none
How is DNS Server providing successful queries ? RRS feed

  • Question

  • Hello, our traditional DNS setup is to configure "Forwarders" (not Conditional Forwarders) to other internal DNS servers in our corporate network.

    For one of our remote sites, I've been asked to disable this and instead, convert to a full DNS Resolver that forwards all queries to Root servers on the internet.

    This seems fairly straightforward, remove "Forwarders" (so "Root Hints" takeover), add "Conditional Forwarders" for every internal domain that isn't visible on the public internet and restart DNS.

    We are testing this in a lab environment and although not having any Forwarders or Conditional Forwarders, we are still finding the server somehow routing DNS queries for an internal only domain (successfully providing a response).

    Are there any files or Registry entries that need to be manually updated for this to work in a reliable manner?

    Also related, on the Root Hints tab, I noticed that the IP Addresses are listed as "Unknown" for many of the root servers. Is this expected?

    Thanks so much!

    Ed Gray

    Tuesday, October 4, 2016 11:36 AM

Answers

  • Hi,

    >>Also related, on the Root Hints tab, I noticed that the IP Addresses are listed as "Unknown" for many of the root servers. Is this expected?

    It seems your root hints not working.

    1.Verify a root name server.If it fails,please check the network connectivity.

    2.Manually add root name server and test again.

    Please follow this link for more details:

    https://technet.microsoft.com/en-us/library/ff807382(v=ws.10).aspx


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 5, 2016 6:59 AM

All replies

  • Hi,

    >>Also related, on the Root Hints tab, I noticed that the IP Addresses are listed as "Unknown" for many of the root servers. Is this expected?

    It seems your root hints not working.

    1.Verify a root name server.If it fails,please check the network connectivity.

    2.Manually add root name server and test again.

    Please follow this link for more details:

    https://technet.microsoft.com/en-us/library/ff807382(v=ws.10).aspx


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 5, 2016 6:59 AM
  • Thank you so much Cartman! I was trying to find a quick explanation on how DNS Queries are processed but kept finding complete HOW DNS WORKS (we know that already LOL) via Google.

    I believe the order of DNS processing of a DNS server is :

    1. Resolve any locally defined domain zones (Forward & Reverse zones)

    2. Use "Conditional Forwarders" if there is a matching zone defined

    3. Use "Forwarders" if any are defined.

    4. Use "Root Hints" if Forwarders not defined OR are failing.

    I believe a recent issue with DNS failures is related to Forwarders being defined but remote IPs being unavailable combined with Root Hints that have "Unknown" as their IP addresses.

    We will be moving to Conditional Forwarders, removing Forwarders and cleaning all Root Hints to not be listed with an Unknown IP address. Thanks so much!!


    Ed Gray

    Wednesday, October 5, 2016 11:47 AM
  • Hi,

    I am checking to see if the problem has been resolved. If there's anything you'd like to know, don't hesitate to ask.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 11, 2016 8:03 AM
  • Thanks very much for the followup Cartman! We are working through correcting our setup and currently are focused on testing and will be rolling out in the coming weeks. I expect no issues thanks!

    Ed Gray

    Wednesday, October 12, 2016 12:03 PM
  • Are you sure this is not because the DNS server stores these queries in its cache? Flush the cache and try again to see if it works?
    Wednesday, October 12, 2016 12:56 PM