DNS Failover

We have been having an issue where our network begins running VERY slow whenever the primary DNS server fails (the secondary is still up) or the secondary fails (the primary is still up).  All my research thus far has told me to remove the failed DNS server from the machines.  This does work, but it is time consuming and really doesn't solve the problem.  Does anyone have any ideas other than removing the failed server?
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

Leon FesterConnect With a Mentor IT Project Change ManagerCommented:
Exactly the reason I was expecting, in this case you should rather setup forwarders on your own DNS server so that your workstations only query your DNS server. The DNS server will then look at the request, if it matches a forwarding rule, then it will send that query to the remote DNS server and return the results to your DNS client on the workstation.


The other option is to setup a stub zone:

When deciding between conditional forwarder and stubs should be based on how you are connected to the remote site?

Conditional forwarder only require that your DNS server cans connect to the remote DNS server.
Stub zones will require that your workstations/clients can also connect to the remote server which may require additional firewal configuration
You can reduce the timeout value for the clients so they abandon their request to the failed server sooner: http://technet.microsoft.com/en-us/library/ff807396(v=WS.10).aspx
airborne1128Author Commented:
I don't believe it is the timeout.  Its as if there is a sudden broadcast storm to try and find DNS.
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Could you run following commands as administrator on your DC and put the result here please. Note: Please alter your environmental data

dcdiag /test:dns /v
dcdiag /test /v
airborne1128Author Commented:
I will run them first thing in the morning.
Leon FesterIT Project Change ManagerCommented:
There is no DNS failover capabilities.

Primary and Secondary DNS are seperate entities where the secondary is only reference when the primary server becomes unavailable.

I'd explain it all, but I'd just be repeating everything that is mentioned in the following posts:
airborne1128Author Commented:
Ok.  I understand this, but, when we have just a single DNS entry on our systems, we have no problem.  If we add just a bogus IP address in for a secondary DNS, every system immediatly starts to run EXTREEMLY slow.
Just in case I'd like to make sure for the followings;
Your server's only 1 NIC has been connected
Your DC's IP configuration is correct (Primary DNS must be your DC's IP
On your DNS Console- DNS Server (Right click)-Properties, you are not accepting DNS queries on the IP other than your DC's IP
There is no left over from any previous DC in the DNS server
airborne1128Author Commented:
*Only 1 NIC connected
*DNS is set up correctly
*We are not accepting DNS queries
*No other installs present
Leon FesterIT Project Change ManagerCommented:
when we have just a single DNS entry on our systems, we have no problem
I'm assuming at that time, the DNS server is up and running. - so you should be seeing any issues.

If we add just a bogus IP address in for a secondary DNS, every system immediatly starts to run EXTREEMLY slow.

Why would you enter a bogus DNS server?
What scenario are you trying to test?

Are you client windows or *nix clients, I know I've seen issues on *nix clients when the DNS is not available...never ever got an answer from *nix support as to why. Just that DNS must be available.

I cannot say that I've personally seen Windows clients behave like this.

Finding a solution for your problem depends on the root cause of the server becoming unavailable. Can you elaborate on what causes the servers to go down?

I doubt that you'd get a "textbook" answer knowledge usually only looks at what is supposed to work, if configured correctly and all services are available.

Your best bet to get an understanding of what is happening on the network would be to run a snipper app, like Wireshark or Netmon from Microsoft, you'll then be able to see which servers are being queries, how long that server is pinged and you'll know when the DNS queries are answered.
airborne1128Author Commented:
We have no idea why the server is going down.  It is not on our end.  The reason for entering the bogus DNS ip for a secondary is mearly to "see what happens" in an attempt to duplicate the issue in our lab.  In the field, it is not our DNS (primary) that is going down, but the secondary.
Leon FesterIT Project Change ManagerCommented:
OK, makes sense.
If you're not controlling the DNS servers then I'd recommend moving the off your workstations.

Any Windows Server can be a DNS server, the only limitation being AD-integrated DNS can only run on a domain controller. I would recommend that you consider putting in a second DNS server of your own.

Does the secondary DNS server hold any specific DNS zones that you want to query or why are you using it?

Maybe you can expand on the reasons for using the secondary from another site?

The issues with external DNS is that too many things can go wrong, e.g. server issue, DNS service, Network, Firewall, Bandwidth and congestion, and then you end up with a situation like you're currently in.

N.B. I'm not rapping you over the knuckles, just trying to get an understanding of your environment. I've working in enough places where solutions were built on the wrong requirements.
airborne1128Author Commented:
Unfortunatly we do not have the ability to install another DNS due to space and other restrictions.  We have to have the other DNS as it does hold specific queries that will not be allowed on other servers if you know what I mean.
All Courses

From novice to tech pro — start learning today.