DNS Setting in Windows TCP/ IP
on the Screenshot below , there is a configuration of network adapter for TCP/IP , and in the DNS part, we can see the primary DNS is pointing to the local server where DNS services are installed in the Alternate it is pointing to Google DNS.
Now, does that mean any name resolutions for local network will be resolved by the server , and if it is outside the network it will be resolved by Google DNS ?
If I remember, it used be that Alternate DNS will never be used unless if the primary DNS is down...and both IP address will point to DNS servers on the local Network not on the Internet.
Thank you
Hello,
The DNS Client service queries the DNS servers in the following order:
- The DNS Client service sends the name query to the first DNS server on the preferred adapter’s list of DNS servers and waits one second for a response.
- If the DNS Client service does not receive a response from the first DNS server within one second, it sends the name query to the first DNS servers on all adapters that are still under consideration and waits two seconds for a response.
- If the DNS Client service does not receive a response from any DNS server within two seconds, the DNS Client service sends the query to all DNS servers on all adapters that are still under consideration and waits another two seconds for a response.
- If the DNS Client service still does not receive a response from any DNS server, it sends the name query to all DNS servers on all adapters that are still under consideration and waits four seconds for a response.
- If it the DNS Client service does not receive a response from any DNS server, the DNS client sends the query to all DNS servers on all adapters that are still under consideration and waits eight seconds for a response.
In your specific scenario, If the internal DNS is having root hints/forwarders configured and has the capability to do an external name resolution - This configuration is fine to certain extend.
If the internal DNS is not configured for external name resolution, then all DNS requests from clients will be hitting the internal DNS. Internal DNS should resolve the zones and records it has. External Name Resolution request will fail and retried using the secondary DNS.
The drawback here
1) an additional delay caused due to the first dns query
2) If primary DNS server didnt respond on time (Null response), this primary DNS server will be removed from the eligible resolver list for next 15 mins, which will cause all requests to hit the secondary DNS
The best option is to have two internal DNS, both configured with external name resolution either by root hints or DNS forwarders. By this way, no additional hop, no worries about one server not responding or down.
While using any network other than office network, its always recommended to use the DHCP ip address along with the DNS. I haven't seen any specific reason to manually configured a DNS IP on network interface while connecting to any external network. That implies that such users shouldn't have a static IP in office network too to make this working seamlessly. You should think about having a DHCP server inside your network and have the clients getting ip address through the DHCP address, which should also have the DNS configuration pushed.
Cheers !
Shaba
ASKER
What I am trying to understand is the Alternate DNS will resolve the names, only when the Preferred DNS is completely down or unreachable
or even in situation when the Preferred DNS cannot just resolve the names..
Probably the Snapshot is not a perfect Example, but let 's say I have DNS Settings on the Adapter as follows:
Preferred DNS: 192.168.1.20
Alternate DNS: 192.168.1.30
Now the Client will use the Preferred to Resolve names in the local network, if DNS 192.168.1.20 is down or the services on that DNS are not running then the client will query the Alternate DNS.
For how long the Client waits for a resolution from the Preferred Server before it queries the Alternate DNS, that's I am not sure.
If the CLient is trying to resolve names on the Internet then DNS server will use Root Hints.
Is that correct ?
What I am trying to understand is the Alternate DNS will resolve the names, only when the Preferred DNS is completely down or unreachable or even in situation when the Preferred DNS cannot just resolve the names..
Alternate DNS servers will only be used when the preferred server doesn't respond. In that situation, the timeouts and client behavior that Shaba posted above are correct. Those things are discussed in detail here:
https://docs.microsoft.com/en-us/archive/blogs/stdqry/dns-clients-and-timeouts-part-2
If the preferred server responds by saying, "I can't resolve this name," that's still a response, known as a negative response. The client will accept the negative response and won't attempt to query any other DNS servers; it'll just assume that the name doesn't exist.
Forwarders and root hints are methods that a DNS server can use to attempt to resolve queries that it can't resolve on its own. This behavior is handled entirely on the server side. It's invisible to the client, which simply waits for a response from the server; it doesn't care how or where the server obtains that response.
Thank you for the link on how DNS works in Windows. That filled in a number of gaps in my knowledge of it.
ASKER
A better place for 8.8.8.8 is in the forwarders section - if the DNS server cannot resolve an address on its own, or from the alternate DNS server, it will get it from servers listed in the forwarders section
(This is all assuming you're actually running a DNS server on this machine you took a screenshot of)