Primary and alternate DNS problem

[vertices]

I setup a win2k domain. The clients are set up with DHCP and are given 2 DNS server addresses. The first one is the DC address. The second one is a linux router address which is acting as a NAT router for internet access.

I wanted the clients to still be able to get to the internet in case the DC goes down for repair, reboot, whatever. This works and the clients switch to the linux box for DNS for internet addresses when the DC is not available. Doing this obviously causes all local DNS queries to be unresolved so they can not ping local hosts. However when the DC comes back online the clients continue to use the linux box for DNS. They do not automatically switch back and so until they reboot (or release/renew) they are unable to ping local hosts.

So my question is, how do you make all the clients only use the alternate DNS address until the primary DNS comes back online?

[ua549]

You should have a backup DNS server for your internal network. Configure forwarders to handle addresses that cannot be resolved locally. You do not want your local DNS to be visable from the internet even if you are using private addresses.

[vertices]

I understand that. But this is a small network only consisting of 7 clients.

They are not going to pay for another DNS server.

The way it is now, DNS is not made available FROM the internet. The linux box is simply a NAT router with DNS caching for internet names. The linux box is not manually configured or dynamically updated with local DNS names, hence it can only resolve internet names not local.

Everything is fine until the DC goes down. Then clients can only resolve internet names and not local names. This is fine while the DC is temporarily down, but when it comes back up they have to reboot to get back to using it as the DNS server.

Forwarders will only help while the DC is up. I'm talking about while it's down.

So what you're saying is that this is impossible without having the clients reboot or release/renew?

[Colossus]

I dont think that is possible

There is no real direct interaction to force such a switch between the DC and linux router.

[vertices]

Originally posted by Colossus
I dont think that is possible

There is no real direct interaction to force such a switch between the DC and linux router.

Thats what I'm kind of thinking. Bummer

Does anyone have any suggestions on how I can reconfigure this (without purchasing another DNS server) to allow internet access in the event the DC is unavailable but still resolve local names when it comes back up?

Also I got a quick question regarding forwarders anyway. I normally have root hints configured with the 13 root servers. This normally works fine and I don't need to configure forwarders for DNS. What benefit would I get by specifying my ISPs DNS servers as forwarders?

[ua549]

with only 7 nodes, why use DHCP? It is only an extra overhead item.

Assign static IP addresses and use a hosts file for DNS resolution. You don't even need an internal DNS sertver. That reduces the load on your DC.

[vertices]

Originally posted by ua549
with only 7 nodes, why use DHCP? It is only an extra overhead item.

Assign static IP addresses and use a hosts file for DNS resolution. You don't even need an internal DNS sertver. That reduces the load on your DC.

Thats actually a GREAT soloution! Thanx ua549!

Do you have any comments on my thoughts on the difference between root hints and forwarders?

[ua549]

A forwarder is another DNS server that your primary forwards requests to when it can't resolve an address.

All you need do is have a local DNS server configured to handle local requests and cache frequently used addresses with forwarders defined that point to your ISP's DNS servers to resolve non-local (internet) addresses. In my case I have a local zone for my private network and 2 forwarders defined for internet resolution. It works very well. I also have HOSTS files on each node for local resolution in case my DNS server is off line for any reason. (It hasn't been off line in almost 2 years.)

[ua549]

Originally posted by Colossus
I dont think that is possible

There is no real direct interaction to force such a switch between the DC and linux router.

by default DNS will "round robin" between servers defined for any given FQDN.

[vertices]

Originally posted by ua549
A forwarder is another DNS server that your primary forwards requests to when it can't resolve an address.

All you need do is have a local DNS server configured to handle local requests and cache frequently used addresses with forwarders defined that point to your ISP's DNS servers to resolve non-local (internet) addresses. In my case I have a local zone for my private network and 2 forwarders defined for internet resolution. It works very well. I also have HOSTS files on each node for local resolution in case my DNS server is off line for any reason. (It hasn't been off line in almost 2 years.)

I understand all of that. What I am asking is for you to explain to me the benefit of using forwarders INSTEAD of using root hints to define the 13 root servers on the net.

My home setup is similar to yours. I have a win2k server with a local zone and I use "Root Hints". You apparently don't use Root Hints but use forwarders. Whats the difference?

This is just a question to help me understand better, not for this problem.

[ua549]

I use root hints, but never modify the root hints file. I also make sure that I delete the "." zone so My DNS is not perceived as a root. If you modify the root hints file you must maintain it with every upgrade and patch. I configure my systems to minimize manual maintenance.

[vertices]

I don't modify the root hints either. I just leave it as is.

So I have the same functionality as you although I don't need forwarders.

Since you also have root hints configured, why do you use forwarders? It works just fine with out them.

Thanx for your help ua549, I've obviously still got a lot to learn.

[ua549]

Root hints points to the TLD root servers that may be many hops away. For performance reasons you want a server that is nearby, thus the forwarder. I use DNS caching so most DNS lookups are resolved on my LAN. The first forwarder is 2 hops away - remote gateway, remote DNS server.

[vertices]

Cool.....thanx ua549.