nslookup keeps directing clients on domain to priamary DNS when only secondary DNS is powered on

Question

Hi, i am actually a student doing a school assignment. Im setting up a domain with 2 DNS servers. The primary DC is already set up, running on windows server 2016 (192.168.222.128). The secondary DC is running on windows server 2012r2 (192.168.222.3). I have installed DNS on both, set up the primary and secondary zone, and even tested that Zone Transfers are working. However, when i shut down my primary DC, and then type nslookup into CMD of my client, it tells me

DNS request timed out.
Default server: UnKnown
Address: 192.168.222.128

when i do nslookup <secondary DC IP> i get:

DNS request timed out.
Default server: UnKnown
Address: 192.168.222.128

DNS request timed out.
*** request to UnKnown timed-out

Does anyone have any advice on what i could be doing wrong? i can confirm that my primary zone is AD integrated, and that i can login to domain users when primay DC is offline

Answer 1

Hi,

Thanks for posting here.

May I confirm with you if the preferred DNS server was configured as 192.168.222.128 and the alternative DNS server was configured as 192.168.222.3 on client?

If yes, please kindly note that NSLOOKUP tool will only query the first DNS server on Windows System even if the preferred DNS server is offline; While windows system will actually query for the secondary DNS server when the preferred DNS server is down with Dnsapi.

So, do not use NSLOOKUP command to test preferred DNS and Alternative DNS server, you may use ping command.

I did some test in my environment and here is the result for your reference (11.11.11.11 is an invalid IP address).

Hope my answer will help you. Thanks!

---Please remember to Accept as answer if the reply is helpful---

Best Regards,
Sunny