none
DHCP+DNS issue? RRS feed

  • Question

  • hi, i have a small yet critical problem i noticed when i restarted my server.

    In my DHCP Server and Scope options, I have the DNS Servers assigned to DHCP clients

    1. 192.168.0.2 (my server)
    2. 202.27.184.3 (ISP ns1)
    3. 202.27.184.5 (ISP ns2)

    in that order

    when i restart my server, i lost DNS and did not fall back on the other secondary name servers resulting in loss of internet?

    am i doing this right? on a DHCP client all name servers are listed... in the same order

    Thanks!



    • Edited by deanfourie Wednesday, February 1, 2012 10:45 AM
    Wednesday, February 1, 2012 10:43 AM

Answers

  • typically youll only add the internal dns servers, the external (isp's) dns servers you configure as forwarders in your dns server configuration (http://technet.microsoft.com/en-us/library/cc782142(WS.10).aspx).

    how many internal dc's/dns servers do you have?

    Wednesday, February 1, 2012 11:05 AM
  • Hello,

    it seems for me that you have a domain with one DC?

    If yes, then remove the ISPs DNS server from ALL domain machines and configure ONLY the domain DNS server on the clients.

    The ISPs DNS server have to be configured as FORWARDERS in the DNS management console on the DNS server properties instead.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, February 1, 2012 11:17 AM
  • Hi,

     

    Thanks for posting here.

     

    Yes, agree about don’t try to configure the client DNS settings to point to external or ISP's DNS servers. We can implement the external name resolution by setting forwarder on internal DNS server (domain controller):

     

    Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

    http://support.microsoft.com/kb/825036/en-us

     

    Meanwhile , about why the external DNS servers did not be used , I suspect that because the query timeout values we set on Windows client was too short or too long (15 seconds by default) or maybe just because the connectivity:

     

    DNS Clients and Timeouts (part 2)

    http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx

     

    Thanks.

     

    Tiger Li


    Tiger Li

    TechNet Community Support

    Thursday, February 2, 2012 7:06 AM

All replies

  • typically youll only add the internal dns servers, the external (isp's) dns servers you configure as forwarders in your dns server configuration (http://technet.microsoft.com/en-us/library/cc782142(WS.10).aspx).

    how many internal dc's/dns servers do you have?

    Wednesday, February 1, 2012 11:05 AM
  • Hello,

    it seems for me that you have a domain with one DC?

    If yes, then remove the ISPs DNS server from ALL domain machines and configure ONLY the domain DNS server on the clients.

    The ISPs DNS server have to be configured as FORWARDERS in the DNS management console on the DNS server properties instead.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, February 1, 2012 11:17 AM
  • Hi,

     

    Thanks for posting here.

     

    Yes, agree about don’t try to configure the client DNS settings to point to external or ISP's DNS servers. We can implement the external name resolution by setting forwarder on internal DNS server (domain controller):

     

    Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

    http://support.microsoft.com/kb/825036/en-us

     

    Meanwhile , about why the external DNS servers did not be used , I suspect that because the query timeout values we set on Windows client was too short or too long (15 seconds by default) or maybe just because the connectivity:

     

    DNS Clients and Timeouts (part 2)

    http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx

     

    Thanks.

     

    Tiger Li


    Tiger Li

    TechNet Community Support

    Thursday, February 2, 2012 7:06 AM
  • Thanks for the help!

     

    Ok that makes sense, as i have the DNS role installed. If i didnt have the DNS role installed this would be the way to do it right?

    Also, it would make sense to add these forwareders on different servers for reliability correct?

     

    Thanks!

    Thursday, February 2, 2012 9:26 AM
  • Hi deanfourie,

     

    Thanks for posting here.

     

    > Ok that makes sense, as i have the DNS role installed. If i didnt have the DNS role installed this would be the way to do it right?

     

    We can refer to recommend configuration form the  session “Windows 2000 Server and Windows Server 2003 member servers” in the KB article below.

     

    > Also, it would make sense to add these forwareders on different servers for reliability correct?

     

    We ‘d suggest to set forwarder only on the server that all clients point and use as preferred DNS server .

     

    Thanks.

     

    Tiger Li


    Tiger Li

    TechNet Community Support

    Thursday, February 2, 2012 10:37 AM
  • but what happens if that DNS server fails?

    Thanks!

    • Edited by deanfourie Thursday, February 2, 2012 10:47 AM
    Thursday, February 2, 2012 10:47 AM
  • Hi deanfourie,

     

    Thanks for posting here.

     

    I meant not set forward directly to any external DNS server on our preferred DNS server but consider to have multiple dedicate servers for external name resolution with fault-tolerant for high availability ,for example cluster .And we can set preferred DNS server to forward to its virtual IP address :

     

    “Avoid using a primary server as a forwarder, especially if the forwarder is to be used to resolve external (Internet) queries. A primary server should be highly available and not be given the extra work of acting as a forwarder. Also, servers that host zones should not be allowed to communicate directly with the Internet to avoid exposing your internal namespace to external attackers.”

     

    Configure a DNS Server to Use Forwarders

    http://technet.microsoft.com/en-us/library/cc816830(WS.10).aspx

     

    Using Query Forwarding

    http://technet.microsoft.com/en-us/library/cc816653(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Tiger Li

    TechNet Community Support

    Thursday, February 2, 2012 11:25 AM
  • but what happens if that DNS server fails?

    Thanks!


    Hello,

    as asked before "Do you have a domain"?

    In a domain you MUST run a DNS server, not Windows but you need DNS for the domain to function.

    It is recommended in a domain that you have at least 2 DC/DNS/GC for exact that reason, failuer on the DC.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, February 2, 2012 11:30 AM
  • thanks for reply,

    I have no domain as im not yet playing around with AD.

    Could you guys tell me of some good books or education resources avaliable for learning DNS?

    I checked my local library but couldnt find much :(

    Just a overview of server 2008 but im guessing thats not going to go in-depth into the roles, which is what i need,

    In this instance, DNS

    I understand how basic DNS works, with FQDN, root hints and Top level etc and how they work, and name server are resolved etc (backwards) but im sure there more...LOTS MORE

    it seems you can never learn it ALL lol! theres soooo much to know!

    Thanks! :)

    Sunday, February 5, 2012 11:00 AM
  • Hi deanfourie,

    Thanks for update.

    Articles below are good starting :)

     

    How DNS Works

    http://technet.microsoft.com/en-us/library/cc772774(WS.10).aspx

    TCP/IP Fundamentals for Microsoft Windows

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8781

    Thanks.

    Tiger Li

     


    Tiger Li

    TechNet Community Support

    Sunday, February 5, 2012 11:06 AM
  • Thanks for the reply,

     

    i was more after possibly books or in-depth explanation!

    Thanks

    Sunday, February 5, 2012 11:59 AM