how is the domain server choice for domain chosen when there are many resolving domain servers
Not really a problem, but more of an inquisitive DNS question:
on a work network, we have a cloud share thisdomain.com ( fake name in the post, but just used as an example)
if I open a cmd prompt, and type in
tracert thisdomain.com
then it resolves to a server that may, or may not be geographically close( when pinged)
If I use nslookup
then type in thisdomain.com
I get a list of all the IP responding for thisdomain.com
I have two questions:
1) is the list given by nslookup in order of preference of which resolved domain name will be used first.
2) when I use tracert thisdomain.com, why is the IP getting resolved for the thisdomain.com geographically far away instead of choosing a geographically closer server? Meaning I type in tracert thisdomain.com ...and tracert command picks a server far away when there are other servers that are closer that could resolve to the thisdomain.com domain.
Sorry for asking a confusing question, but I just don't understand why, when I use tracert thisdomain.com that is has to pick a server far away with a lot higher ping time...when there is a local server that could resolve thisdomain.com a lot faster.
on a work network, we have a cloud share thisdomain.com ( fake name in the post, but just used as an example)
if I open a cmd prompt, and type in
tracert thisdomain.com
then it resolves to a server that may, or may not be geographically close( when pinged)
If I use nslookup
then type in thisdomain.com
I get a list of all the IP responding for thisdomain.com
I have two questions:
1) is the list given by nslookup in order of preference of which resolved domain name will be used first.
2) when I use tracert thisdomain.com, why is the IP getting resolved for the thisdomain.com geographically far away instead of choosing a geographically closer server? Meaning I type in tracert thisdomain.com ...and tracert command picks a server far away when there are other servers that are closer that could resolve to the thisdomain.com domain.
Sorry for asking a confusing question, but I just don't understand why, when I use tracert thisdomain.com that is has to pick a server far away with a lot higher ping time...when there is a local server that could resolve thisdomain.com a lot faster.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) Actually, yes, sometimes. In many cases the order of the returned IPs will change from one query to the next (typically affected by round-robin), but let's talk a little about subnet prioritization/netmask ordering. Assuming you haven't turned it off, DNS will return the IPs in order of which is closest to the client IP (based on subnets, not physical location). As far as I'm aware, this doesn't really have any effect for internet IPs, just for your internal network. If you're not using Class C networks, you have to adjust a setting that corresponds with your netmask size, otherwise you won't get expected results. Some decent explanation is here - https://blogs.msmvps.com/acefekay/2010/05/29/dns-and-subnet-priortization-amp-dns-round-robin/
Different applications can vary on which IP they choose from a list, so it's not always going to be the first one in the list that you see from nslookup.
Different applications can vary on which IP they choose from a list, so it's not always going to be the first one in the list that you see from nslookup.
true with msdns if and only if the client is in the same class A/B/C as the dns server.
basically this only works more or less for LAN vs WAN situations using regular LAN addresses.
all other servers i ever worked with do not do this by default ( default behavior is to stick to the RFCs ).
but many have options to do so.
WAN balancing is a whole different story.
i would not recommend you expose microsoft's dns server to the outside world. ever. it is not suited for such balancing, prone to be hacked easily, likely to get your whole network infected if that happens, easy to DOS, easy to use in a DOS reflexion attack... basically not something that can be exposed to the outside world.
dnsmasq has a rather equivalent decent priorisation system for simple lan or lan vs wan cases. more complex cases are usually handled with powerdns or unbound with either geoloc backends or a custom helper.
feel free to post your requirements if you want extra advice for a specific WAN situation
basically this only works more or less for LAN vs WAN situations using regular LAN addresses.
all other servers i ever worked with do not do this by default ( default behavior is to stick to the RFCs ).
but many have options to do so.
WAN balancing is a whole different story.
i would not recommend you expose microsoft's dns server to the outside world. ever. it is not suited for such balancing, prone to be hacked easily, likely to get your whole network infected if that happens, easy to DOS, easy to use in a DOS reflexion attack... basically not something that can be exposed to the outside world.
dnsmasq has a rather equivalent decent priorisation system for simple lan or lan vs wan cases. more complex cases are usually handled with powerdns or unbound with either geoloc backends or a custom helper.
feel free to post your requirements if you want extra advice for a specific WAN situation
ASKER