https://blogs.msmvps.com/acefekay/2018/08/13/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm/#section7
(The entire post is a good one about Client-side DNS resolving.)
If the query sent to the first entry in the DNS list responds with
an> NXDOMAIN response, meaning it is an actual response, but there is no
> record from the server it asked, then it will look no further because it is
> a response. however if it receives a NULL response, meaning the DNS
> server is down and there is no response, it will remove the first entry
> from the ?eligible resolvers list? for a certain amount of time (depending
> on the OS version and SP level), then send the query to the second one.
> However, if the record is already cached, it won? even ask the first entry.
> Hence why the possibility that the client machine is asking a DC that is
> down.
> Summary:
> As I mentioned, this is ALL based on the client side resolver, not the DNS
> server. This time out period can be perceived as by someone sitting there
> waiting as ?it?s not working? because it appears to be taking so long.
Also,
> if it is already cached locally by the client side service, it will not
> ask and will send the connection request to the cached record, which if it
> is the server that is down, then it can?t connect anyway, and no response,
> but you may be sitting there expecting it to go to the other DC that is up.
> The way to reset the list is to restart the DHCP Client service (not the
> DHCP server) on the workstation, and the way to delete the cache on the
> client is to run ipconfig /flushdns, or simply restart the machine.
> Or simply disable the DNS Client Side caching mechanism. It?s not
> suggested to do this due to performance and especially if you have many
> machines in the infrastructure.
Kris Lou
klou at themusiclink.net
On Tue, Feb 2, 2021 at 4:23 AM basti via samba <samba at lists.samba.org>
wrote:
> Hello,
> I have a Samba Domain with 2 Bind/ Samba DLZ DNS Servers.
> So far so good. I'm not shure if this is a Samba or a Windows problem.
>
> When the first DNS Server in the list is failed for some reason the
> Windows client run into a timeout and does not switch to secondary DNS.
>
> When I use nslookup and query the secondary DNS I get an answer.
> Log attached.
>
> Any idea whats wrong here?
>
> Best Regards,
>
>
> C:\Users\admin>ipconfig /all | findstr /R 30.
> IPv4-Adresse . . . . . . . . . . : 192.168.30.4(Bevorzugt)
> Standardgateway . . . . . . . . . : 192.168.30.1
> DHCP-Server . . . . . . . . . . . : 192.168.30.1
> DNS-Server . . . . . . . . . . . : 192.168.30.2
> 192.168.30.6
>
> C:\Users\admin>nslookup heise.de
> DNS request timed out.
> timeout was 2 seconds.
> Server: UnKnown
> Address: 192.168.30.2
>
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
> *** Zeit?berschreitung bei Anforderung an UnKnown.
>
> C:\Users\admin>nslookup heise.de 192.168.30.6
> Server: dc2.samdom.example.com
> Address: 192.168.30.6
>
> Nicht autorisierende Antwort:
> Name: heise.de
> Addresses: 2a02:2e0:3fe:1001:302::
> 193.99.144.80
>
>
> C:\Users\admin>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>