Jump to content

DNS Question


atari37

Recommended Posts

I'm having issues with setting up a host with two DNS servers, primary and secondary. I have two DNS server, one being the same as the DC, this DNS works fine...A second DNS server also works flawless but when I configure my hosts to use both DNS server, only the primary works and not the secondary.

What am I overlooking here?

Link to comment
Share on other sites


What do you mean by "only the primary one works?"

Are you not seeing any traffic to the secondary one? Perhaps all your clients are quite happily talking to the primary and don't need to talk to the secondary?

Or does it not function at all? What happens when you try to run NSLOOKUP using the secondary server?

Link to comment
Share on other sites

What do you mean by "only the primary one works?"

Are you not seeing any traffic to the secondary one? Perhaps all your clients are quite happily talking to the primary and don't need to talk to the secondary?

Or does it not function at all? What happens when you try to run NSLOOKUP using the secondary server?

Both primary and secondary function okay. I have a Web Server which call good, there's a record in my Secondary DNS server for good. Now when I open change my Windows configuration to use the secondary DNS as my primary and type http://good in a browser, the page loads okay. Problem is when I change the configuration back to primary and secondary DNS, the page doesn't load anymore.

I was under the impression that if the primary doesn't know about the web server, it will try using the secondary dns server (which knows about the web server) to find http://good...I'm I wrong?

nslookup using both DNS server return the right output...it just seems like the secondary doesn't kick in when the primary can't resolve a name.

Link to comment
Share on other sites

Is this an AD-integrated zone?

If not - do both servers consider themselves authoritative for the zone? If so, and the primary DNS does not have a record for a host called 'good', it will authoritatively reject the request. After all, if there really were a host called 'good', it would know about it, right?

ALL servers authoritative for a zone must know about ALL records in that zone.

What confuses me is that you said that nslookup against both servers returns the right output. Are you sure it isn't sending back NXDOMAIN?

Is this 'good' webserver in a zone which the primary DNS server doesn't know about?

Does the zone exist on the Internet, and if so - which nameservers are specified as being authoritative?

What kind of zone is it? (eg AD-integrated, primary, stub, etc?), and which version of Windows Server?

What forwarders are defined on the primary DNS server? It should have the IP of the secondary server on there. - Also; have you disabled recursion entirely on the primary DNS server?

Link to comment
Share on other sites

sorry should have been more specific,

i mean in the properties of the LAN connection the firtst dns server should be itself and the alternative should be the second server :)

Oh, I already tried that...didn't work. I believe there's more to it than.

Link to comment
Share on other sites

Is this an AD-integrated zone?

If not - do both servers consider themselves authoritative for the zone? If so, and the primary DNS does not have a record for a host called 'good', it will authoritatively reject the request. After all, if there really were a host called 'good', it would know about it, right?

ALL servers authoritative for a zone must know about ALL records in that zone.

What confuses me is that you said that nslookup against both servers returns the right output. Are you sure it isn't sending back NXDOMAIN?

Is this 'good' webserver in a zone which the primary DNS server doesn't know about?

Does the zone exist on the Internet, and if so - which nameservers are specified as being authoritative?

What kind of zone is it? (eg AD-integrated, primary, stub, etc?), and which version of Windows Server?

What forwarders are defined on the primary DNS server? It should have the IP of the secondary server on there. - Also; have you disabled recursion entirely on the primary DNS server?

The primary DNS is AD-integrated, the secondary isn't. Both servers however act as authoritative zones. The primary DNS knows about "good", good is however not on the AD, it's on a different subnet. nslookup returns: server:nameofprimarydomain

address:192.1.1.1

non-authoritative answer: etc....

One thing I haven't tried yet is making my secondary DNS server a forwarder in my DNS configuration, I didn't think this will be necessary since I'm telling the workstation to use a secondary DNS in case the primary fails. Amazingly, if I turn off my primary DNS server, secondary picks up and vise vesa but they don't work together. The primary is running server 2003 and the secondary is RedHat. Both of these DNS servers know about each other by way of host records.

I don't want to write too much to prevent any confusion so I'll try to keep this short...

Web Server is known as good on one network (subnet-primary DNS) and known as good2 on another network (subnet-secondary DNS). I should be able to get to this website (internal website by the way) with either good or good2 since both my primary and secondary servers have records of both names. Am I making any sense? In windows configuration, I can get to "good" by using my primary in the first entry...I can get to it by typing good2 if I use the secondary dns as my primary. All I want is to have my primary act as a primary and secondary act as a secondary...if primary can't resolve, send the request to secondary but that's not happening. I have to use one or the other and not both...And yes, I do need both names to resolve.

Link to comment
Share on other sites

Oh, I already tried that...didn't work. I believe there's more to it than.

Yes - you have to configure the DNS forwarder servers.

Open the DNS MMC snap-in.

Find the primary DNS server in the list.

Right-click on it, choose properties.

Open the 'forwarders' tab.

Add the secondary server's IP address in the list (you can specify a particular domain for forwarding to servers if you're on 2k3).

Ensure that 'disable recursion' is NOT ticked.

Don't set the query timeout too low. Default is 5 seconds. If you have network issues between DNS servers, you may want to consider increasing this a little to see if it helps.

Link to comment
Share on other sites

Oh, I already tried that...didn't work. I believe there's more to it than.

Yes - you have to configure the DNS forwarder servers.

Open the DNS MMC snap-in.

Find the primary DNS server in the list.

Right-click on it, choose properties.

Open the 'forwarders' tab.

Add the secondary server's IP address in the list (you can specify a particular domain for forwarding to servers if you're on 2k3).

Ensure that 'disable recursion' is NOT ticked.

Don't set the query timeout too low. Default is 5 seconds. If you have network issues between DNS servers, you may want to consider increasing this a little to see if it helps.

I know how to do this...I just didn't think I had to set my secondary as a forwarder on my DNS server for this to work. I will try it out tomorrow.

Thanks

Link to comment
Share on other sites

Do Not forward one (internal) DNS server to the other (internal) DNS server, unless you want it to take twice as long for the query to fail! There is no point in creating redundancy if they're designed to fail together...

Both of your DNS servers service the same internal domain, Yes?

For that each DNS server must use itself (and only itself) for DNS resolution, and then forward any other DNS requests to an external source (your ISP or the default web root servers) for any other domain.

Your Primary DNS server is just that, Primary which is where your DHCP server will direct the IP/lease DNS registration updates. What you need to do is enable Zone Transfers from the primary to the secondary so they both share the same data and will therefore be able to respond with the same answer.

This way if one does go down, the other is capable of handling both the internal & external domain name lookups.

Link to comment
Share on other sites

^ That is correct, the secondary server should not be contacted unless the primary goes down. They do not load balance or alternate. They don't work like AD controllers.

If the secondary DNS is the only one which holds a record for the 'good.example.org' host, it will need to be contacted.

If the primary DNS doesn't know about this host (and doesn't have a specific forwarder setup), it will do one of two things:

1) If it isn't authoritative for the zone, it will consult the root hint servers (which will fail if the zone isn't valid on the Internet).

2) If it is authoritative for the zone, it will issue an NXDOMAIN response.

Link to comment
Share on other sites

FYI:

I solved this issue this morning. The idea to use the secondary DNS as a forwarded sounded a little weird but I gave it a try anyway. It didn't work.

I created a zone for the secondary DNS...I had a record of the secondary DNS prior to things not working but after creating a zone for the secondary DNS, things started working 100%.

Both DNS Servers work together now.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...