Question. I have a Windows AD Domain with two DCs. I find that name resolution becomes very unreliable when my "primary" Domain server is offline. How can I fix this?
I am running two Windows Server 2012 Standard servers, and both are Domain Controllers, DNS servers, and DHCP servers.
On the client side, my clients are using DHCP (from the aforementioned servers) and the DNS config they get sets one Domain Controller as Preferred, and the other as Alternate.
If I shut off the "Preferred" Domain Controller as a test, then internet browsing becomes very slow. Loading pages often fails, and I have to refresh often in order to get pages to successfully load. I think DNS lookups occur in round robin fashion, so I am assuming that the client tries the Preferred DNS first and fails. Then when I hit refresh, it tries the Alternate and succeeds. But I'm not sure about this, and it seems to be a very clunky system:
Question A. Why isn't the client automatically trying the Alternate DNS when the Primary DNS fails? This is 2015. What is the point of having an Alternate DNS if I have to manually hit refresh, sometimes twice, sometimes 5 or 6 times, to get the Internet to work? Do I have something misconfigured?
Question B. If I do nslookup google.com from a client's command prompt, it simply fails with timeout trying to contact the Primary DNS. It never tries the Alternate no matter how many times I try. Why is this?
Question C. Is there a better way for me to set this up so that the DNS failover is more transparent and automatic? When the Primary DNS Server is online, everything is as smooth as butter. When I have to switch to my "Secondary" DNS Server, everything becomes slow and unwieldy. I don't think that was the intended design. (I am aware that the idea of "Primary" and "Secondary" Domain Servers is now deprecated, and that all Domain Controllers are considered equal - even more reason why I don't see why I should be experiencing these problems if one Controller goes down).
Question A - For detailed information about the DNS failover behaviours of various Windows OS's read here http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx This usually works, most likely you have something misconfigured.
Question B - Nslooup is a diagnostic tool for DNS resolution, not for client resolution. Nslookup will automatically choose the preferred DNS server and send all queries to it - this is by design. To test resolution against your second dns server type
Question C - Most likely you have the second server configured to forward lookups to the first server - it is probably also configured as isSlave=0. In this configuration you are hitting DNS timeouts becuase the DNS server will attempt to resolve from the first DNS server, timeout and then do root hints.
Either change both Domain controllers to remove all forwarders so they both user root hints, or change both Domain Controllers so that they both use your ISP DNS servers (or google dns 8.8.8.8)
Good Luck!
Shane