DNS Queries behaving strangely.

I have suddenly been plagued with a DNS issue where my Windows 7 desktops are unable to resolve domain resources. In viewing the DNS cache of the machines themselves I see negative DNS records which read as "name does not exist".
Subsequent lookups do not query a server but just use the negative entry already cached.
These Negative DNS records happen because one of my three (the last) DNS servers provided by DHCP is

Because this server is the last of the three I would expect that the first two, which are both reachable Domain Controllers would provide resolution for the query. After looking through the traffic with Wireshark however I noticed that these DNS servers aren't even queried. The query is sent to

I have used NSlookup to verify that these first two DC's are replying to queries properly and sure enough they are.

I have gone and taken out of my DNS list in DHCP for all my offices and everything seems to be fine.
I cannot however for the life of me understand why this very odd behavior exists and am hoping to find that someone else is at least experiencing the same issue.
One note to add, all these sites do not have a local DNS/DC on site. the few that do seem to be perfectly fine.

Thanks for any consideration given.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Having is not a good practice when it comes to distributing DNS to your clients. Even if this is the 3rd one in the list if the machine at the remote location cannot reach the internal DNS servers within 1 second round trip it will attempt to use the second IP in the list and then the third.

I would start and check to make sure that your network latency is good and also remove from DNS as it is not a good practice to follow.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LafflinAuthor Commented:
Thanks Will, I have already removed and I agree after seeing this, it is definately not a good practice. This was not something easy to troubleshoot.
I think the thought is so that DNS will work (for public) in the event that the VPN to where the DNS server actually is breaks.
The truth of this matter is we should try to have DNS on as many sites as possible and keep latency down on those where you cannot.

Thanks Will, I was able to get more info on the one second latency rule after seeing you mention it and now all makes sense.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.