ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    DNS Update Issue

    Scheduled Pinned Locked Moved IT Discussion
    windows server 2012 r2dnsactive directory
    267 Posts 12 Posters 51.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said in DNS Update Issue:

      @Dashrender said in DNS Update Issue:

      @scottalanmiller said in DNS Update Issue:

      @Dashrender said in DNS Update Issue:

      Well - frankly - I have no clue how much of a real issue this is any more. I haven't had incorrectly setup DNS in ages.

      I suppose I could setup my PC with google for a secondary, then what - make a script that tries pinging one of my internal resources by DNS name and see if/ever it fails?

      It's enough of an issue that everyone recommends not having public failover from clients because they perceive it as simply not workable. So either it's actually a big deal, or all that advice is wrong.

      I hear what you are saying - and at the moment I can't muster the strength to fight over which way is better - Linux vs Windows for DNS...

      Well it was you who argued that the Linux way caused problems. I didn't think it was even a question, it was a slam dunk of "doing it right" to the point that people had called the Windows system a "bug". You thought that the reliability and performance of the Linux was didn't seem worth it. Not sure why you felt that way, but it was you alone who was arguing for the Windows "stick with failovers, no matter how bad they are until they fail or you reboot" way.

      What? I didn't say it caused problems - only that it could cause a delay in the case where DNS1 was down.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said in DNS Update Issue:

        @scottalanmiller said in DNS Update Issue:

        @Dashrender said in DNS Update Issue:

        @scottalanmiller said in DNS Update Issue:

        It's most useful only under a very specific set of circumstances where you are going with AD and LAN-based, and you have redundancy locally, not redundancy over a WAN link like many SMBs do.

        Or the opposite - home users who generally only have public DNS servers. or travelers who also only generally have public DNS servers.

        In fact, this is only an issue for those who do have internal DNS servers with internal only records.

        It's only a benefit there. For people using public, you want the Linux way. Really for everyone you want the Linux way except a very niche group of people in medium or larger businesses that somehow have non-stop DNS problems.

        The thing is is that when the Linux way fails, it fails "soft" and no one notices because the negatives are SO minor. But when the Windows way fails, it fails "hard" and causes things to not work potentially.

        You're making that claim - why? because you believe that using a public DNS should be totally acceptable for client machines as a secondary DNS?

        Of course it SHOULD be acceptable. How the hell is it okay for Windows to be so broken that reasonable failovers, whether secondary or tertiary or whatever, have to be avoided because the platform is flaky and doesn't behave predictably or usefully?

        And it doesn't matter that public is in use here. This applies equally to other internal servers, too. What if you failed to a slow DNS over a throttled WAN link and now are stuck with it because Windows never goes back to local primary?

        Don't try to add "has to be public" to cover up a clear problem. You are missing the big picture, that one system works well and one works poorly.

        DashrenderD 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in DNS Update Issue:

          @scottalanmiller said in DNS Update Issue:

          @wirestyle22 said in DNS Update Issue:

          @scottalanmiller said in DNS Update Issue:

          @wirestyle22 said in DNS Update Issue:

          Does anyone know what event causes this in Windows?

          Cause what, the NIC to flip? I've heard Windows people say that it's just a bug and it does it randomly. I know that it could happen from a DNS server being unavailable for a split second, just long enough to fail a lookup.

          That was my initial thought. So what--Linux OSes are checking periodically to see if they are using the first entry and Windows doesn't care until there's a hiccup?

          Linux checks every time, I believe. That's the expected behaviour. It always uses its list top to bottom, it doesn't "change" primary just because it wants to.

          See this just seems odd to me - why add in that delay every time.

          You said that it seemed odd to you, "why add in that delay every time."

          It shouldn't be odd, it should be super obvious as by far the best way. And that "delay every time" is an imperceptible delay .001% of the time. It only seems like "Every time" if you assume random DNS choices like people keep saying that Windows makes (I'm not convinced of this). Since Linux DNS is deterministic, it only adds that minuscule delay under failure conditions which in this day and age are super, duper rare (unless, apparently, you have Windows then the desktop seems to inject a server-like failure condition on its own.)

          You make it sound like this is a foolish approach, but it fixes the problems everyone is reporting with essentially no downsides.

          DashrenderD 1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender @scottalanmiller
            last edited by

            @scottalanmiller said in DNS Update Issue:

            @Dashrender said in DNS Update Issue:

            @scottalanmiller said in DNS Update Issue:

            @Dashrender said in DNS Update Issue:

            @scottalanmiller said in DNS Update Issue:

            It's most useful only under a very specific set of circumstances where you are going with AD and LAN-based, and you have redundancy locally, not redundancy over a WAN link like many SMBs do.

            Or the opposite - home users who generally only have public DNS servers. or travelers who also only generally have public DNS servers.

            In fact, this is only an issue for those who do have internal DNS servers with internal only records.

            It's only a benefit there. For people using public, you want the Linux way. Really for everyone you want the Linux way except a very niche group of people in medium or larger businesses that somehow have non-stop DNS problems.

            The thing is is that when the Linux way fails, it fails "soft" and no one notices because the negatives are SO minor. But when the Windows way fails, it fails "hard" and causes things to not work potentially.

            You're making that claim - why? because you believe that using a public DNS should be totally acceptable for client machines as a secondary DNS?

            Of course it SHOULD be acceptable. How the hell is it okay for Windows to be so broken that reasonable failovers, whether secondary or tertiary or whatever, have to be avoided because the platform is flaky and doesn't behave predictably or usefully?

            I disagree, because assuming you have an additional working internal DNS server you should always fail to that to make sure you continue to have access to internal records.

            And it doesn't matter that public is in use here. This applies equally to other internal servers, too. What if you failed to a slow DNS over a throttled WAN link and now are stuck with it because Windows never goes back to local primary?

            OK - you do have a point here. though trying each and everytime does seem like overkill and lag inducing. I could see checking once a min or something.

            scottalanmillerS 2 Replies Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              With the Linux way, I get the best DNS performance 99.99% of the time. And I get far broader failover options. I can, at the client level, fail between several internal DNS servers AND if those all fail, I can fail to public DNS, too. It gives me "more protection", not less. Which is really nice if I have to have DNS set statically and have machines that might move off of the network.

              1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said in DNS Update Issue:

                @scottalanmiller said in DNS Update Issue:

                @Dashrender said in DNS Update Issue:

                @scottalanmiller said in DNS Update Issue:

                @Dashrender said in DNS Update Issue:

                @scottalanmiller said in DNS Update Issue:

                It's most useful only under a very specific set of circumstances where you are going with AD and LAN-based, and you have redundancy locally, not redundancy over a WAN link like many SMBs do.

                Or the opposite - home users who generally only have public DNS servers. or travelers who also only generally have public DNS servers.

                In fact, this is only an issue for those who do have internal DNS servers with internal only records.

                It's only a benefit there. For people using public, you want the Linux way. Really for everyone you want the Linux way except a very niche group of people in medium or larger businesses that somehow have non-stop DNS problems.

                The thing is is that when the Linux way fails, it fails "soft" and no one notices because the negatives are SO minor. But when the Windows way fails, it fails "hard" and causes things to not work potentially.

                You're making that claim - why? because you believe that using a public DNS should be totally acceptable for client machines as a secondary DNS?

                Of course it SHOULD be acceptable. How the hell is it okay for Windows to be so broken that reasonable failovers, whether secondary or tertiary or whatever, have to be avoided because the platform is flaky and doesn't behave predictably or usefully?

                I disagree, because assuming you have an additional working internal DNS server you should always fail to that to make sure you continue to have access to internal records.

                And HOW is that disagreeing? You didn't state anything that is disagreeing at all.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said in DNS Update Issue:

                  And it doesn't matter that public is in use here. This applies equally to other internal servers, too. What if you failed to a slow DNS over a throttled WAN link and now are stuck with it because Windows never goes back to local primary?

                  OK - you do have a point here. though trying each and everytime does seem like overkill and lag inducing. I could see checking once a min or something.

                  It might seem like overkill, but it's not. It's the simplest, fastest solution. I think the crux here is that you perceive that delay as being far more dramatic and important than it is. And I suspect that you believe DNS failures are more common and long term than they typically are.

                  The impact of that "trying every time" is undetectable to normal users, remember their local systems cache so it's super trivial to have it do this in the real world. And normal failures for DNS are insanely short lived, like seconds or a minute as a server reboots, typically.

                  In the real world, doing secondary lookups for a full minute when the server is already back is the actual overkill, on average.

                  DashrenderD 1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @scottalanmiller
                    last edited by

                    @scottalanmiller said in DNS Update Issue:

                    @Dashrender said in DNS Update Issue:

                    @scottalanmiller said in DNS Update Issue:

                    @wirestyle22 said in DNS Update Issue:

                    @scottalanmiller said in DNS Update Issue:

                    @wirestyle22 said in DNS Update Issue:

                    Does anyone know what event causes this in Windows?

                    Cause what, the NIC to flip? I've heard Windows people say that it's just a bug and it does it randomly. I know that it could happen from a DNS server being unavailable for a split second, just long enough to fail a lookup.

                    That was my initial thought. So what--Linux OSes are checking periodically to see if they are using the first entry and Windows doesn't care until there's a hiccup?

                    Linux checks every time, I believe. That's the expected behaviour. It always uses its list top to bottom, it doesn't "change" primary just because it wants to.

                    See this just seems odd to me - why add in that delay every time.

                    You said that it seemed odd to you, "why add in that delay every time."

                    It shouldn't be odd, it should be super obvious as by far the best way. And that "delay every time" is an imperceptible delay .001% of the time. It only seems like "Every time" if you assume random DNS choices like people keep saying that Windows makes (I'm not convinced of this). Since Linux DNS is deterministic, it only adds that minuscule delay under failure conditions which in this day and age are super, duper rare (unless, apparently, you have Windows then the desktop seems to inject a server-like failure condition on its own.)

                    You make it sound like this is a foolish approach, but it fixes the problems everyone is reporting with essentially no downsides.

                    Well, I've missed the recent posts where people had sorta messed up DNS configs (Wirestyle's were completely hosed, not just public as a secondary issue), so I'm not sure where the recent issue is coming from - I just must have missed them.

                    The Linux way is also assuming that the failure most likely was simply intermittent and that the primary will be back online nearly instantly, and frankly, using public DNS that totally makes sense. But we could hope that wouldn't be the case on a local network - and again, I'm not sure it still is a real issue.

                    Does the linux way make things more transparent to the user? Sure does. And the cost, as you said, it pretty damned low... So fine - I'll give you all that, and if Windows changed to that method I definitely wouldn't complain.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @scottalanmiller
                      last edited by Dashrender

                      @scottalanmiller said in DNS Update Issue:

                      @Dashrender said in DNS Update Issue:

                      And it doesn't matter that public is in use here. This applies equally to other internal servers, too. What if you failed to a slow DNS over a throttled WAN link and now are stuck with it because Windows never goes back to local primary?

                      OK - you do have a point here. though trying each and everytime does seem like overkill and lag inducing. I could see checking once a min or something.

                      It might seem like overkill, but it's not. It's the simplest, fastest solution. I think the crux here is that you perceive that delay as being far more dramatic and important than it is. And I suspect that you believe DNS failures are more common and long term than they typically are.

                      The impact of that "trying every time" is undetectable to normal users, remember their local systems cache so it's super trivial to have it do this in the real world. And normal failures for DNS are insanely short lived, like seconds or a minute as a server reboots, typically.

                      In the real world, doing secondary lookups for a full minute when the server is already back is the actual overkill, on average.

                      you undoubtedly have data that shows DNS outages are that short lived, I assume.

                      I know I know - you'll ask me for data that shows that DNS outages are longer.. tit for tat.

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Dashrender
                        last edited by

                        @Dashrender said in DNS Update Issue:

                        @scottalanmiller said in DNS Update Issue:

                        @Dashrender said in DNS Update Issue:

                        And it doesn't matter that public is in use here. This applies equally to other internal servers, too. What if you failed to a slow DNS over a throttled WAN link and now are stuck with it because Windows never goes back to local primary?

                        OK - you do have a point here. though trying each and everytime does seem like overkill and lag inducing. I could see checking once a min or something.

                        It might seem like overkill, but it's not. It's the simplest, fastest solution. I think the crux here is that you perceive that delay as being far more dramatic and important than it is. And I suspect that you believe DNS failures are more common and long term than they typically are.

                        The impact of that "trying every time" is undetectable to normal users, remember their local systems cache so it's super trivial to have it do this in the real world. And normal failures for DNS are insanely short lived, like seconds or a minute as a server reboots, typically.

                        In the real world, doing secondary lookups for a full minute when the server is already back is the actual overkill, on average.

                        you undoubtedly have data that shows DNS outages are that short lived, I assume.

                        I know I know - you'll ask me for data that shows that DNS outages are longer.. tit for tat.

                        The average DNS outage is a server reboot. Think about an AD environment with two AD servers. You do updates and reboot all of the time, that's an outage to the clients looking at that specific server. In the Linux case, it would only use the backup entry for the moments while the service is restarting. In Windows, apparently, it simply abandones that server until it has no choice but to return.

                        ObsolesceO 1 Reply Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said in DNS Update Issue:

                          The Linux way is also assuming that the failure most likely was simply intermittent and that the primary will be back online nearly instantly, and frankly, using public DNS that totally makes sense. But we could hope that wouldn't be the case on a local network - and again, I'm not sure it still is a real issue.

                          Even private DNS, what kind of failure do you have where you assume that the outage will be a long time, but not so long that DHCP updates are in order? That's a pretty rare, small window of failures. DNS restarts (outages) are common. Total failures are once every 5-10 years if we are talking enterprise AD DNS setups. Typically it would be totally dead hardware - but only in a case where a backup and restore aren't an option.

                          DNS is something that restarts very quickly, and can be restored very quickly. And can normally be adjusted almost instantly via DHCP or state management, however you manage DNS in your environment.

                          So even in pretty extreme failures, a DNS failures is usually intermittent, even in a purely internal DNS situation.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by

                            @scottalanmiller said in DNS Update Issue:

                            @Dashrender said in DNS Update Issue:

                            The Linux way is also assuming that the failure most likely was simply intermittent and that the primary will be back online nearly instantly, and frankly, using public DNS that totally makes sense. But we could hope that wouldn't be the case on a local network - and again, I'm not sure it still is a real issue.

                            Even private DNS, what kind of failure do you have where you assume that the outage will be a long time, but not so long that DHCP updates are in order? That's a pretty rare, small window of failures. DNS restarts (outages) are common. Total failures are once every 5-10 years if we are talking enterprise AD DNS setups. Typically it would be totally dead hardware - but only in a case where a backup and restore aren't an option.

                            DNS is something that restarts very quickly, and can be restored very quickly. And can normally be adjusted almost instantly via DHCP or state management, however you manage DNS in your environment.

                            So even in pretty extreme failures, a DNS failures is usually intermittent, even in a purely internal DNS situation.

                            We both agree that Windows NEVER switching back is bad. let's move past that. Now the question is - is it worth it to test on every single DNS query.
                            From a coding POV, it's probably much simpler to test every time than setting a time variable and waiting for that to expire before trying the primary again - so fine.. you win. 🙂

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said in DNS Update Issue:

                              @scottalanmiller said in DNS Update Issue:

                              @Dashrender said in DNS Update Issue:

                              The Linux way is also assuming that the failure most likely was simply intermittent and that the primary will be back online nearly instantly, and frankly, using public DNS that totally makes sense. But we could hope that wouldn't be the case on a local network - and again, I'm not sure it still is a real issue.

                              Even private DNS, what kind of failure do you have where you assume that the outage will be a long time, but not so long that DHCP updates are in order? That's a pretty rare, small window of failures. DNS restarts (outages) are common. Total failures are once every 5-10 years if we are talking enterprise AD DNS setups. Typically it would be totally dead hardware - but only in a case where a backup and restore aren't an option.

                              DNS is something that restarts very quickly, and can be restored very quickly. And can normally be adjusted almost instantly via DHCP or state management, however you manage DNS in your environment.

                              So even in pretty extreme failures, a DNS failures is usually intermittent, even in a purely internal DNS situation.

                              We both agree that Windows NEVER switching back is bad. let's move past that. Now the question is - is it worth it to test on every single DNS query.
                              From a coding POV, it's probably much simpler to test every time than setting a time variable and waiting for that to expire before trying the primary again - so fine.. you win. 🙂

                              A wait "called a stand off period" would be easy, not AS easy, but trivially easy. But I think in the real world, it's not as ideal. With how DNS works today (not in the 1990s) I think it is what you would want. Having any stand off period would introduce more overhead (on average) that it would resolve. Because normal outages are so tiny, and so much DNS is cached.

                              1 Reply Last reply Reply Quote 0
                              • ObsolesceO
                                Obsolesce @scottalanmiller
                                last edited by

                                @scottalanmiller said in DNS Update Issue:

                                In Windows, apparently, it simply abandones that server until it has no choice but to return.

                                I don't see any issue there. You're getting DNS either way, what's it matter what it's from if they are the same? If clients are getting DNS from the failover DNS server and you don't want it to, turn off the DNS service on that server then, and clients will fail back... if you even care.

                                DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @Obsolesce
                                  last edited by

                                  @Obsolesce said in DNS Update Issue:

                                  @scottalanmiller said in DNS Update Issue:

                                  In Windows, apparently, it simply abandones that server until it has no choice but to return.

                                  I don't see any issue there. You're getting DNS either way, what's it matter what it's from if they are the same? If clients are getting DNS from the failover DNS server and you don't want it to, turn off the DNS service on that server then, and clients will fail back... if you even care.

                                  The problem happens when your secondary server isn't part of your internal network (assuming your primary is part of your internal network). When using the secondary you won't get resolution for internal network resources.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 2
                                  • DonahueD
                                    Donahue
                                    last edited by

                                    giphy.gif

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Obsolesce
                                      last edited by

                                      @Obsolesce said in DNS Update Issue:

                                      @scottalanmiller said in DNS Update Issue:

                                      In Windows, apparently, it simply abandones that server until it has no choice but to return.

                                      I don't see any issue there. You're getting DNS either way, what's it matter what it's from if they are the same? If clients are getting DNS from the failover DNS server and you don't want it to, turn off the DNS service on that server then, and clients will fail back... if you even care.

                                      That's a pretty awful process. I mean... horrendous. Kill a server just to get clients back to where you want them to be?

                                      ANd since it is random, that doesn't even work.

                                      1 Reply Last reply Reply Quote 1
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said in DNS Update Issue:

                                        @Obsolesce said in DNS Update Issue:

                                        @scottalanmiller said in DNS Update Issue:

                                        In Windows, apparently, it simply abandones that server until it has no choice but to return.

                                        I don't see any issue there. You're getting DNS either way, what's it matter what it's from if they are the same? If clients are getting DNS from the failover DNS server and you don't want it to, turn off the DNS service on that server then, and clients will fail back... if you even care.

                                        The problem happens when your secondary server isn't part of your internal network (assuming your primary is part of your internal network). When using the secondary you won't get resolution for internal network resources.

                                        That's the BIG problem. But not the only one. Take a common manufacturing plant with one AD at one site, and the other one at a different site. If you can't choose primary or secondary, then failover means slow DNS over a WAN link - potentially for weeks or months at a time. Sometimes for no reason at all, or something as simple as having rebooting the local one.

                                        It's not just wanting to use a public source, that clouds the issue. Lots of people don't want to use public ever, so ignore that. It's bad behaviour regardless.

                                        DonahueD ObsolesceO 2 Replies Last reply Reply Quote 0
                                        • DonahueD
                                          Donahue @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in DNS Update Issue:

                                          @Dashrender said in DNS Update Issue:

                                          @Obsolesce said in DNS Update Issue:

                                          @scottalanmiller said in DNS Update Issue:

                                          In Windows, apparently, it simply abandones that server until it has no choice but to return.

                                          I don't see any issue there. You're getting DNS either way, what's it matter what it's from if they are the same? If clients are getting DNS from the failover DNS server and you don't want it to, turn off the DNS service on that server then, and clients will fail back... if you even care.

                                          The problem happens when your secondary server isn't part of your internal network (assuming your primary is part of your internal network). When using the secondary you won't get resolution for internal network resources.

                                          That's the BIG problem. But not the only one. Take a common manufacturing plant with one AD at one site, and the other one at a different site. If you can't choose primary or secondary, then failover means slow DNS over a WAN link - potentially for weeks or months at a time. Sometimes for no reason at all, or something as simple as having rebooting the local one.

                                          It's not just wanting to use a public source, that clouds the issue. Lots of people don't want to use public ever, so ignore that. It's bad behaviour regardless.

                                          @scottalanmiller is describing my setup because he has seen it.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @Donahue
                                            last edited by

                                            @Donahue said in DNS Update Issue:

                                            @scottalanmiller said in DNS Update Issue:

                                            @Dashrender said in DNS Update Issue:

                                            @Obsolesce said in DNS Update Issue:

                                            @scottalanmiller said in DNS Update Issue:

                                            In Windows, apparently, it simply abandones that server until it has no choice but to return.

                                            I don't see any issue there. You're getting DNS either way, what's it matter what it's from if they are the same? If clients are getting DNS from the failover DNS server and you don't want it to, turn off the DNS service on that server then, and clients will fail back... if you even care.

                                            The problem happens when your secondary server isn't part of your internal network (assuming your primary is part of your internal network). When using the secondary you won't get resolution for internal network resources.

                                            That's the BIG problem. But not the only one. Take a common manufacturing plant with one AD at one site, and the other one at a different site. If you can't choose primary or secondary, then failover means slow DNS over a WAN link - potentially for weeks or months at a time. Sometimes for no reason at all, or something as simple as having rebooting the local one.

                                            It's not just wanting to use a public source, that clouds the issue. Lots of people don't want to use public ever, so ignore that. It's bad behaviour regardless.

                                            @scottalanmiller is describing my setup because he has seen it.

                                            It's a common, real world setup that makes sense. But non-deterministic DNS behaviour from Windows would be less than ideal for use in that environment. Not a show stopper, especially with a Gig link between sites, but a silly problem to have that doesn't need to exist.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 9
                                            • 10
                                            • 11
                                            • 12
                                            • 13
                                            • 14
                                            • 11 / 14
                                            • First post
                                              Last post