Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, October 12, 2018 3:30 PM
Hello Everybody
I'm looking at an issue with our DNS servers.
and need to know how the
Windows 10 DNS client chooses it's DNS (configured with three dns servers currently)
and how windows 2012 server chooses which forwarder to use (configured with four forwarders)
we are having odd issues with DNS and I think it's one of the external forwarders on the third dns server but need to pull some evidence before I start talking to ISP's
I found the below for win 7 and win 8 but can't find anything for windows 10.
https://support.microsoft.com/en-us/help/2834226/net-dns-dns-client-resolution-timeouts
thanks in advance
Michael
All replies (8)
Wednesday, January 9, 2019 11:51 AM ✅Answered
Hi Daisy
Don't know If this will help others but it seems most computers use
1,2,3,all dns's ,fail by our best results.
but in the end the issues we were having were having did turn out to be external (public) dns related.
it seems there was an issue with dns1 and dns2 external forwarder not resolving an address these were based in Middle east (peering issue at the ISP meant both there isp's were bad) when there then failing over to secondary public dns provider who had a bad i.p. geolocation configuration and claimed the traffic was in Singapore so was sending them a quarter way round the world . dns3 external forwarders worked correctly but that's uk based so if they failed that far down the chain they were coming to the UK for data.
we have fixed the middle east sites but are now in the process of the removing large public dns provider from the environment and moving to a better rated equivalent.
Monday, October 15, 2018 10:40 AM
Hi,
Q1:How the Windows 10 DNS client chooses its DNS (configured with three dns servers currently)?
A1: We can view the dns order of use as below:
Q2: How windows 2012 server chooses which forwarder to use (configured with four forwarders)?
A2: We can see three Conditional Forwards, and one Conditional Forward has one IP address.
DNS Domain including bkkk.com use 33.33.33.33 IP address as below.
We can use the above methods to view the actual situation in our own environment.
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, October 16, 2018 4:49 PM
Hi Daisy
sorry let me by more specific
The Problem is while as you point out it will use that order ( and I know it should use the order in dhcp too) reading some docs retry errors can change things a bit i.e. if retries occur it may do
1,2,3,fail
1,2,3,3 fail
1,2,3,all dns's ,fail
I've found different windows versions of docs say different things and nothing specific to Windows 10.
For server side i'm looking at external not conditional forwarders
basically the issue is one of Geo Location. the situation is this.
we have 90 offices all using O365 (particularly exchange) some are reporting slow performance and oddities (can't log in or make set-up accounts) we discovered that some of the offices are using the wrong local pop with some middleeast site coming all the way back to the UK POP.
when we try testing in the office on the domain controllers it works as I would expect but some machines in the offices will still randomly report incorrect locations. after a restart or dns flush it clears and the issues go away.
this lead us to 2 scenarios
scenario one
windows 10 machines are configured with 3 domain controllers dns's 2 local one Datacentre in the uk based when the local ones are busy the machine fails to uk hence the pop result ?
and two
each DC has 4 external forwarder 1 and 2 provided by local isp 3rd and 4th provided by a large public dns provider (who will remain nameless) but is used globally we have recently had reason to think the 3 and 4 dns providers have a bad geo ip table and are showing our public i.p's in the wrong place? (hence the wrong sites showing)
the reason for wanting the retry order is so we can work out the odds of each scenario and come up with a test plan. (fully admit there maybe a bit of 1 and 2 going on and we maybe going too deep here looking at the retries it's what we have been asked to do) it has a potential big impact with O365 using geolocation as well as other services we are using it may mean a total review and overhaul of how our 90 offices are configured for DNS.
Regards Michael
Wednesday, October 17, 2018 8:42 AM
Hi,
I am sorry, according to your description, I don't understand very well. And I want to confirm what your specific problem is?
O365 can't log in, can't parse or login slow?
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, October 17, 2018 9:38 AM
You are better off changing your DNS forwarders to use something other that your ISP's DNS servers. Whilst it might seem like a sensible option to use your ISP for DNS, ISP's are terrible at DNS.
Here is a link to a well kept article regarding Public DNS Providers
https://www.lifewire.com/free-and-public-dns-servers-2626062
I am currently using the following and have been for the last 10 years without any issues.
208.67.222.222
209.244.0.3
8.26.56.26
8.8.4.4
156.154.70.1
195.46.39.39
216.146.35.35
8.8.8.8
212.50.160.100
213.249.130.100
The choice however is yours, please read the article and select your own as you see fit.
Anywhere I have worked where the DNS forwarders have been an issue it has usually been due to the ISP's DNS.
You can easily change your DNS Forwarders using the following powershell commands
Import-Module dnsserver
Set-DnsServerForwarder -IPAddress '8.8.4.4','208.67.220.220','64.6.65.6','8.8.8.8','208.67.222.222','64.6.64.6'
HTH
Friday, October 19, 2018 7:36 AM
Hi,
If this question has any update? Also, for the question, is there any other assistance we could provide?
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, October 31, 2018 2:34 PM
Hi Daisy
as I said we are looking for the retry conditions for dns
we know it works down the list for failures but we need to confirm the retry conditions.
so does it try the DNS server in position one twice (with a 1 second delay between attempts)
so far I have found articles saying it did
1,2,3,fail
1,2,3,3 fail
1,2,3,all dns's ,fail
where the number this the position in the order.
we did some tests with snort and it seems to change per machine.
in the end we have changed the external dns servers we use and that's helped.
Thursday, November 8, 2018 3:43 AM
Hi,
Have we got the result of retry so far? I am just writing to see if this issue has any update. If anything is unclear, please feel free to let us know.
Have a nice day!
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].