Client connects to wrong DNS server

Hi there,

I'm running Debian 7.2, that provides a DNS server (authorative) for a local domain. Other hosts are resolved by public DNS server. First I used "Unbound" as my nameserver software, now I changed to BIND.

My clients (Windows 7, Windows 8, partially Linux) gets their IP address and the infos about the gateway/DNS from a DHCP server (a router appliance to be exact). The primary DNS is the machine mentioned above, the secondary DNS is a public DNS.

I noticed (by inspecting a wireshark dump), that after some time the clients doesn't ask my server to resolve a host, but uses the secondary DNS server. I don't know why the clients do that There are no suspicious entries in the logfile of the server.

Any hints how I could solve the problem?

Thanks

drop the external DNS temporarily to see if the problem persists. typically if the primary DNS is not being used it means there is an issue with that DNS server. could be bandwidth, could be connectivity, etc... disable the secondary DNS and trouble shoot further.

Quote:

Originally Posted by lleb drop the external DNS temporarily to see if the problem persists. typically if the primary DNS is not being used it means there is an issue with that DNS server. could be bandwidth, could be connectivity, etc... disable the secondary DNS and trouble shoot further.

By deleting the secondary DNS in the DHCP config of the router, it is filled by the providers DNS automatically.
So I configured a second IP address in the DNS server and let the BIND listens on it too. I inserted both IP addresses in the DHCP's config, so the client must use the BIND service. This seems to work flawless. So I wonder, why the client switches to the secondary DNS. Is there a logging facility I could use?

not that im aware of, but im no master of DNS.

its good to know that it works when running from a different DNS server... that is a good indicator that the DHCP server is part of the issue.

Quote:

Originally Posted by lleb its good to know that it works when running from a different DNS server... that is a good indicator that the DHCP server is part of the issue.

I don't think so. The DHCP server is responsible to provide the clients network informations and as a part of it- the informations which DNS server they should use. Anyway, I ask myself, which prerequisites have to be fulfilled, so that the client switches to the secondary DNS. Is it a kind of timeout? Is it, when the DNS server is not available? Is it, when UDP packets get lost?

if you're dealing with windows clients, i had a problem similar to this recently. If Windows has 2 (or more) DNS servers to choose from, it will use the 1st one normally; if the 1st one ever goes down or is inaccessible for any reason, Windows moves on to the second, and NEVER tries the 1st one again until the network adapter is reset or the system is restarted. You could be running into this. Also on your router, did you ever try putting the same address for both primary & secondary servers in the DHCP settings? That way you wouldn't have to run 2 addresses on the DNS server.

Quote:

Originally Posted by psycroptic if the 1st one ever goes down or is inaccessible for any reason, Windows moves on to the second...

Thats the point I don't understand. Why shall Windows think, the server is inaccessible? The hardware is brand-new, the Debian installation is it as well. There's no firewall enabled, every network service on this machine works like a charm... Strange.

As far as I remember, the router does not allow to define two DNS server with the same IP address. But I will try it again.

Quote:

Originally Posted by hypernetics Thats the point I don't understand. Why shall Windows think, the server is inaccessible? The hardware is brand-new, the Debian installation is it as well. There's no firewall enabled, every network service on this machine works like a charm... Strange. As far as I remember, the router does not allow to define two DNS server with the same IP address. But I will try it again.

going to be very blunt. this is MS you are talking about. MS has never, and I mean, NEVER done any kind of networking properly. that is the true answer.

now for a bit more. again keep in mind that any hiccup on the LAN can cause the drop by the client. that can be anything from to many packets dropped, or a collision (should never happen on a TCP/IP network, but you never know) that is why MS is pushing QoS more and more because they KNOW their network back end sucks ass. with QoS running you will face a few different situations.

1. the QoS is over active and a bad connection is never dropped. this was the case when MS first rolled out QoS and it quickly led to horrid network performance, thus the reason I disable MS QoS as a matter of habit.

2. the QoS will under perform and the connection will drop when it should not drop. This sounds like the case you are facing. If QoS is enabled on the client, should be by default under Vista and win7 and im guessing under win8 as well and all of their respective "server class OS", then try disabling it and see if the performance improves. Also update the NIC's drivers from the manufacture, not via windows update and see if that too does not help.

good luck.

pretty much what lleb said. Windows is classically dumb when it comes to networking (don't get me started on NetBIOS, present even in Win8 today, or the awful SMB protocol). If your router forces you to put 2 DNS servers, you could try 0.0.0.0 for the second.