dns primary and secondary 1

[bshbsh]

I have the following setup in a Win2K3 environment.
There are 2 external DNS servers which are not part of the any AD domain. I have set them up on 2 windows 2003 servers, one as primary and the other as secondary. I have set up zone transfers and I followed a how-to article setting the primary and the secondary. The setup seems to be fine and the zone transfers are working. But when the primary goes down, the secondary is not able to respond to the requests. Is there any special setting for this in the DNS.

Please advice.
What am I missing.

 

[Cstorms]

Do you have your clients configured to use your secondary dns server? Are you using these servers as a means of being authoritative for your own zone so you can host a site or soemthing? Let me know and I may be able to help further.

Cory

 

[bshbsh]

The clients are configured to use the secondary dns. The servers are authoritative for the zone and all they do resolve hostnames. We have a bunch a servers and an application that refers to them in an application. We prefer to use hostnames rather than IPs.
Please advice.
Thanks.

 

[Cstorms]

Ok, after trying to understand (mind you my decipher skills are not always up to speed so correct me if need be), you have 2 DNS servers that use standard zones for your internal site i.e. <mysite.org> which hosts the A records for the computers in your site and these zones transfer from primary -> secondary, each client has the primary as their primary and secondary as their secondary in their IP settings, so if you were to effectively turn off the primary you would like it to not only resolve names for your zone but also allow outbound queries such as google.com, does it fail when you try to reach google.com, or when a client wants applicationserver.mysite.org, and if so you are indeed able to ping or attach to applicationserver via IP.

If its the former and not the latter, could it be a forwarder is not configured for outbound dns queries where I am assuming you maybe forwarding to something like your ISP to resolve queries and not root hints?

If its the latter, we can do some more checking. Let me know!

Cory

 

[bshbsh]

It is exactly as you described. The primary holds the zone test.com and resolves all servers in test.com. It forwards the others like google.com to the ISPs. The secondary is set the same as well, but when the primary fails it does not resolve the test.com, but resolves google.com.
Weirdly though, it does resolve some servers.
????????

netstat -a on the secondary-dns returns the following

Proto Local Address Foreign Address State
TCP secondary-dns:domain secondary-dns:0 LISTENING
TCP secondary-dns:epmap secondary-dns:0 LISTENING
TCP secondary-dns:microsoft-ds secondary-dns:0 LISTENING
TCP secondary-dns:1027 secondary-dns:0 LISTENING
TCP secondary-dns:1093 secondary-dns:0 LISTENING
TCP secondary-dns:ms-wbt-server secondary-dns:0 LISTENING
TCP secondary-dns:netbios-ssn secondary-dns:0 LISTENING
TCP secondary-dns:ms-wbt-server MyPCIP:4684 ESTABLISHED
UDP secondary-dns:microsoft-ds *:*
UDP secondary-dns:isakmp *:*
UDP secondary-dns:1029 *:*
UDP secondary-dns:1092 *:*
UDP secondary-dns:ipsec-msft *:*
UDP secondary-dns:domain *:*
UDP secondary-dns:ntp *:*
UDP secondary-dns:netbios-ns *:*
UDP secondary-dns:netbios-dgm *:*
UDP secondary-dns:domain *:*
UDP secondary-dns:ntp *:*
UDP secondary-dns:1091 *:*

Thanks.

 

[Cstorms]

Hmm that is a bit odd, considering you say that some resolve.. Have you done a nslookup on the ones that resolve correctly and the ones that do not? I assume you have verified all the A records indeed exist, also, have you cleared the clients dns cache (ipconfig /flushdns) to verify that you are indeed querying the secondary server? It looks like your secondary server is online and ready, are there possibly any events detailed in your event logs for dns that give you any reason to doubt?

Cory

 

[bshbsh]

The event logs on the secondary only say that the zone files were updated from primary. Will it be actually be able to show somewhere if something is resolved/ not resolved?
Thanks.

 

[Cstorms]

The event logs will not by default capture that information, however I was mainly wanting an update on your replication if there had been any errors (causing some records to not be brought over was where I was headed)

Cory

 

[Cstorms]

Set your primary dns on a client to your secondary, open a cmd window, nslookup (verify the default server now returns the record if present, or at least the IP, for your secondary server), set type=a, enter in a record that you think should be able to be resolved after verifying that it is listed under that zone. Kind of just throwing some tests out there for you to try.

Cory

 

[bshbsh]

When I do a nslookup and force it to use the secondary dns server (lserver ), it does resolve everything.
Thanks.

 

[bilbonvidia]

If you do a ipconfig /all can you see both DNS servers in there?

 

[bshbsh]

Yes, I do see both DNS servers and again if I use lserver to force the client to do a nslookup on the secondary, it will resolve everything.
Thanks.