2 dns servers

Question

2 dns servers

Johnny Broe 526

I have 2 domain controllers DC1 with the IP address 192.168.10.10 and DC2 with the IP address 192.168.10.9 where DNS is installed on both of them

If I make a correction to the DC1 DNS configuration then I can see this correction on the DC2 DNS

The DHCP server delivers an IP address to the clients including dns servers DC1 and DC2

Everything works perfectly

Then I turn off DC1 due to an update and then trouble starts.

If I do an nslookup in a command prompt on a client it asks the DC1 which is turned off and comes up with the following response: DNS request timed out.

How do I get the client to automatically ask DC2?

If I manually change the DNS configuration on the client to only DC2 it works again. I can also in the command prompt write nslookup mailbox1 dc2 and get the correct response

Best Regards

John B

Accepted answer

1 additional answer

Your answer

Answer 1

This is simply how nslookup works. It always picks the primary DNS server from the list of DNS servers configured on the DNS client. This does NOT mean that the DNS client won't be able to automatically failover to the next DNS server on the list and use it for name resolution. That should happen by default.

If you want to expedite this automatic failover, you can try the following:

Use the DnsQueryTimeouts registry key:
- It controls how quickly the client times out and attempts alternate DNS servers.
- Registry path:
```
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
```
- Create a REG_SZ value named DnsQueryTimeouts with the format:
```
    1 2 2
```
  This means:
  - Try first DNS server, wait 1s.
  - Retry after 2s, then 2s
  - Move on to next DNS server quicker.

After applying this, restart the DNS Client service:

Restart-Service dnscache

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Answer 2

Johnny Broe 526

Hi Marcin
Thanks for yor reply

Is it on the client that I have to make the registry correction?

If it's just a behavior in nslookup I can live with it but I also lose the connection from Outlook to my exchange server when I stop DC1.

Best Regards

John B

Marcin Policht 50,895 Reputation points MVP Volunteer Moderator

2025-04-09T16:27:46.5433333+00:00

You shouldn't made any modifications at all - at least not based on your observations of the nslookup behavior. This behavior is expected - so there is nothing to fix.

You might consider making this modification in a situation where you see your domain member computers not being able to resolve DNS names. However, note that DNS client on these computers should automatically failover to use the secondary DNS server for name resolution.

Another option (which would be likely more viable in your environment) is to increase the TTL of the most relevant DNS records (such as those used for resolving names of your Exchange environment). This way, DNS client will be able to leverage local caching, without having to contact any DNS server at all.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Share via

2 dns servers

1 additional answer

Your answer