0

I'm learning DNS and trying to figure out the path of a DNS request made by a host in one of our domains. More specifically, if there is a DNS server listed on the DC interface when running ipconfig, does this take precedence over the DNS Servers listed as forwarders on a DC with the DNS role? The host in question has an ethernet interface with the following DNS servers:

DC1
DC2
8.8.8.8

So, I know a DNS request goes first to DC1. DC1 is connected to the network via an interface with the following DNS servers:

DC1(itself)
DC2

But it also has the DNS role, with 2 forwarders in the Server Manager page:

DC3
DC4

Say DC1 couldn't resolve the request itself and needed to ask another DNS server. Would it first visit the interface's DNS servers and re-ask itself, moving to DC2 when it fails? Or would it try to resolve the request then forward it to DC3 and eventually DC4? Does having two conflicting lists like that ever cause issues, or is it okay to leave the interface DNS servers not matching with the forwarders?

Improve this question

1 Answer 1

Reset to default
0

The configuration on the interface on DC1 is only for the DNS requests done by the operating system and any applications that use the operating system for DNS resolving.

Thus for Windows or any of the applications (apart from the DNS server), it would resolve via DC1 and then DC2. If there is no answer from either of those, it stops, but it wouldn't impact any of the users using the DNS service on DC1.

The DNS service itself has it's own separate DNS forwarders configured, which will forward requests to DC3 and DC4, independent of the operating system.

Keep in mind that above only works if the DNS servers are unavailable. For example; NXDOMAIN (domain does not exist) is a valid response to a query and wouldn't have the server 'fall back' to another DNS server.

The question if the configuration is correct is one you have to judge for yourself. There might be good reasons to set it up like that (it would reduce latency if DC1 and DC2 are in Europe and DC3 and DC4 in Asia). There is nothing wrong with an OS querying a DNS server that's running on that host, as long as it has a backup DNS server.

Improve this answer
2
  • Awesome, thanks for the help.
    – dee_enn_ess
    Commented Oct 27, 2021 at 16:35
  • Glad to be of help, if you found the answer satisfactory, can you mark this as the Accepted Answer? This will enable people in the future to find the solution quickly (as well as give me some rep :) )
    – mtak
    Commented Oct 28, 2021 at 15:02

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .