Announcement

Collapse
No announcement yet.

Client can't browse when primary DNS is not available

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Client can't browse when primary DNS is not available

    Hi,

    Strange issue but someone may have seen it.

    Our DNS setup is of primary/secondary model. Primary DNS is located in site A and secondary DNS servers are distributed to sites B - K. Each site uses it's own DNS for name resolutions. For years, we have this setup running without any issue. Recently one site experienced WAN outage and become isolated to other sites. During the outage, clients on that network can no longer resolve names to it's local resources, e.g. can't logon to an Exchange server that's running locally in that network. Anything that requires name resolution stopped working. When trying to do name resolution, clients received "query refused" message. Someone who is osite was able to logon to domain controller directly from the console and confirmed DNS service is running. I've checked SRV records and and ran AD health check but can't find anything that would contribute to this issue.

    Any suggestions on what could be causing this problem?

    Thanks,
    jonaB

  • #2
    Re: Client can't browse when primary DNS is not available

    command prompt

    nslookup
    set q=any
    server 12.3.4 (use the ip for the server)
    domainname

    it should, in essence, rturn the domain name.

    else, turn on debug logging from the dns console and work out what's going wrong.

    also make sure your DHCP scope is actually giving out the right dns server address, and make sure that it is actually resolving, not just trying to forward everything.

    is it an AD integrated zone?

    if you're running in true "primary/secondary" mode DNS, then your secondary server is not authoritative, and if it hasn't updated it's zones in a while, it might be refusing queries. So switch it to multimaster and AD integrated once the site gets it's connection back
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Client can't browse when primary DNS is not available

      It's not AD integrated and DHCP is assigning correct DNS server to clients.

      How do I check if secondary DNS is authoritative or not? It's able to replicate from primary and is in the name server list so I would think it is authoritative.

      One bit I left out in the original post is that the issue of clients not able to do name resolution happened after roughly a day. First day during the WAN outage, clients are still able to resolve names with local DNS servers but the next day they cannot. Is this a symptom of secondary DNS server not authoritative?

      Thanks.

      Comment


      • #4
        Re: Client can't browse when primary DNS is not available

        secondary dns is not authoritative - it cannot be really.
        It's just a cached copy more or less.
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Client can't browse when primary DNS is not available

          What are your clients using for secondary DNS???

          Is scavenging turned on, on your DNS servers???

          When you say can't resolve names do you mean netbios names or DNS names??? Remember that to ping a DNS name use the FQDN.

          Comment


          • #6
            Re: Client can't browse when primary DNS is not available

            what it sounds like, is the DNS server that the clients CAN reach has a non-authoritative version of the DNS history, and it may have passed it's TTL.

            go into your dns console, and try and redownload the zone
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment

            Working...
            X