none
RODC DNS resolution not work when WAN link down RRS feed

  • Question

  • Hello,

    when my WAN link goes down, my 2012 R2 RODC (DNS and GC) no longer responds to DNS requests or fulfills them for Windows clients.  Windows 7 and 10 client computers can't resolve DNS.  Their DNS servers are pointing to local RODC then DC at hub site.  On the RODC server I periodically get clusters of Event ID 4015 DNS Events (See below).  This is odd because DNS works fine when the WAN link is up.  For NIC DNS configuration on RODC, the DC at hub site is primary then secondary DNS is 127.0.0.1, with tertiary being another DC at another site.

    Windows Event Log Errors:

    The description for Event ID ( 4015 ) in Source ( Microsoft-Windows-DNS-Server-Service ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

    I don't understand why DNS fails when WAN link is down.  Is this a DNS configuration issue, AD issue or something else?  Any takers?

    Thanks,

    JC

    Tuesday, August 7, 2018 4:17 PM

All replies

  • Hi,

    Thanks for your question.

    It is a normal behaviour because the writable Domain Controller (hosting DNS) is not accessible.

    When a Read Only Domain Controller (RODC) locates a writeable DNS server to perform ReplicateSingleObject (RSO), it performs a DSGETDC function.Once a DC is returned from the DSGETDC call, it uses the result to search for the NS record in DNS. If the DSGETDC call fails, or it fails to find the NS record of the DC returned from DSGETDC, the error 4105 will be logged.

    Please refer to the link below:

    https://support.microsoft.com/en-us/help/969488/rodc-logs-dns-event-4015-every-3-minutes-with-error-code-00002095 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, August 8, 2018 2:59 AM
    Moderator
  • Hi,

    That makes sense for AD DNS managed zones where a writeable DC is required for replicating the DNS objects for objects and services within my Windows domain.  However, is there a way to configure the RODC to still be able to perform public DNS lookups via the already configured conditional forwards or root hints for DNS zones not managed by AD?  For instance being able to resolve any site like google.com, or yahoo.com if there is still an Internet connection but no WAN connection back to central hub?  This way my users located at the RODC site can still access the Internet if the WAN link is down.  

    Thanks

    Wednesday, August 8, 2018 9:10 PM
  • Hi,

    Thanks for your reply.

    You can add another DNS server and create a secondary zone on it. Then add the ip of new DNS server to the alternate DNS server on clients Ipv4 properties.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, August 9, 2018 9:07 AM
    Moderator
  • If I already configured DNS forwarders (propagated down from DC at hub), shouldn't external DNS resolution work regardless of whether DC at hub is available?  Or does it not work because when the WAN link goes down, the DNS service fails entirely?  I'd rather not setup another alternate standalone DNS server at the RODC site because I have many RODCs in our environment and it could mean many more servers to manage.  

    I appreciate your help on this. 

    Thanks

    Friday, August 10, 2018 3:00 PM
  • Hi,

    Thanks for your reply.

    If you already configured forwarders of RODC DNS, it will forward the queries.

    However,a secondary DNS can provide load balancing,fault tolerance,and traffic reduction.

    Whether to install a secondary DNS depends on you.

    Please refer to the link below:

    https://social.technet.microsoft.com/Forums/sharepoint/en-US/932cfa92-87fd-47cd-892c-3fe695bbc7df/rodc-dns-and-branch-office-site?forum=winserverDS 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, August 13, 2018 9:06 AM
    Moderator
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, August 15, 2018 6:25 AM
    Moderator
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, August 17, 2018 5:53 AM
    Moderator
  • Hi,

    sorry been away and unfortunately this isn't resolved yet.  I understand that adding a secondary DNS server can help with load balancing, fault tolerance and traffic reduction.  However my main problem when WAN goes down is the RODC DNS doesn't use the DNS forwarders, when previously configured to OpenDNS, to resolve public DNS queries.  If this isn't a supported option then I'll look into a secondary DNS server.  I just don't want to start managing secondary DNS servers across many of my locations.  Thanks.

    Thursday, August 23, 2018 8:12 PM
  • Hi,

    Thanks for your reply.

    Another alternative is to configure the client's alternate DNS server with public DNS IP addresses.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, August 24, 2018 1:41 AM
    Moderator