Re: DNS not failing over

Martin Borne · ‎01-17-2003

I have 2 dns servers, (primary and secondary)
When the primary is unavailable, the clients do not fail over the to secondary. I know the secondary server is working as I can do:
nslookup hostname secondary and it resolves just fine.

Any ideas would be great as this can stop my whole network.

Thanks
Martin

It's better to burn out than fade away!

Pete Randall · ‎01-17-2003

Martin,

What does your resolv.conf look like? Both DNS servers listed?

Pete

Pete

Patrick Wallek · ‎01-17-2003

Do you have both DNS servers defined in your /etc/resolv.conf file?

Martin Borne · ‎01-17-2003

My resolv.conf has:

search ssfdns
nameserver 10.60.78.48
nameserver 10.60.78.49

I don't have .com as we are not connected to the internet.

Martin

It's better to burn out than fade away!

Pete Randall · ‎01-17-2003

Sorry, Martin, but I have to ask: if you're not even connected to the internet, why are you even bothering with DNS? Why not just put everything in the hosts file? Resolution is faster. And even with DNS, the typical recommendation is to use the nsswitch.conf file to search hosts first because it is so much faster.

Pete

Pete

Martin Borne · ‎01-17-2003

I have 20 servers and 150 workstations, with a mix of mostly unix and some windows.

Just easier than trying to manage host files.

The dns works great except for the ability to failover the secondary.

Martin

It's better to burn out than fade away!

Patrick Wallek · ‎01-17-2003

Your domain may be part of your problem. ssfdns is not a valid domain. The resolver is expecting a real domain name. You might try without the domain line in there at all and see what happens. If that doesn't work, try ssfdns.com or whatever domain you have set up for your machines.

Pete Randall · ‎01-17-2003

Martin,

Do you get any error messages?

Pete

Pete

Martin Borne · ‎01-17-2003

Pete,

There are no error messages.

Patrick,

That makes sense, I will give it a try this weekend.

Martin

It's better to burn out than fade away!

Oliver Zell_1 · ‎01-17-2003

How did you know it doesn't fail over? Doing a nslookup check or a command like ping? It's just because nslookup behaves different from normal resolver mechanisms in this area.

You should also consider that you will have timeouts and retries, before it jumps to the second nameserver. Did you wait long enough or did you interrupt the command? With an actual libc patch, timeout and retry are configurable.

Pete Randall · ‎01-17-2003

Agreed, I'd definitely try ping before I wasted my weekend.

Pete

Pete

Martin Borne · ‎01-17-2003

I was testing it last night, when I brought down my primary server, I could not ping, nslookup, and most of my systems on the network hung. (I have a lot of nfs mounts).

This all came about when the primary hung this week and everyone was unable to work.

It's better to burn out than fade away!

Michael Knaup · ‎01-17-2003

To test the failover mechanism you don't need to disconnect your primary name server. Just take an unimportant client and put an unreachable ip address as the first nameserver entry into the resolv.conf. Should be enough for testing.

Then do a ping. Does it hang? How long does it hang (should be 5 seconds)?

If the ping doesn't come back, remove the /etc/resolv.conf and write it completely new to be sure you have no hidden characters in the file that could disturb and check again.

Scott Corzine · ‎01-18-2003

Martin-

Each individual client has its own list of nameservers, which must have both DNS servers in order for the client to failover (the servers' /etc/resolv.conf doesn't effect this). For Unix clients this is in /etc/resolv.conf (using the techniques others have already mentioned), but Windows clients are a bit trickier:

A Windows client can get its list of DNS servers via DHCP (highly recommended) or by manual configuration of TCP in the Network Control Panel. Note that there are some versions of Windows have slight differences in all of this.

To check what the effective DNS settings are on a Win9x (Win95, Win98, or WinME), run winipcfg:

Start->Run winipcfg

Then click on the "More Details" Button and you'll see network settings including the first DNS server. Click the "..." button next to the DNS server to switch it to display the next DNS server on the list.

On NT derived systems (WinNT, Win2000 and WinXP), open a command window and run the command "ipconfig" or "ipconfig /all". This will list all of the current settings.

Lastly, note that the DNS timeouts on some implementations can be fairly long (30-90 seconds) before it goes on to the next server.

Good Luck,
-Scott-

PS-
One especially nice thing about using DHCP to hand out network parameters is that you can easily change all of your clients by making a single change on the DHCP server and letting the clients acquire them by releasing and renewing (with the commands above or by rebooting). You don't have to go around to each system and change it by hand.

Bill Hassell · ‎01-18-2003

I would use the nsswitch.conf file to improve reliability and response time. DNS failover takes about 20 seconds PER REQUEST! That means that NFS and logins will appear to be virtually dead although if you wait long enough, things will start to work (slowly).

DNS is a CRITICAL network service and performance depends very heavily on a responsive server. If the server is not reliable, EVERY computer using that server is at risk. If you cannot make the DNS server rock solid, then don't use it for local requests. Instead, create an nsswitch.conf file that uses /etc/hosts first and DNS as a second choice.

Put the critical systems into /etc/hosts. While it will be a pain to create the dozen or two entries, it will be the same file for all Unix and PC boxes--and no network administrator would keep changing IP addresses of production systems anyways. The DHCP clients are almost always clients so their IP address isn't needed very often. If you have DHCP coupled with a dynamic DNS server, take a look at either a more reliable DNS server or permanent IP addresses given out by the DHCP server.

Bill Hassell, sysadmin

Steven E. Protter · ‎01-19-2003

My Windows boxes don't failoever very well at all. I think its something to do with windows.

As far as Unix boxes go, you should be able to get that to work with the continue directive in nsswitch.conf file.

Steve

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Trever Furnish · ‎01-20-2003

If you're talking about windows client failover, good luck figuring out what they do - hint: it varies with service pack level.

The way they handle timing out and failing over is certainly different compared to *nix systems.

Hockey PUX?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: DNS not failing over

DNS not failing over