How do preferred and alternate or multiple DNS servers work?

21

3

I was considering adding 8.8.8.8 to the end of my adapter's list of DNS servers as a backup in case everything fails, when it occurred to me that I don't really know how secondary and tertiary DNS servers are treated.

  • Under what conditions is the next DNS server used?
  • Will the next server be checked if the name isn't resolved?
  • Can I configure my machine to query multiple servers if a name is not resolved?

I'm also worried that by adding a DNS server not on my intranet, I may not be able to resolve local names.

  • If the first DNS server fails, how long will the secondary DNS server be used?
  • When my machine checks to see if the primary DNS server is up, does it stall my current DNS query?
  • How do multiple DNS servers affect performance? If I have four DNS servers on my adapter's list and three of them are dead, will it wait for three timeouts before getting an answer?

I'm not sure if this question is OS specific either. Do different operating systems treat this differently?

My goal is to append 8.8.8.8 to the DNS servers on top of what DHCP hands out with a script. I keep running in to stupid DNS problems where my machines wind up with a bogus/unreachable/simply no DNS server due to errors in DHCP configuration that I have no control over. I'm getting sick of it, but I'm wondering if adding this fail safe would cause more problems than it solves.

Tanner Faulkner

Posted 2012-08-17T16:14:51.230

Reputation: 11 948

1

This question is related: http://superuser.com/q/558843/146694 Adding an external DNS address to a network that needs internal name resolution causes lots of problems.

– Tanner Faulkner – 2013-09-12T14:07:40.617

Answers

16

The answer is certainly operating system-specific in the sense that nothing is preventing a certain operating system from behaving differently. There is nothing necessary about DNS client querying of multiple servers that would prevent an operating system implementation from treating DNS queries differently than I'm describing here.

That said, the example of how Linux looks up DNS names should be representative of how most operating systems in common use today do it.

Here is a good post describing the behavior in detail, as well as a way to set up something like what you've asked for.

The general idea is that, by default, secondary/tertiary DNS servers are only used in sequence if the primary DNS server times out or points to a non-routable IP address. Even if the primary DNS server says "that domain does not resolve", it will not move on to ask the next nameserver. It treats any valid response to the query as a reason not to move to the next DNS server in the list.

One possible sane way of setting it up so that local addresses will resolve first, but still use Google DNS or OpenDNS instead of your ISP's DNS server, is to configure your router or LAN box (whichever box is the Internet gateway) to use 8.8.8.8 as its primary nameserver. Of course, the gateway box should itself be running a nameserver, and should be configured to answer DNS queries for local hostnames on the private subnet -- but if it fails to resolve against the local subnet, it should immediately punt to Google DNS. This is kind of the best of both worlds.

Another way to do it is to set up different nameservers for different network interfaces. Windows lets you do that by default; the article in the link above describes a way to do it by configuring the BIND9 DNS server implementation using the forward and forwarders directives.

allquixotic

Posted 2012-08-17T16:14:51.230

Reputation: 32 256

Asked: 2012-08-17T16:14:51.230

Viewed: 31 446 times

Active: 2012-08-17T18:42:47.917