none
Server 2016 - DNS - Recursion RRS feed

  • Question

  • Hi,

    i can't find a solution for a situation i'm having here. Maybe someone can help me out.

    We are runnig two domaincontroller (DNS-Server) here in our environment. One is Server 2008R2 and the new one is Server2016.

    These server are used only for internal domain tasks, so we removed all root hints, there is no forwarding configured and the recursion is also disabled.

    But it is the case that the performance counter "DNS()\Recursive Query Failure/sec" on the server 2016 DC is still continuously logging query failures. The server 2008R2 performance counter is not logging any query failures.

    Is there maybe something else i need to consider when i want to disable dns recursion on server 2016?

    Greetings,

    Torben


    T

    Wednesday, March 14, 2018 1:40 PM

Answers

  • So no one seems to have more ideas on this situation, this thread can be closed unresolved.

    T

    • Marked as answer by Support141 Friday, April 20, 2018 9:11 AM
    Friday, April 20, 2018 9:11 AM

All replies

  • Hi,

    Have a nice day! Thanks for your question.

    About this monitor, it means that the DNS server is misconfigured or a large number of requests are being made to it that is cannot satisfy. It most likely that your DNS server is doing a "recursive query" to some other DNS server and this fails. And that you are using forwarders to a non-existing DNS server or a DNS server that can't resolve the namespace you are forwarding.

    Please ensure that the DNS server is hosting the correct zones, and that the clients are making requests of it that it should be able to answer.

    Please try to set win2008 as the preferred DNS server for domain clients.  Meanwhile, use Nslookup to query some demo names from the 2016 DNS server for research.

    Here is the links refer to this case, it may be helpful,

    https://docs.microsoft.com/en-us/sql/integration-services/performance/performance-counters

    http://mpwiki.viacode.com/default.aspx?g=posts&t=22533

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Besides, to have a better understanding, could you please drop me a screenshot for more detailed information about the performance counter "DNS()\Recursive Query Failure/sec"?

    I really appreciate your effort. If you have any questions or concerns, don’t hesitate to let me know.

    Best regards, 

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, March 15, 2018 7:25 AM
  • Hi Michael,

    thank you for your reply. It really looks like a misconfiguration, but i can't figure out where.

    I know its difficult to say something about this without knowing all the configurations, but i try to describe the current settings as best as i can.

    Both servers are configured the same way. No forwarders, no roothints and recursion disabled.

    Here are the powershell results:

    PS C:\> Get-DnsServerForwarder

    UseRootHint        : True
    Timeout(s)         : 3
    EnableReordering   : True
    IPAddress          :
    ReorderedIPAddress :

    PS C:\Users\SysVw> Get-DnsServerRootHint

    PS C:\Users\SysVw> Get-DnsServerRecursion

    Enable               : False
    AdditionalTimeout(s) : 4
    RetryInterval(s)     : 3
    Timeout(s)           : 8
    SecureResponse       : True

    We are monitoring  our servers and services with nagios. Attached are the graphs for both servers.

    In case of the server 2008r2 we disabled the recursion with the described settings in week 09. From that point on there were no further loggings of failed queries.

    Server 2008 R2

    We installed and promoted (and activated all monitoring for the system) the server 2016 in week 10. Same configuration without recursion and forwarding.

    Server 2016

    Generally the name resolution for internal resources is working (tried nslookup with both servers).


    T

    Friday, March 16, 2018 10:38 AM
  • So no one seems to have more ideas on this situation, this thread can be closed unresolved.

    T

    • Marked as answer by Support141 Friday, April 20, 2018 9:11 AM
    Friday, April 20, 2018 9:11 AM