?
Solved

DNS Domain name failover

Posted on 2009-04-01
20
Medium Priority
?
514 Views
Last Modified: 2012-05-06
Greetings to all, I have a server farm comprising of multiple servers running Windows Server 2003 SP2 which are all joined to a domain. There are two Domain Controllers (both with Global Catalog enabled) which are running DNS server. I have verified that both are AD intergrated and are able to replicate changes to each other without problems.

My problem is as follows: I login to server APPS01 and run "ping domain.name" from command prompt, the domain name resolves to DC1 (for example). Then I shutdown DC1 to simulate a system failure and observe for any problems. I discovered that some of my applications will fail because the applications cannot resolve "domain.name" after DC1 is shutdown? When I re-ping "domain.name", it seems the domain name does not failover to the next DC?

Note that I have already disabled login caching, so after shutting down DC1, users are still able to login through DC2. But the domain name does not failover unless I manually run a refresh DNS cache. I've tried to modify the TTL values for all SOA entries in DNS from 1 hour to 5 minutes, but that did not appear to work. Is there another method I can try?
0
Comment
Question by:harnamsc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
20 Comments
 
LVL 5

Expert Comment

by:theoaks
ID: 24036681
first, is there a names server record fo reach dns server in your dns domain?

also, under your dns zone for "domain.com" under a folder called "DomainDNSZones", is there a host (a) record for each dns server in your dns domain?

azzzzzzzzzzz
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24036687
and.....

under your dns zone for domain.com, is there a host record for each dns server?
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24036700
could also help to try and runa nslookup to your two dc's to first verify that they are acting as dns servers and run some records through and see if they resolve.. maybe even try resolving the domain name to both dns servers and verify that they have each spit back the two ip's of your dc's.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 1

Author Comment

by:harnamsc
ID: 24037022
theoaks: I've checked my DNS, under "DomainDNSZones" both my DCs have host records, same for the dns zone "domain.name". As for resolving domain name to both servers, when I run "ping domain.name" from both DCs they both resolve to DC1 currently.
 
 
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24037048
dont run a ping. do an nslookup.

ie

Command Prompt type nslookup hit enter

then type: domain.com hit enter

look at the results, there should be more than one ip outputted,for each dc


0
 
LVL 1

Author Comment

by:harnamsc
ID: 24037112
Okay I've checked, both DC's show up when I run nslookup "domain.name" from any of the application servers.
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24037151
also make sure you do the nslookup to your secondary dns server. if that is showing both aswell then check your clients are configured to go to both dns servers.

at the nslookup command line type

server <ipofsecondserverhere> hit enter

this will allow you to query the other server.


0
 
LVL 5

Expert Comment

by:theoaks
ID: 24037161
also, what applications are trying to query the domain controllers? are they just requesting ad information fro the dc's? or do you have some server side apps running on your dc's?
0
 
LVL 1

Author Comment

by:harnamsc
ID: 24037429
Nslookup to the secondary server works just fine. As for the application itself, I'm not sure. It was installed by our application team. All I know is that it uses the domain.name to locate the DC for authenticating the application. There is no option to specify DC.hostname so we're stuck with the way it is.
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24037865
some app can take a while to move to the next dc, like exchange....

this is normal.

 if you run

ipconfig /flsuhdns

then run the ping, do you get a reply after you have waited for 5 minutes for the record to become stale?
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24037913
whoops that shouldve said ipconfig /flushdns
0
 
LVL 5

Expert Comment

by:HeshamMousa
ID: 24037976
please check with the application team that their applications are using DNS to query the domain controllers
some applications uses domain controller name to query like remedy application
in such applications u've to put domain controller.
0
 
LVL 1

Author Comment

by:harnamsc
ID: 24045648
theoaks: Yes, if I were to run ipconfig /flushdns then the domain name will be updated. However the client doesn't want a manual dns cache flush. We're trying to find an automatic solution so that the DNS will auto-update itself whenever a DC goes down.
HeshamMouse: I understand what you mean, however this application uses the domain.name to determine the domain controller IP and thus contact it. It's not possible to specify the domain controller hostnames (really wish we could though) hence I have to find a solution as our client is not happy that the application fails when a DC goes down eventhough the entire system is supposed to have redundancy.
After doing some research, it seems that DNS auto-update is not possible in Windows Server 2003, but is possible in Windows Server 2008? To solve this problem I'm going to attempt to write a script to flush the DNS cache every 5 minutes and add the script to Windows Scheduled Tasks of the servers running the applications. It'll generate a lot more traffic than if the DNS domain.name entry alone were to expire every 5 minutes. It's not the best solution, but currently it's the only workable one right now.
0
 
LVL 5

Expert Comment

by:theoaks
ID: 24049160
if your ttl for the record is set to five minutes, then after 5 mins the cached record will become stale and the client will re query the new record. this will affectively be doing the same thing that the flushdns will do.

if you need your failover to be that fast, set the ttl on your records to 60 seconds. your dns server will however be under a bit more load...

0
 
LVL 1

Author Comment

by:harnamsc
ID: 24055971
That's unusual, I've already set the TTL for all my SOA records to 5 minutes but it had no effect when I shutdown DC1?
Is there another setting or which is the proper field? Perhaps I set it wrongly.................
0
 
LVL 5

Assisted Solution

by:theoaks
theoaks earned 2000 total points
ID: 24059714
you should be changing the time of your (a) records for your domain.name located at the root of your domain.name zone records. dont bother with the soa records they aren't pertinent to what your trying to do


0
 
LVL 1

Author Comment

by:harnamsc
ID: 24071779
theoaks: I think you've found the problem. I don't recall seeing any (a) records for domain.name in any of my lookup zones? The only records that included domain.name in them are the SOA records I mentioned.

Where should I create the (a) records for domain.name and what parameters should I assign to them? Also I have two forward lookup zones, domain.name and _mscds.domain.name, which one should I create the records in? Or should I create in both?
0
 
LVL 1

Author Comment

by:harnamsc
ID: 24074789
An update to my earlier comment above: For the (a) records for domain.name, actually I do have them. I was confused as in DNS they appear as "(same as parent folder) host(A) <DC1 IP>" and "(same as parent folder) host(A) <DC2 IP>". BUT under properties I can only add a hostname (if its a server it'll display as "servername.domain.name") or enable updates to the corresponding PTR record. There is no option to set the TTL as per the SOA records?
Can anyone assist to guide me as to how to adjust the TTL for the (a) records in DNS? Or are the SOA records actually what I should be editing?
0
 
LVL 5

Accepted Solution

by:
theoaks earned 2000 total points
ID: 24075729
in dns manangement console, click tools from the menu and click advanced.

forget the soa records! when you are pining your domain.name, the a record is resolved. not the soa record
0
 
LVL 1

Author Comment

by:harnamsc
ID: 24083834
Thanks theoaks, that did the trick.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question