Solved

DNS Failover

Posted on 2013-01-02
13
427 Views
Last Modified: 2013-01-09
We have been having an issue where our network begins running VERY slow whenever the primary DNS server fails (the secondary is still up) or the secondary fails (the primary is still up).  All my research thus far has told me to remove the failed DNS server from the machines.  This does work, but it is time consuming and really doesn't solve the problem.  Does anyone have any ideas other than removing the failed server?
0
Comment
Question by:airborne1128
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 5

Expert Comment

by:mlaise
ID: 38737752
You can reduce the timeout value for the clients so they abandon their request to the failed server sooner: http://technet.microsoft.com/en-us/library/ff807396(v=WS.10).aspx
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38737826
I don't believe it is the timeout.  Its as if there is a sudden broadcast storm to try and find DNS.
0
 
LVL 8

Expert Comment

by:teomcam
ID: 38737982
Could you run following commands as administrator on your DC and put the result here please. Note: Please alter your environmental data

dcdiag /test:dns /v
dcdiag /test /v
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38737985
I will run them first thing in the morning.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38739235
There is no DNS failover capabilities.

Primary and Secondary DNS are seperate entities where the secondary is only reference when the primary server becomes unavailable.

I'd explain it all, but I'd just be repeating everything that is mentioned in the following posts:
http://social.technet.microsoft.com/Forums/en-US/winserverPN/thread/297dc8fa-0b14-4705-94ea-8aa1b0b38876
http://blogs.technet.com/b/stdqry/archive/2011/12/02/dns-clients-and-timeouts-part-1.aspx
http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx
http://technet.microsoft.com/en-us/library/cc779517.aspx
http://support.microsoft.com/kb/320760/en-us
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38740864
Ok.  I understand this, but, when we have just a single DNS entry on our systems, we have no problem.  If we add just a bogus IP address in for a secondary DNS, every system immediatly starts to run EXTREEMLY slow.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 8

Expert Comment

by:teomcam
ID: 38741332
Just in case I'd like to make sure for the followings;
Your server's only 1 NIC has been connected
Your DC's IP configuration is correct (Primary DNS must be your DC's IP
On your DNS Console- DNS Server (Right click)-Properties, you are not accepting DNS queries on the IP other than your DC's IP
There is no left over from any previous DC in the DNS server
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38741422
*Only 1 NIC connected
*DNS is set up correctly
*We are not accepting DNS queries
*No other installs present
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38742972
when we have just a single DNS entry on our systems, we have no problem
I'm assuming at that time, the DNS server is up and running. - so you should be seeing any issues.

If we add just a bogus IP address in for a secondary DNS, every system immediatly starts to run EXTREEMLY slow.

Why would you enter a bogus DNS server?
What scenario are you trying to test?

Are you client windows or *nix clients, I know I've seen issues on *nix clients when the DNS is not available...never ever got an answer from *nix support as to why. Just that DNS must be available.

I cannot say that I've personally seen Windows clients behave like this.

Finding a solution for your problem depends on the root cause of the server becoming unavailable. Can you elaborate on what causes the servers to go down?

I doubt that you'd get a "textbook" answer knowledge usually only looks at what is supposed to work, if configured correctly and all services are available.

Your best bet to get an understanding of what is happening on the network would be to run a snipper app, like Wireshark or Netmon from Microsoft, you'll then be able to see which servers are being queries, how long that server is pinged and you'll know when the DNS queries are answered.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38743650
We have no idea why the server is going down.  It is not on our end.  The reason for entering the bogus DNS ip for a secondary is mearly to "see what happens" in an attempt to duplicate the issue in our lab.  In the field, it is not our DNS (primary) that is going down, but the secondary.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38743685
OK, makes sense.
If you're not controlling the DNS servers then I'd recommend moving the off your workstations.

Any Windows Server can be a DNS server, the only limitation being AD-integrated DNS can only run on a domain controller. I would recommend that you consider putting in a second DNS server of your own.

Does the secondary DNS server hold any specific DNS zones that you want to query or why are you using it?

Maybe you can expand on the reasons for using the secondary from another site?

The issues with external DNS is that too many things can go wrong, e.g. server issue, DNS service, Network, Firewall, Bandwidth and congestion, and then you end up with a situation like you're currently in.

N.B. I'm not rapping you over the knuckles, just trying to get an understanding of your environment. I've working in enough places where solutions were built on the wrong requirements.
0
 
LVL 6

Author Comment

by:airborne1128
ID: 38743699
Unfortunatly we do not have the ability to install another DNS due to space and other restrictions.  We have to have the other DNS as it does hold specific queries that will not be allowed on other servers if you know what I mean.
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 38743726
Exactly the reason I was expecting, in this case you should rather setup forwarders on your own DNS server so that your workstations only query your DNS server. The DNS server will then look at the request, if it matches a forwarding rule, then it will send that query to the remote DNS server and return the results to your DNS client on the workstation.

http://www.techrepublic.com/article/step-by-step-standard-and-conditional-forwarding-in-windows-2003-dns/5112303

The other option is to setup a stub zone:
http://technet.microsoft.com/en-us/library/cc771898.aspx
http://technet.microsoft.com/en-us/library/cc816809(v=ws.10).aspx

When deciding between conditional forwarder and stubs should be based on how you are connected to the remote site?

Conditional forwarder only require that your DNS server cans connect to the remote DNS server.
Stub zones will require that your workstations/clients can also connect to the remote server which may require additional firewal configuration
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now