Question on DNS resolution

[KStahl]

Basic parameters:

Several servers are configured with two DNS servers for TCP/IP - neither
server responds. They may be down or simply are not DNS servers any more.

No local host files

Server is configured on an MS ADS domain

ADS domain appears to have more then one domain controller and the
controllers and there appear to be frequent changes in which server is
the master.


Question:

In this situation, whenever there is a DNS request, since there is no
local hosts file, the server tries to query the first DNS server. That
fails. It then tries to query the second DNS server. That also fails.
These failures take a certain amount of time, probably a couple hundred
milliseconds. After both DNS servers have been tried, the request goes
out to the domain controller which does reply with a non-authoratative
response. However, when the domain controllers are flip-flopping this
appears to fail at times and no response is received. The server keeps
trying and eventually it gets a response.

So, my question is, does this appear to be a reasonable analysis? I know
the real answer is to get the DNS server addresses updated to active DNS
servers. I doubt that much can be done about the domain controller
problem. But, if local hosts files were used, would that probably create
a more stable situation and always ensure that resolution occurs quickly?

 

[Herb Martin]

Basic parameters:

Several servers are configured with two DNS servers for TCP/IP - neither
server responds. They may be down or simply are not DNS servers any more.
No local host files
Ok.

Server is configured on an MS ADS domain
ADS domain appears to have more then one domain controller and the
controllers and there appear to be frequent changes in which server is
the master.


Question:

In this situation, whenever there is a DNS request, since there is no
local hosts file, the server tries to query the first DNS server. That
fails. It then tries to query the second DNS server. That also fails.

Simpler to say: DNS resolution methods fail.

These failures take a certain amount of time, probably a couple hundred
milliseconds.

Maybe on the order of several seconds even.

After both DNS servers have been tried, the request goes
out to the domain controller which does reply with a non-authoratative
response.

No.

What request? DCs are NOT (by default) name resolvers.
Unless they are DNS or WINS servers.

If they run DNS, then you are back into the above
analysis.

We haven't touched WINS and broacasts which might
be used to "assist DNS resolution."

However, when the domain controllers are flip-flopping this
appears to fail at times and no response is received. The server keeps
trying and eventually it gets a response.

What "server" tries "what"?

So, my question is, does this appear to be a reasonable analysis? I know

Only up to a point. (See above.)

the real answer is to get the DNS server addresses updated to active DNS
servers.

While that might be NICE, it is not the "real answer" --
the real answer is to fix DNS name resolution by providing
reliable DNS servers (only).

To the clients it does not matter whether these are AD
Integrated DNS servers, traditional servers or whatever.

Those issues about about making things convenient for
the admin, better replication, and better security.

I doubt that much can be done about the domain controller
problem.

What domain controller problem? If you have DCs that
are unstable, make them stable, move them to other machines
or provide more of them.

Even on the smallest networks there is no reason for
(all of) the DCs to ever be down unless you have a
total (catastrophic) network failure (e.g., power outage etc)
where name resolution and authentication don't matter
anyway.

But, if local hosts files were used, would that probably create
a more stable situation and always ensure that resolution occurs quickly?

Depends on the type of resolution. Hosts files are
pratically unusable for AD clients and servers.

Fix the DNS servers, and fix the DCs.