal.

 if you run

ipconfig /flsuhdns

then run the ping, do you get a reply after you have waited for 5 minutes for the record to become stale?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 5

Expert Comment

by:theoaks
ID: 24037913
whoops that shouldve said ipconfig /flushdns
0
 
LVL 5

Expert Comment

by:HeshamMousa
ID: 24037976
please check with the application team that their applications are using DNS to query the domain controllers
some applications uses domain controller name to query like remedy application
in such applications u've to put domain controller.
0
 
LVL 1

Author Comment

by:harnamsc
ID: 24045648
theoaks: Yes, if I were to run ipconfig /flushdns then the domain name will be updated. However the client doesn't want a manual dns cache flush. We're trying to find an automatic solution so that the DNS will auto-update itself whenever a DC goes down.
HeshamMouse: I understand what you mean, however this application uses the domain.name to determine the domain controller IP and thus contact it. It's not possible to specify the domain controller hostnames (really wish we could though) hence I have to find a solution as our client is not happy that the application fails when a DC goes down eventhough the entire system is supposed to have redundancy.
After doing some research, it seems that DNS auto-update is not possible in Windows Server 2003, but is possible in Windows Server 2008? To solve this problem I'm going to attempt to write a script to flush the DNS cache every 5 minutes and add the script to Windows Scheduled Tasks of the servers running the applications. It'll generate a lot more traffic than if the DNS domain.name entry alone were to expire every 5 minutes. It's not the best solution, but currently it's the only workable one right now.
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24049160
if your ttl for the record is set to five minutes, then after 5 mins the cached record will become stale and the client will re query the new record. this will affectively be doing the same thing that the flushdns will do.

if you need your failover to be that fast, set the ttl on your records to 60 seconds. your dns server will however be under a bit more load...

0
 
LVL 1

Author Comment

by:harnamsc
ID: 24055971
That's unusual, I've already set the TTL for all my SOA records to 5 minutes but it had no effect when I shutdown DC1?
Is there another setting or which is the proper field? Perhaps I set it wrongly.................
0
 
LVL 5

Assisted Solution

by:theoaks
theoaks earned 500 total points
ID: 24059714
you should be changing the time of your (a) records for your domain.name located at the root of your domain.name zone records. dont bother with the soa records they aren't pertinent to what your trying to do


0
 
LVL 1

Author Comment

by:harnamsc
ID: 24071779
theoaks: I think you've found the problem. I don't recall seeing any (a) records for domain.name in any of my lookup zones? The only records that included domain.name in them are the SOA records I mentioned.

Where should I create the (a) records for domain.name and what parameters should I assign to them? Also I have two forward lookup zones, domain.name and _mscds.domain.name, which one should I create the records in? Or should I create in both?
0
 
LVL 1

Author Comment

by:harnamsc
ID: 24074789
An update to my earlier comment above: For the (a) records for domain.name, actually I do have them. I was confused as in DNS they appear as "(same as parent folder) host(A) <DC1 IP>" and "(same as parent folder) host(A) <DC2 IP>". BUT under properties I can only add a hostname (if its a server it'll display as "servername.domain.name") or enable updates to the corresponding PTR record. There is no option to set the TTL as per the SOA records?
Can anyone assist to guide me as to how to adjust the TTL for the (a) records in DNS? Or are the SOA records actually what I should be editing?
0
 
LVL 5

Accepted Solution

by:
theoaks earned 500 total points
ID: 24075729
in dns manangement console, click tools from the menu and click advanced.

forget the soa records! when you are pining your domain.name, the a record is resolved. not the soa record
0
 
LVL 1

Author Comment

by:harnamsc
ID: 24083834
Thanks theoaks, that did the trick.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain and Forest functional levels 11 69
heat agent push through GPO 2 48
ADMT Intra Forest migration questions 7 123
Computer software inventory 5 73
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now