Resolver issue

[Kevin D. Goodknecht Sr. [MVP]]

In

"Kevin D. Goodknecht Sr. [MVP]" <[email protected]> ha
scritto nel messaggio


So, you're saying this kind of answer is good. Ok.

I wouldn't say it is a good answer, it is just the answer you get from a
non-recursive DNS server, you'll only get a referral to the TLD servers for
the TLD your query is for.

Interesting. I tried running a couple of network monitor
traces on my DNS server, and it looks like Libero's DNSs
time out when my DNS queries them at the end of the
recursive query. But then, when querying them using
NSLOOKUP, they answer!
What's going wrong here?!?

I was finally able to make a query to this DNS, it is non recursive. What
that means is if it does not have the zone for the domain your querying for
you'll get a referral.
See this


flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 17

see the rd? that is where I'm asking for recursion, if recursion was
available it would be followed by an ra like this one:
flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 17

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I know this works, but I don't like this solution because
my ISP's DNS is down sometimes... using recursive queries
from my DNSs, I'm sure Internet names can always be
resolved. Unless both my DCs are down, of course, but
then I'd have something worse to worry about than not
being able to view web pages ;-)

Good answer, you know how many times I've said the same thing to posters who
invariably want to use their ISP's DNS in AD Domain member's TCP/IP
properties.

 

[Ace Fekay [MVP]]

In

"Ace Fekay [MVP]"


I know this works, but I don't like this solution because my ISP's
DNS is down sometimes... using recursive queries from my DNSs, I'm
sure Internet names can always be resolved. Unless both my DCs are
down, of course, but then I'd have something worse to worry about
than not being able to view web pages ;-)

Massimo

To make this solution work properly is to use a reliable forwarder. If your
ISPs is not reliable, I wouldn't use it either and would choose someone
else's that is reliable. If you have dialup or something else at home, and
do an ipconfig /all, you can use that DNS. The point ism you can use almost
any DNS out there as long as it has the RA bit turned on, which you can test
yourself using with nslookup d2, or DIG, or NetDIG..

I use this DNS for most cases and so far for the past 3 years its been
highly reliable:
4.2.2.2

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Ace Fekay [MVP]]

In

Right. I just picked up on "(how much I don't know, but would like
to find out.)" and wanted to clarify that today I do know that they
don't use in at all - just to clarify myself All they do is
pickup the local dns servers and (to different degrees) the domain
suffixes configured and maybe other pieces of info. Cheers!

--wjs

You said it well!


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Ace Fekay [MVP]]

In

"Ace Fekay [MVP]"


Yes, it works flawlessly if I forward queries to my ISP's DNS.
But if (for a chance) my ISP was actually Libero, it wouldn't have
solved anything... so I'm trying to get to the root of the problem.

Massimo

As far as resolution, they have it turned off.

As for the resolver logic, its by design, depending on what you're using,
nslookup or ping.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Massimo]

I was finally able to make a query to this DNS, it is non recursive. What
that means is if it does not have the zone for the domain your querying
for you'll get a referral.

That's ok, no problem with the referral.
But why my DNS server times out when querying it for its domain's MX
records?

Massimo

 

[Massimo]

To make this solution work properly is to use a reliable forwarder. If
your ISPs is not reliable, I wouldn't use it either and would choose
someone else's that is reliable. If you have dialup or something else at
home, and do an ipconfig /all, you can use that DNS. The point ism you
can use almost any DNS out there as long as it has the RA bit turned on,
which you can test yourself using with nslookup d2, or DIG, or NetDIG..

I use this DNS for most cases and so far for the past 3 years its been
highly reliable:
4.2.2.2

That's ok.
But, since the Windows DNS server has recursion capabilities anyway, why not
to use them?

Massimo

 

[Ace Fekay [MVP]]

In

That's ok.
But, since the Windows DNS server has recursion capabilities anyway,
why not to use them?

Massimo

True, its your call. I'm just stating best practice. Its more efficient to
let your ISP handle the recursion then for your machines. Reading netmon
captures shows you what the machine goes thru with each query hitting the
Roots. Mutliply that by your user base, just for nonauthorative lookups,
(not internal AD lookups). Then add a forwarder and compare the captures. If
you have a large user base, its significantly less.

You can read thru the DNS groups and see on how often using a forwarder
comes up. Its a best practice recommended by many engineers (Microsoft and
others)..

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.