Question

Locked

Primary/Secondary DNS vs Forwarder?

By fimchick ·
Hi folks,

I'm a little confused -- I have two Windows 2003 DNS servers that are on the same subnet. Each has DNS running correctly, and each runs its own separate Forest.

Server A: 192.168.2.5 running domain A.com
Server B: 192.168.2.10 running domain B.com

In order to allow each server to resolve the other's DNS records, I simply edited the network properties of the NIC on server A and added the IP of server B as the secondary DNS server.

I then did the same thing on server B.

However, pinging the domain or doing a DNS lookup still failed on either server. Perplexed, I then configured a Forwarder on server A for the domain B.com and configured a Forwarder on server B for domain A.com

Once I did that, DNS resolution between servers worked fine.

So what am I missing here? Shouldn't DNS first check the primary server, and if that lookup fails, check the secondary server? If that's the case, then I shouldn't have needed to set up Forwarders on each server.

Please help me understand

Thank you!

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

This is

by Wizard-09 In reply to Primary/Secondary DNS vs ...

Because your server on domain A could not resolve the IP of domain B's DNS server because its on it's own network with a private address. So it would not be able to see it, now if you wanted to work by using the 2nd DNS server you would have to create a trust between the 2 servers hope this helps.

Edit to add that you need to give permission for the servers to access the dns server this might be a problem also.

Collapse -

Ok but...

by fimchick In reply to This is

They are both on the same subnet and they can ping each other by IP just fine. So it's not a problem with not seeing each other.

Also, I didn't have to set up any permissions or trusts, all I did was configure the Forwarders and it worked.

I still don't get it...

Collapse -

Anything

by Wizard-09 In reply to Ok but...

That can't resolve from the Primany DNS is forwarded on to the 2nd DNS server, anything after that goes to the blinds.

So without the server being told to forward requests that can't be seen in the primany DNS it would not work, You have to have the forwards in place.

Collapse -

Contradictory

by fimchick In reply to Anything

Thanks for replying Wizard,

You say that "anything not resolved in primary DNS is forwarded to the 2nd DNS server" and then you say "without it being told to forward requests DNS would not work"

But I thought you just said it forwards any unresolved DNS request to the 2nd server, so why do I need to tell it anything in a Forwarder at all?

Thanks for your patience

Collapse -

The purpose of two DNS servers

by neilb@uk In reply to Ok but...

in your TCP properties DNS list is so that only if one DNS server fails, Windows will switch to using the second one. It's NOT so that Windows can query the second one if the first one can't give an address resolution.

The two systems set up to forward to each other is one way to get them to resolve but then you may have issues resolving Internet addresses if each of the DNS servers is forwarding to the other. You could use a Conditional Forwarder setup for the internal address resolution and then you can still use one of the servers to forward to the Internet.

:)

Collapse -

Hmm, ok but

by fimchick In reply to The purpose of two DNS se ...

If you open your NIC's properties and look at the TCP/IP screen, click the ? and then click the "Alternate DNS server" text. Microsoft pops up this explanation:

"This server is used if the DNS server specified in Preferred DNS server is unreachable OR cannot resolve DNS names to IP addresses for DNS names queried by this computer."

So is Microsoft lying or is their product not working as it should?

Thanks for your reply!

Collapse -

Well, I think I got it...

by fimchick In reply to Hmm, ok but

Digging around some more I came upon this:

"...many people believe the Alternate DNS server will resolve names that the Primary can't resolve. That isn't the case. If the Primary responds, even if it can't resolve the name and responds as such, the request will fail. It will not ask the Alternate for help."

That's lovely. Thanks Microsoft for being inconsistent.

Thank you everyone who replied to my post!

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums