Solved

Which DNS server is connected?

Posted on 2013-01-23
6
270 Views
Last Modified: 2013-02-21
We have one DNS (named L) server and its failover server (B). Both are set as Primary and Secondary DNS on each server within the same LAN network. DNS settings are all same.

Somehow when I checked with DNS is in use/connected as DNS for each servers, some server shows L and some shows B. I used this command : >echo %LOGONSERVER%

Did I use the right command?
If so why I got this information?

Thank you very much!

Jing
0
Comment
Question by:hanjgr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Assisted Solution

by:TunerML
TunerML earned 83 total points
ID: 38812100
%LOGONSERVER% reflects which Domain Controller you are currently logged into, ipconfig /all look for Primary/Secondary DNS servers, as long as primary is available you should be using that one.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 167 total points
ID: 38812142
You can also do an NSLookup of a device on the network and it will tell you which DNS server it pulls the information from. Normally that would be your primary.

The difference between methods is that TunerML's will only give you the IP address of the two DNS servers.  The NSLookup will give you the FQDN as well as IP address of the server that responds to the DNS query.
0
 
LVL 23

Assisted Solution

by:Suliman Abu Kharroub
Suliman Abu Kharroub earned 83 total points
ID: 38812461
The proper tool to check which DNS server is answering DNS queries is nslookup...

issue the nslookup from client machine and it will tell you the server which it uses.

To check the dns serer health run below command on both dcs:

Dcdiag /test:DNS
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 16

Assisted Solution

by:Bruno PACI
Bruno PACI earned 83 total points
ID: 38812524
Hi,

I just want to give some precision about DNS primary and secondary...

Microsoft DNS client on windows computers or server uses what we can call a "preferred DNS server". When the DNS client has to resolve a DNS name it will not request the primary DNS server but the "preferred DNS server".
Waht is the preffered DNS server ? Well... simply the last successfully requested DNS server.
That means that if for any reason the currentlu used DNS server did not answer or take too much time to answer the DNS client might have decided to interrogate the next one in the list and if this one answers it becomes the new preferred DNS server and will always be requested at first on next name resolution.

So the "primary" or "secondary" order is only useful at startup time. When a computer is started it will try to reach the first DNS server in the list, the one that is called "primary" in IP settings, but after that the "primary" notion no more exists... only the preferred DNS server notion exists.

Have a good day.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 167 total points
ID: 38812566
PaciB:

Very good point.  To make that a little stronger, lets say you have two DNS servers. One is in your office and the other is on across the state from you. Now lets say that you "primary" DNS is set to the one across the state. Naturally you would think that it would use that one first however, due to network congestion, it is quicker to get the response from the one in your local office.  This becomse your "preferred" and will continue to be the one you resolve with unless/until it can't respond.

The same is true in the opposite scenario where the local may be your "primary" but can't respond for some reason so the one across the state becomes the "preferred".

nslookup is still the best way to determine what server is providing the lookups at any given point in time.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 84 total points
ID: 38812729
I'm pretty sure nslookup always defaults to the preferred server.  In fact, I just tested this by setting my workstation's DNS servers to 127.0.0.1 (certainly not valid) and 8.8.8.8 and flushing the resolver cache.  I ran nslookup, and it defaulted to 127.0.0.1.  Then I closed nslookup and pinged www.google.com.  It was able to resolve the FQDN to an address, so DNS worked as it should.  Since there's no DNS server running on 127.0.0.1, it had to have gotten the address from 8.8.8.8.  However, I then ran nslookup again, and it defaulted to 127.0.0.1.

I don't think nslookup can tell you which server the Windows resolver is using, because it uses its own separate resolver.  The only surefire way I can think of to determine which DNS server is being used by a machine at a given time is to run a packet trace.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question