Primary / Secondary DNS Configured but only Primary able to resolve query

Manish Chawda 426 Reputation points
2021-10-14T06:58:07.397+00:00

Hi,

I have attached the screenshot of my DNS Manager where in I have configured various domains. I have successfully configured zone transfer from primary to secondary.
Now the issue is that if I switch off Primary DNS and try to resolve domains from client based on Secondary DNS, it is not able to resolve.

Kindly advise what else configurations are required so that in case if Primary DNS is down then from client PC I can resolve the query.

OS used -- Windows Server 2016 STD / Windows 10 Prof.

Note - I have only configured DNS, no AD.

Primary DNS Server - 172.16.2.230 -
NIC - Screenshot attached

Secondary DNS Server - 172.16.2.231
NIC - Screenshot attached

Windows Client - 172.16.2.188
NIC - Screenshot attached

140511-secondary-dns-server.jpg140503-secondary-dns-server-nic.jpg140427-primary-dns-server.jpg140472-primary-dns-server-nic.jpg

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
0 comments
Accepted answer
  1. Gary Reynolds 9,391 Reputation points
    2021-10-14T11:04:38.267+00:00

    Hi @Manish Chawda

    Its hard to confirm what's causing the issue, but here are few things to check.

    When you configured the secondary and allowed the zone transfers, you used the zone transfers tab to add the server, rather than the Name Servers. This means that the secondary server doesn't have an NS record added to the zone. This might cause a problem if NS1 is offline and the client tries to query the SOA record and tries to make queries against the authoritative NS for the zone.

    One thing that doesn't look right is that you have ns1.devdns.org as 172.16.2.152, but the IP address of the server is 172.16.2.231, do you have another DNS server in the mix?

    The best thing to do is check that the DNS servers are working correctly, if you use NsLookup to run queries against each server to confirm that both servers are returning the expected records.

    Gary.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Reynolds 9,391 Reputation points
    2021-10-14T21:36:11.917+00:00

    Hi @Manish Chawda

    From the screenshots things look ok, but you will need to complete a few more tests to fully test DNS configuration.

    The error that is being reported in nslookup is because you don't have an reverse ptr record for the 172.16.2.230 & 172.16.2.231 ip addresses. If you create those records that will fix those errors.

    Here is the list of commands that you need to run in the nslookup console to confirm the DNS configuration, run these from both servers and the workstation: 

    server 172.16.2.230  
set type=soa  
devdns.org  
set type=ns  
devdns.org  
set type=a  
ns1.devdns.org  
www.devdns.org  

server 172.16.2.231  
set type=soa  
devdns.org  
set type=ns  
devdns.org  
set type=a  
ns1.devdns.org  
www.devdns.org

    Complete these commands and record the results with both DNS servers switched on, then switch off NS1 and repeat a sub set of the commands from server 172.16.2.231 down on NS2. Complete the following commands from the workstation: 

    set type=soa  
devdns.org  
set type=ns  
devdns.org  
set type=a  
ns1.devdns.org  
www.devdns.org

    Then share the results once you have completed the testing.

    Gary.

    1 person found this answer helpful.
  2. Limitless Technology 39,351 Reputation points
    2021-10-15T09:33:51.66+00:00

    Hello ManishChawda,

    It will, if the machine is rebooted. There is a time out and believe it or not, it's like 2 hours before a computer will default to the secondary. Fastest way is to reboot the machine.

    It will use the second address, but only after a timeout period the client is waiting for a response from the server. If the first entry responds but doesn't have an answer, which is what we call an NXDOMAIN response (when the DNS server doesn't have an answer but it STILL responded), it won't go to the second entry, because it got an answer, even though it is not the answer we wanted.

    Also flushing the DNS resolver cache and restarting DNS client services on users PC maybe an alternative

    ipconfig /flushdns

    Below is Microsoft url for DNS clients time out settings.

    https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/dns-client-resolution-timeouts

    ---------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.