DHCP - DNS Servers

Reply
Highlighted
L3 Networker

DHCP - DNS Servers

Hi All,

 

Awhile back I was having an issue using DHCP on our PAN Fws.  In the DHCP options, if I set the primary DNS to an internal DNS server and the secondary to a public DNS server, our clients randomly had issues accessing internal resources. I would notice even though they had connectivity to the internal server, it was using the secondary to resolve internal systems.  The internal dns servers are reached over VPN tunnels. To resolve the issue, I set both to internal dns servers.   If the VPN tunnel goes down (it shouldn't), those clients in the branch offices will lose internet access since they no longer have a public DNS server as a secondary. 

 

Has anyone had similar experiences or have advice on this?

Highlighted
L7 Applicator

If Windows fails to get response from primary DNS it will start (and keep) using secondary.

If this behaviour happens then restart DNS Client Service in Windows and check if Windows started to use primary again.

If this is the case then you need to troubleshoot why it occasionally does not get reply from primary.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Highlighted
L3 Networker

When it was happening, the IT Support staff would restart their computers and that would resolve the issue.  It was very random, such as 1 person would be fine, but the person next to them wouldn't be.

Highlighted
Cyber Elite

@MikeC,

@Raido is correct in how Windows handles the DNS servers; the fact that the issue was sporatic and wasn't experianced by everyone somewhat gains credibility in this being the issue. 

Investigate why the host didn't get a response from the DNS server. Was the request getting reset instead of sinkholed due to firewall configuration, or did it simply not get a response in a timely manner for some reason? 

 

Highlighted
L3 Networker

thanks for the reply. Definitely not sinkholed.  I will need to check if the new secondary DNS server (internal) is being sent requests. 

 

Are we saying if ComputerA tries to reach Primary DNS Server and for whatever reason can't reach it, it will then use Secondary DNS server and will never try to use Primary DNS until that service is restarted???

 

 

 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!