Solved

DNS Failover

Posted on 2013-01-02
13
430 Views
Last Modified: 2013-01-09
We have been having an issue where our network begins running VERY slow whenever the primary DNS server fails (the secondary is still up) or the secondary fails (the primary is still up).  All my research thus far has told me to remove the failed DNS server from the machines.  This does work, but it is time consuming and really doesn't solve the problem.  Does anyone have any ideas other than removing the failed server?
0
Comment
Question by:airborne1128
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 5

Expert Comment

by:mlaise
ID: 38737752
You can reduce the timeout value for the clients so they abandon their request to the failed server sooner: http://technet.microsoft.com/en-us/library/ff807396(v=WS.10).aspx
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38737826
I don't believe it is the timeout.  Its as if there is a sudden broadcast storm to try and find DNS.
0
 
LVL 8

Expert Comment

by:teomcam
ID: 38737982
Could you run following commands as administrator on your DC and put the result here please. Note: Please alter your environmental data

dcdiag /test:dns /v
dcdiag /test /v
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 6

Author Comment

by:airborne1128
ID: 38737985
I will run them first thing in the morning.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38739235
There is no DNS failover capabilities.

Primary and Secondary DNS are seperate entities where the secondary is only reference when the primary server becomes unavailable.

I'd explain it all, but I'd just be repeating everything that is mentioned in the following posts:
http://social.technet.microsoft.com/Forums/en-US/winserverPN/thread/297dc8fa-0b14-4705-94ea-8aa1b0b38876
http://blogs.technet.com/b/stdqry/archive/2011/12/02/dns-clients-and-timeouts-part-1.aspx
http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx
http://technet.microsoft.com/en-us/library/cc779517.aspx
http://support.microsoft.com/kb/320760/en-us
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38740864
Ok.  I understand this, but, when we have just a single DNS entry on our systems, we have no problem.  If we add just a bogus IP address in for a secondary DNS, every system immediatly starts to run EXTREEMLY slow.
0
 
LVL 8

Expert Comment

by:teomcam
ID: 38741332
Just in case I'd like to make sure for the followings;
Your server's only 1 NIC has been connected
Your DC's IP configuration is correct (Primary DNS must be your DC's IP
On your DNS Console- DNS Server (Right click)-Properties, you are not accepting DNS queries on the IP other than your DC's IP
There is no left over from any previous DC in the DNS server
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38741422
*Only 1 NIC connected
*DNS is set up correctly
*We are not accepting DNS queries
*No other installs present
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38742972
when we have just a single DNS entry on our systems, we have no problem
I'm assuming at that time, the DNS server is up and running. - so you should be seeing any issues.

If we add just a bogus IP address in for a secondary DNS, every system immediatly starts to run EXTREEMLY slow.

Why would you enter a bogus DNS server?
What scenario are you trying to test?

Are you client windows or *nix clients, I know I've seen issues on *nix clients when the DNS is not available...never ever got an answer from *nix support as to why. Just that DNS must be available.

I cannot say that I've personally seen Windows clients behave like this.

Finding a solution for your problem depends on the root cause of the server becoming unavailable. Can you elaborate on what causes the servers to go down?

I doubt that you'd get a "textbook" answer knowledge usually only looks at what is supposed to work, if configured correctly and all services are available.

Your best bet to get an understanding of what is happening on the network would be to run a snipper app, like Wireshark or Netmon from Microsoft, you'll then be able to see which servers are being queries, how long that server is pinged and you'll know when the DNS queries are answered.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38743650
We have no idea why the server is going down.  It is not on our end.  The reason for entering the bogus DNS ip for a secondary is mearly to "see what happens" in an attempt to duplicate the issue in our lab.  In the field, it is not our DNS (primary) that is going down, but the secondary.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38743685
OK, makes sense.
If you're not controlling the DNS servers then I'd recommend moving the off your workstations.

Any Windows Server can be a DNS server, the only limitation being AD-integrated DNS can only run on a domain controller. I would recommend that you consider putting in a second DNS server of your own.

Does the secondary DNS server hold any specific DNS zones that you want to query or why are you using it?

Maybe you can expand on the reasons for using the secondary from another site?

The issues with external DNS is that too many things can go wrong, e.g. server issue, DNS service, Network, Firewall, Bandwidth and congestion, and then you end up with a situation like you're currently in.

N.B. I'm not rapping you over the knuckles, just trying to get an understanding of your environment. I've working in enough places where solutions were built on the wrong requirements.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38743699
Unfortunatly we do not have the ability to install another DNS due to space and other restrictions.  We have to have the other DNS as it does hold specific queries that will not be allowed on other servers if you know what I mean.
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 38743726
Exactly the reason I was expecting, in this case you should rather setup forwarders on your own DNS server so that your workstations only query your DNS server. The DNS server will then look at the request, if it matches a forwarding rule, then it will send that query to the remote DNS server and return the results to your DNS client on the workstation.

http://www.techrepublic.com/article/step-by-step-standard-and-conditional-forwarding-in-windows-2003-dns/5112303

The other option is to setup a stub zone:
http://technet.microsoft.com/en-us/library/cc771898.aspx
http://technet.microsoft.com/en-us/library/cc816809(v=ws.10).aspx

When deciding between conditional forwarder and stubs should be based on how you are connected to the remote site?

Conditional forwarder only require that your DNS server cans connect to the remote DNS server.
Stub zones will require that your workstations/clients can also connect to the remote server which may require additional firewal configuration
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now