DNS Update Issue
-
@black3dynamite said in DNS Update Issue:
Results will be different from a member and a workgroup computer?
Will they? How does Window's DNS usage change based on that?
-
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
-
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
So I will have to flush the local DNS cach (only in the beginning), and PING hosts that are not yet cached locally to get the client to perform DNS lookups.
-
Confirmed:
The NSLOOKUP tool only uses the primary DNS server, period, unless you specify otherwise manually. So, not a good tool for testing the scenario of this thread. All other apps use the secondary DNS server, but not NSLOOKUP. -
So, @scottalanmiller , back to using PING again, because it's the easiest way to get hte computer to make DNS requests. No flushdns is required after the initial ones if i"m using different and uncached hostnames to get the client to perform DNS lookups.
Edit: Nirsoft has a DNS lookup tool, I'll try that
-
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
That's seriously messed up. So nslookup is just broken? So there is no proper query mechanism to know what the machine would definitely see?
-
@Obsolesce said in DNS Update Issue:
So, @scottalanmiller , back to using PING again, because it's the easiest way to get hte computer to make DNS requests. No flushdns is required after the initial ones if i"m using different and uncached hostnames to get the client to perform DNS lookups.
Edit: Nirsoft has a DNS lookup tool, I'll try that
Okay, so if we avoid the cache, and check logs to see what ping is doing...
Did it behave the same, with an automatic failover and, more importantly, fail back?
-
This is how
nslookupshould work.. Thanks Windows..You can see here that my router's DHCP scope is set to give clients 10.254.103.4 and then 10.254.103.1
You can see that `nslookup used .4 immediately.
I then shutdown the Pi-Hole on .4
and tried the lookup again, without ever exiting
nslookup.It used the secondary, with a small delay while the primary timed out.
-
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
That's seriously messed up. So nslookup is just broken? So there is no proper query mechanism to know what the machine would definitely see?
You would be correct. Windows is more stupid than we knew.
-
@JaredBusch said in DNS Update Issue:
This is how
nslookupshould work.. Thanks Windows..You can see here that my router's DHCP scope is set to give clients 10.254.103.4 and then 10.254.103.1
You can see that `nslookup used .4 immediately.
I then shutdown the Pi-Hole on .4
and tried the lookup again, without ever exiting
nslookup.It used the secondary, with a small delay while the primary timed out.
Exactly, it should only stick with the primary if the primary is specified, that's what the specification is FOR. Otherwise, it doesn't give a real world query as is its purpose.
It's clearly skipping part of the stack that it is supposed to be testing.
-
@JaredBusch said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
That's seriously messed up. So nslookup is just broken? So there is no proper query mechanism to know what the machine would definitely see?
You would be correct. Windows is more stupid than we knew.
I, apparently, have been giving it way too much credit.
-
powered the Pi-Hole back on and look..
-
Going to get my daughter's Surface running Windows 10 to verify for everyone.
-
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
So, @scottalanmiller , back to using PING again, because it's the easiest way to get hte computer to make DNS requests. No flushdns is required after the initial ones if i"m using different and uncached hostnames to get the client to perform DNS lookups.
Edit: Nirsoft has a DNS lookup tool, I'll try that
Okay, so if we avoid the cache, and check logs to see what ping is doing...
Did it behave the same, with an automatic failover and, more importantly, fail back?
I'll try it with ping instead of nirsoft DNSDataView. I have a feeling that program is way smarter than Windows ping and nslookup and will use whatever DNS server it can. So I'll only use it to verify the hostnames i ping arent' cached.
-
@JaredBusch I used a watch command with nslookup on Fedora, which is neat because it just... updates.
-
I opened the left powershell window and did the lookup.
shutdown the Pi-Hole and typed again.
Then I opened the second window.Just in case maybe nslookup opened after the DNS server was offline would work. Nope.Piss off Windows.
-
So pretty much we should also be using Linux to troubleshoot Windows too.
-
@scottalanmiller said in DNS Update Issue:
@JaredBusch I used a watch command with nslookup on Fedora, which is neat because it just... updates.
Right, but that is technically a new instance of the command each time. I was using the opened command instance proving nothing had to even be re-executed.
-
Final results:
I used Nirsoft DNSDataView to verify that any hostname I query is not in the Windows DNS Cache.
I blocked all DC/DNS server IPs in the local firewal, and verified DNS does not work.
- I test this by clearing the local DNS cache (
ipconfig /flushdns) then trying to ping something by name. This proved as a good test, becasue I was unable to ping anything by hostname. The PING failed because a DNS server could not be contacted in order to get the IP of the host I was trying to ping by name.
I enabled Debug Logging on both DC/DNS servers (DC/DNS01 and DC/DNS02). I had both logs up in tail mode so I can see ALL DNS querys to the server from my test workstation only.
Then I unblocked only DC/DNS02, and tried pinging something by hostname only. This forces the client to do a DNS lookup so it can ping the target.
- I tested this by unblocking DC/DNS02, then performing a ping to a non-cached hostname. It was a successful PING, and DNS lookup occurred on DC/DNS02, confirmed in log.
I now unblocked the primary DC (DC/DNS01), and performed a ping to a non-cached hostname.
I performed several more pings shown below, and the DNS server that was used to perform the DNS query, as well as the time.
ping 1 -> DC/DNS02 (11:21 am)
ping 2 -> DC/DNS02 (11:22 am)
ping 3 -> DC/DNS02 (11:25 am)
ping 4 -> DC/DNS02 (11:30 am)
ping 5 -> DC/DNS02 (11:33:31 am)
Ping X -> DC/DNS01 (11:33:57 am) On DC/DNS01 I noticed an entry, which tells me Windows automatically set it back to be used, confirmed below:
ping 6 -> DC/DNS01 (11:34:17 am)
Tesing shows that Windows does not immediately fail-back to the primary DNS server once it becomes available, and doesn't do it automatically for about 15 minutes without some kind of network stack reset or computer reboot.
Windows will automatically fail-back to primary DNS server after about 15 minutes.
Now there's something to search the internet for, and as such, confirmed that 15 minutes is when it happens automatically.
- I test this by clearing the local DNS cache (
-
@Obsolesce interesting, so very different results than people had been saying that they were getting in Windows environments. But much more logical and expected.
