Alternate DNS server not resolving after first one fails to resolve

I have several VMs set up running on top of Citrix XenServer 6.1 in a lab network, but I think this issue might not be specific to XenServer.

There are several different OSes running:

Fedora 19
Ubuntu 12.04 Desktop
Ubuntu 12.04 Server
Windows 7

Each one pulls two DNS server addresses from DHCP:

Primary: 172.16.18.68, which is our local DNS on our lab network. It resolves names inside our lab network.
Secondary: 10.10.201.11, which is the DNS outside of our lab network but still part of our company. It provides our access to the outside world.

On Windows 7 and Ubuntu 12.04 Server, I can resolve domain names outside and inside my lab network. On Ubuntu 12.04 Desktop and Fedora 19, I can only resolve names inside my lab network -- I can't resolve any outside. I can still visit google.com by typing 74.125.131.106 in the web browser though, so I do have access to the outside world, just not DNS. If I switch the order of the DNS servers though, then I can resolve outside names but not inside names. So Fedora 19 and Ubuntu Desktop are only using the first server in the list of DNS servers, and if that fails they don't try the alternate one. Why is that? And why does the same thing not happen on Ubuntu Server and Windows 7?

John Peter Thompson Garcés

Posted 2013-11-27T15:37:02.843

Reputation: 415

Answers

Primary and secondary DNS server are expected to give the same result. It seems that you have setup your own DNS server want the OS to use your DNS server for resolving your lab names/IPs and use the company DNS server to resolve all other names/IPs.

This is not the way it works. If your PC asks your DNS server for the IP of a company server and your DNS server answers that the name is unknown, then there is a result and there is no need to ask another DNS server. Also if your PC asks the company DNS server for a lab name, then it will answer that it does not know the name.

You should configure your DNS server to forward all requests for domains other than yours to the company DNS server. In an ideal case the company DNS server should be configured to know your sub domain and forward all requests for your domain to your DNS server.

You should use your DNS server as primary DNS server. If you can configure the forward zone in the company DNS you can use that DNS server as secondary, otherwise you should not configure a secondary DNS server.

And as it seems that you are not knowing how DNS works, you should ask you company admins to assist you.

Werner Henze

Posted 2013-11-27T15:37:02.843

Reputation: 4 214

they're all on vacation. But your answer is very helpful – John Peter Thompson Garcés – 2013-11-27T15:57:43.700

Can you explain why Ubuntu Server and Windows 7 work differently though, because these do use the alternate DNS if the first doesn't resolve. – John Peter Thompson Garcés – 2013-11-27T16:07:29.050

No idea. For further Investigation you could give more info about what search Domains are used, what names you lookup and Network traces would help to see which Server is asked. – Werner Henze – 2013-11-27T16:17:43.163

In, external DNS servers tend not to resolve internal names (it's not considered "best practice"). Internal DNS servers typically answer for the internal names and forward unknown queries to external servers. Recommend taking a look at the forwarder statement in the internal DNS server.

Having both your internal and external nameservers in your workstation as primary and secondary servers will cause the problem you're describing (unless the external one is configured to actually be a secondary to the internal server)(a zone transfer should have occurred between the two servers).

joat

Posted 2013-11-27T15:37:02.843

Reputation: 466