Infralin's (not so) Frequently Asked Questions on DNS

© Gijsbert van der Linden ()
   
Infralin Consultancy (http://www.infralin.com)
    Last updated: 6-5-2005

The findings included in this document are based on Windows 2000 Advanced Server with Service Pack 2, unless stated otherwise.

 

How are Name Server records resolved?

When a domain is defined or delegated, typically two or more NS records are defined each pointing to a different name server authoritative for this domain. Which name server will the resolving name server use?

The resolving name server will first try the name server mentioned in the first NS record in the zone file. If that name server does not respond within about 3,5 seconds, the second is tried, etc.

In the extensive testing I have done I have seen no evidence of any optimization of this sequence, in spite of the Windows 2000 DNS white paper stating otherwise and the relevant RFCs recommending otherwise.

The Windows NT implementation of DNS seems to work the same way as the one that comes with Windows 2000.

Bind implementations of DNS do optimize the order in which the name servers are queried, in particular they will not try a non-responding name server again and again.

Which name server is used to query the root domain?

When a resolving name server resolves a domain that name server is not authoritative for and is not contained in its cache, the resolving name server will query the root domain. How is this handled?

The first time this happens the resolving name server queries the first name server mentioned in its root hints. If this server does not respond it will query the second, etc. Once a root server has been found this way, it will query that root server both for the root domain as well as for the domain it is resolving. The response for the domain to be resolved will be handled in the regular way. The response for the root domain will be the NS records for the root domain. This information is cached in the order the NS records appear in the zone file for the root and placed on top of the list of domain servers from the root hints.

Any subsequent query for the root domain is transmitted to the first DNS server mentioned in the NS records in the root domain. If that server does not respond, to the second, etc. If no DNS server mentioned in the NS records in the root domain responds it will continue with the root hints. Just like with regular name server queries no optimization takes place. So if the name server referred to in the first NS record in the zone file for that domain is not responding, each query for that domain will try that name server again and again.

The Windows NT implementation of DNS seems to work the same way as the one that comes with Windows 2000.

Notice that Bind implementation of DNS react differently in this respect. They will use root hint servers only to find a server that is authoritative for the root domain. Regular root queries will only use the DNS servers mentioned in the NS records in the root domain and will not use the servers in the root hints. Another difference is that a non-responding name servers will not be tried again and again, as also indicated in the previous FAQ.

When a node has multiple network interfaces, with DNS servers defined on each of them, what DNS server is used by the DNS resolver?

The DNS resolver will try each network interface in a row. It will start with the network interface that was used the last time. If (one of) the DNS servers on that interface responds, the next time it will use that interface again. If no DNS server responds, or if a name-not-found response is received from one of the DNS servers on the interface for both the name and the suffixed name, the next interface will be tried.

In practice this means that one interface is used for as long as a DNS server on that interface responds with names found. When no DNS server on that interface responds with a name-found, the next interface is tried and sticked to, as long as that interface returns positive results.

In what order is a name resolved, when using multiple network interfaces?

A network interface is selected.

On that Network interface the primary DNS server is selected.

When it does not respond within a given time (1 sec in my test-case) the secondary DNS server is tried.

When all of the DNS servers defined on the interface have been tried the next interface is selected and the procedure is repeated for that interface.

When all interfaces have been tried with DNS in sequence, all network interfaces are used at the same time to send a series of Netbios NS-Lookup broadcasts (3 with an interval of about 3/4 sec). This only happens if the name is not longer than the length allowed by netbios (and netbios is enabled of course). All interfaces are used, not only the ones that have a DNS server defined. In my testcase WINS was not configured, otherwise that would be tried as well, the order of which depends on the setting of the node-type.

What happens if a DNS server cannot be reached?

When no DNS server can be reached, the DNS resolver uses the following sequence (assuming a single network interface is used):

  • Sec 0: Primary
  • Sec 1: Secondary
  • Sec 3: Secondary
  • Sec 5: Primary
  • Sec 5: Secondary
  • Sec 9: Primary
  • Sec 9: Secondary
  • Sec 17: Netbios queries

In case the DNS server is on the same LAN the DNS query at sec. 9 is skipped and the Netbios queries are executed at that moment.

As soon as a response is received, the sequence is stopped.

As soon as a name not found response is received the suffix is tried only on the same DNS server that generated the response.

If no response is received, the suffixes are not tried.

The Netbios queries are tried when the DNS queries fail, irrespective of the reason why.

What happens if a DNS server can be reached, but does not respond to DNS queries?

The same procedure is followed as in the case the DNS server cannot be reached.

What happens if the DNS server responds with a name not found message?

If a DNS server responds with a name not found message, the same server is used to query with the suffixed name. No other DNS servers on the same interface are tried.

Be aware that if the primary DNS server is slow to respond the secondary DNS server is queried 1 second later. If the secondary DNS server responds before the primary DNS server, the response of the secondary DNS server is used and the response of the primary, if ever received, is ignored.

If DNS servers are configured on multiple interface cards the DNS servers configured on the other interface cards are queried as well, even when a DNS server on the first network interface responds with a name not found message.

What DNS server is used to register a connection’s address in DNS?

These findings are based on Windows 2003.

When the network interface is configured to “Register this connection’s address in DNS” a DNS server is selected that is authoritive for the domain the registration should take place in. This is not necessarily the DNS server configured in the network settings of this computer/interface.

If for example the DNS settings point to a DNS server that acts as a slave or stub for this domain, the registration takes place at one of the servers listed as Name Servers for this domain.

By default this takes place both for the A record in the forward lookup zone as well as the PTR record for the reverse lookup zone.

Be aware that this registration information might only be available at the place you need it after it has been replicated.