Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Authoritative DNS Servers at Main and DR Site Advice

Posted on 2015-02-12
4
Medium Priority
?
99 Views
Last Modified: 2015-02-15
We use our own authoritative DNS Servers, 4 of them (the maximum).  Our Main site (3 DNS servers there), and a DR site (1 DNS server there).  The DR site authoritative DNS server is kept disabled (but would be enabled in the event of an unlikely DR situation).

The DR site DNS server is the "last" (highest) host name in the list.  They are NS1, NS2, NS3, and NS4 (NS4 is the DR site DNS server).

We have used this arrangement for many years.

Recently, I had a cranky new customer notify me that some of their DNS queries had went to the DR site DNS server, and it was taking "too long" for their needs, as their DNS query would timeout with no response (well of course, since that DNS server is disabled).  He said that Windows normally uses the last DNS server first (in which I really didn't believe), and then he later said it was round-robin (a more plausible possibility I guess).  

I guess it would be nice to perhaps find a little better approach to this, but without doing a lot of changes in terms of the total general design.  Maybe a nice tweak at the DR site, perhaps.  Having that DR site DNS server timeout is an issue I guess, in general, although for a long time no one else has said anything about it.

We use Barracuda Link Ba lancers for this process.  They have a firewall in them, and the authoritative DNS servers.

Thoughts anyone?
0
Comment
Question by:racone
  • 2
  • 2
4 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40607560
Presumably NS4 gives out different answers to NS1, 2 and 3 to support your DR mode?

> He said that Windows normally uses the last DNS server first (in which I really didn't believe)

I like it, fantastically unsubstantiated :)

> and then he later said it was round-robin (a more plausible possibility I guess).

This is true, loose NS record load-balancing. However a reasonable DNS server won't die unless all NS records fail to respond, that's the point of being able to publish multiple after all.

Many DNS server implementations (unsubstantiated too) use the first Name Server in the list where the list is returned using Round Robin ordering. Larger services may choose to optimize name server selection based on a response times, but this is generally limited to very large name servers (root, extremely popular domains, etc).

Having a (mostly) permanent lame name server isn't, perhaps, entirely ideal. But it shouldn't cause failure unless all of the other name servers have also failed.

This method is discussed in RFC 1034 5.3.3.

https://www.ietf.org/rfc/rfc1034.txt

2 and 3 are a short loop to attempt to locate an answer and will happily deal with an unresponsive name server (such as your DR server when all is well).

Chris
0
 
LVL 1

Author Comment

by:racone
ID: 40610987
Thanks for the reply!

In our networking equipment, we can disable a domain from replying to name service queries.  This is what we do at the DR site.  I did ask for a feature request to have another option to simply have some empty response rather than no respone.  This would help with clients having to time out on their name service requests to the DR site server.  Your thoughts?  Curious, what would be the best "empty response" a name server could do so it acts like it has no information, and the client would move on to the next name server?  Thanks!
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 40611028
No response is better than an empty response. None will make a requesting iterative resolver ask other name servers. An empty response will be treated as authoritative and will stop resolution there.

Chris
0
 
LVL 1

Author Closing Comment

by:racone
ID: 40611479
Excellent responses!
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question