On 02.02.21 18:23, Kris Lou via samba wrote:>
https://blogs.msmvps.com/acefekay/2018/08/13/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm/#section7
>
> (The entire post is a good one about Client-side DNS resolving.)
>
> If the query sent to the first entry in the DNS list responds with an
>> NXDOMAIN response, meaning it is an actual response, but there is no
>> record from the server it asked, then it will look no further because
it is
>> a response. however if it receives a NULL response, meaning the DNS
>> server is down and there is no response, it will remove the first entry
>> from the ?eligible resolvers list? for a certain amount of time
(depending
>> on the OS version and SP level), then send the query to the second one.
>> However, if the record is already cached, it won? even ask the first
entry.
>> Hence why the possibility that the client machine is asking a DC that
is
>> down.
>> Summary:
>> As I mentioned, this is ALL based on the client side resolver, not the
DNS
>> server. This time out period can be perceived as by someone sitting
there
>> waiting as ?it?s not working? because it appears to be taking so long.
Also,
>> if it is already cached locally by the client side service, it will not
>> ask and will send the connection request to the cached record, which if
it
>> is the server that is down, then it can?t connect anyway, and no
response,
>> but you may be sitting there expecting it to go to the other DC that is
up.
>> The way to reset the list is to restart the DHCP Client service (not
the
>> DHCP server) on the workstation, and the way to delete the cache on the
>> client is to run ipconfig /flushdns, or simply restart the machine.
>> Or simply disable the DNS Client Side caching mechanism. It?s not
>> suggested to do this due to performance and especially if you have many
>> machines in the infrastructure.
>
>
>
> Kris Lou
> klou at themusiclink.net
It is *not* NXDOMAIN it is timeout.
>
>
> On Tue, Feb 2, 2021 at 4:23 AM basti via samba <samba at
lists.samba.org>
> wrote:
>
>> Hello,
>> I have a Samba Domain with 2 Bind/ Samba DLZ DNS Servers.
>> So far so good. I'm not shure if this is a Samba or a Windows
problem.
>>
>> When the first DNS Server in the list is failed for some reason the
>> Windows client run into a timeout and does not switch to secondary DNS.
>>
>> When I use nslookup and query the secondary DNS I get an answer.
>> Log attached.
>>
>> Any idea whats wrong here?
>>
>> Best Regards,
>>
>>
>> C:\Users\admin>ipconfig /all | findstr /R 30.
>> IPv4-Adresse . . . . . . . . . . : 192.168.30.4(Bevorzugt)
>> Standardgateway . . . . . . . . . : 192.168.30.1
>> DHCP-Server . . . . . . . . . . . : 192.168.30.1
>> DNS-Server . . . . . . . . . . . : 192.168.30.2
>> 192.168.30.6
>>
>> C:\Users\admin>nslookup heise.de
>> DNS request timed out.
>> timeout was 2 seconds.
>> Server: UnKnown
>> Address: 192.168.30.2
>>
>> DNS request timed out.
>> timeout was 2 seconds.
>> DNS request timed out.
>> timeout was 2 seconds.
>> DNS request timed out.
>> timeout was 2 seconds.
>> DNS request timed out.
>> timeout was 2 seconds.
>> *** Zeit?berschreitung bei Anforderung an UnKnown.
>>
>> C:\Users\admin>nslookup heise.de 192.168.30.6
>> Server: dc2.samdom.example.com
>> Address: 192.168.30.6
>>
>> Nicht autorisierende Antwort:
>> Name: heise.de
>> Addresses: 2a02:2e0:3fe:1001:302::
>> 193.99.144.80
>>
>>
>> C:\Users\admin>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>