[Samba] DNS Problem Windows Client

Kris Lou klou at themusiclink.net
Tue Feb 2 17:23:05 UTC 2021 

https://blogs.msmvps.com/acefekay/2018/08/13/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm/#section7

(The entire post is a good one about Client-side DNS resolving.)

If the query sent to the first entry in the DNS list responds with an
> NXDOMAIN response, meaning it is an actual response, but there is no
> record from the server it asked, then it will look no further because it is
> a response. however if it receives a NULL response, meaning the DNS
> server is down and there is no response, it will remove the first entry
> from the ‘eligible resolvers list’ for a certain amount of time (depending
> on the OS version and SP level), then send the query to the second one.
> However, if the record is already cached, it won’ even ask the first entry.
> Hence why the possibility that the client machine is asking a DC that is
> down.
> Summary:
> As I mentioned, this is ALL based on the client side resolver, not the DNS
> server. This time out period can be perceived as by someone sitting there
> waiting as ‘it’s not working’ because it appears to be taking so long. Also,
> if it is already cached locally by the client side service, it will not
> ask and will send the connection request to the cached record, which if it
> is the server that is down, then it can’t connect anyway, and no response,
> but you may be sitting there expecting it to go to the other DC that is up.
> The way to reset the list is to restart the DHCP Client service (not the
> DHCP server) on the workstation, and the way to delete the cache on the
> client is to run ipconfig /flushdns, or simply restart the machine.
> Or simply disable the DNS Client Side caching mechanism. It’s not
> suggested to do this due to performance and especially if you have many
> machines in the infrastructure.



Kris Lou
klou at themusiclink.net


On Tue, Feb 2, 2021 at 4:23 AM basti via samba <samba at lists.samba.org>
wrote:

> Hello,
> I have a Samba Domain with 2 Bind/ Samba DLZ DNS Servers.
> So far so good. I'm not shure if this is a Samba or a Windows problem.
>
> When the first DNS Server in the list is failed for some reason the
> Windows client run into a timeout and does not switch to secondary DNS.
>
> When I use nslookup and query the secondary DNS I get an answer.
> Log attached.
>
> Any idea whats wrong here?
>
> Best Regards,
>
>
> C:\Users\admin>ipconfig /all | findstr /R 30.
>    IPv4-Adresse  . . . . . . . . . . : 192.168.30.4(Bevorzugt)
>    Standardgateway . . . . . . . . . : 192.168.30.1
>    DHCP-Server . . . . . . . . . . . : 192.168.30.1
>    DNS-Server  . . . . . . . . . . . : 192.168.30.2
>                                        192.168.30.6
>
> C:\Users\admin>nslookup heise.de
> DNS request timed out.
>     timeout was 2 seconds.
> Server:  UnKnown
> Address:  192.168.30.2
>
> DNS request timed out.
>     timeout was 2 seconds.
> DNS request timed out.
>     timeout was 2 seconds.
> DNS request timed out.
>     timeout was 2 seconds.
> DNS request timed out.
>     timeout was 2 seconds.
> *** Zeitüberschreitung bei Anforderung an UnKnown.
>
> C:\Users\admin>nslookup heise.de 192.168.30.6
> Server:  dc2.samdom.example.com
> Address:  192.168.30.6
>
> Nicht autorisierende Antwort:
> Name:    heise.de
> Addresses:  2a02:2e0:3fe:1001:302::
>           193.99.144.80
>
>
> C:\Users\admin>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list