DNS Client Resolver Behavior

TechNet Blogs > Microsoft Enterprise Networking Team > DNS Client Resolver Behavior
Live Now on Server & Tools Blogs
Menu
Recent Posts
Tags
More
Archives
Archives
More

DNS Client Resolver Behavior

26 Jun 2009 11:29 AM
  • Comments 10

The following question comes up from time to time and for various reasons. What is the expected name resolution behavior of the DNS client resolver on Windows XP or Windows Vista? This may be for a single or for multiple network interfaces. So I thought I would put together a brief overview of what you would see on the network for DNS name resolution for different interface configurations. I am including network captures of three different scenarios that illustrate the expected behavior. This is just a quick overview; there is additional documentation available that covers how the ordering of the Preferred and Alternate DNS servers can change per interface, so I am not going to cover that here.

Scenario 1

A single network interface with a Preferred and Alternate DNS configured.
Preferred - 192.168.0.10
Alternate - 192.168.0.100

image

From the capture you will see the following behavior:

  1. Send a DNS query to the Preferred DNS server.
  2. If there is no response within 1 second then send a DNS query to the Alternate DNS server.
  3. If there is no response within 1 second send a DNS query again to the Preferred DNS server.
  4. If there is no response within 2 seconds send a DNS query to both the Preferred and Alternate DNS servers.
  5. If there is no response within 4 seconds again send a DNS query to both the Preferred and Alternate DNS servers.
  6. If there is still no response after 7 seconds, the process times out.

Notice that the whole process takes about 15 seconds.

Scenario 2

Two network interfaces each with a Preferred and Alternate DNS server configured.
Interface 1:
Preferred DNS server - 192.168.0.10
Alternate DNS server - 192.168.0.100

Interface 2:
Preferred DNS server - 10.10.10.10
Alternate DNS server - 10.10.10.11

image

From the capture you will see the following behavior:

  1. Send a DNS query to the Preferred DNS server.
  2. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 2 and the Alternate DNS server on Interface 1.
  3. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 1 and the Alternate DNS server on Interface 2.
  4. If there is no response within 2 seconds send a DNS query to ALL DNS servers.
  5. If there is no response within 4 seconds again send a DNS query to ALL DNS servers.
  6. If there is still no response after 7 seconds the process times out.

Again, notice that the whole process takes about 15 seconds.

Confused yet? If so, maybe this table will help simplify things. Let's say we have two interfaces, each with two DNS servers configured. The interfaces are numbered 1 and 2 and the DNS servers are A, B, C, and D.

Interface / DNS Server 1 DNS A,B 2 DNS C,D
1st Query A  
2nd Query B C
3rd Query A D
4th Query A, B C, D
5th Query A, B C, D

Scenario 3

Just for fun, let’s see what happens if you add additional DNS servers to the first interface.
Interface 1:
Preferred DNS server - 192.168.0.10
Alternate DNS server - 192.168.0.100
Additional DNS server - 192.168.0.200
Additional DNS server - 192.168.0.250

Interface 2:
Preferred DNS server - 10.10.10.10
Alternate DNS server - 10.10.10.11

image

From the capture you will see the following behavior:

  1. Send a DNS query to the Preferred DNS server.
  2. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 2 and the Alternate DNS server on Interface 1.
  3. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 1 and the Alternate DNS server on Interface 2.
  4. If there is no response within 2 seconds send a DNS query to ALL DNS servers.
  5. If there is no response within 4 seconds again send a DNS query to ALL DNS servers.
  6. If there is still no response after 7 seconds the process times out.

This is the same behavior as Scenario 2, we just have more DNS servers.

 

Interface / DNS Server 1 DNS A,B, C, D 2 DNS E,F
1st Query A  
2nd Query B E
3rd Query C F
4th Query A, B, C, D E, F
5th Query A, B, C, D E, F

Notice that there are still only 5 queries and the whole process still takes about 15 seconds. It is not likely that many people would run into this particular scenario, but it is interesting to see how things behave.

Hope that helps clear up any questions.

- Clark Satter

, , , ,
Leave a Comment
  • Please add 6 and 5 and type the answer here:
  • Post
Comments
  • Richard R
    27 Jun 2009 1:28 AM

    Thanks for putting this together.

  • Robert
    27 Jun 2009 5:42 AM

    So there is only one question LEFT.

    How is the interface selection done? Wich interface will be the first and the second, third,... one.

    And how does this work if you have dynamic interfaces like VPN Adapters or Virtual Adapters?

    Is there a change in this process with Win7  and W2008R2?

    Thank you

  • Richard Hicks
    27 Jun 2009 7:19 PM

    Can you comment on the DNS resolver behavior changes in Windows Vista with regard to the handling of responses that include IP addresses that appear to be unreachable from the local host?

    http://tmgblog.richardhicks.com/2009/01/10/dns-resolver-behavior-in-windows-vista/

    Thanks!

  • 29 Jun 2009 1:54 PM

    Really good information Clark, I haevn't seen this documented this well anywhere else.  This one is getting put into the favorites.

    Thanks

    Mike

  • David
    25 Aug 2009 12:33 PM

    > So there is only one question LEFT.

    >

    > How is the interface selection done? Wich interface

    > will be the first and the second, third,... one.

    Any answers here?  Windows 7 and Vista seem to prefer a VPN/PPP connection, but Windows XP would prefer ethernet/wireless connections.

    I'd really like to get back the previous behavior.

  • Hannes
    22 Oct 2009 3:18 AM

    Can you complicate it a bit more?

    What happens if you've got more than one Domain suffix.

    e.g. 2 Interfaces with each 2 DNS Servers and two DNS Suffixes

    Interface  1 A,B Domain a.a,b.b   2 C,D Domain a.a,b.b

    Query1     A a.a

    Query2     A b.b or B a.a ???     C a.a ???

    Any Ideas?

  • lxh
    29 Nov 2009 12:55 AM

    > So there is only one question LEFT.

    >

    > How is the interface selection done? Wich interface

    > will be the first and the second, third,... one.

    Any answers here?  Windows 7 and Vista seem to prefer a VPN/PPP connection, but Windows XP would prefer ethernet/wireless connections.

    I'd really like to get back the previous behavior.

    --------------

    yes,

    i have same question and i get the resolve method:

    it is simple,

    go to control pannel - > network connection -> advanced -> advaned config -> adapter and binding -> here you can change the network service order.

    hope it is helpful.

    I use chinese version,

    sorry for my bad english.

    best regards,

    lxh

  • yoke88
    5 Dec 2009 8:33 PM

    how did you setup your test environment? i uses there dns servers in the list ,but it just try once

  • 2 Sep 2012 2:13 AM

    Nice article.

  • 8 Nov 2012 9:29 AM

    Interesting.  I did not witness this behavior in Windows 8 (presumably previous versions as well).  If the above article is correct, there would be NO scenario in which DNS queries are sent to a 3rd or 4th DNS server (on a single interface) without also sending the request to ALL other servers.  I am witnessing requests sent to the fourth DNS server in a list, without bothering to contact server 1, 2 or 3.  Perhaps there is a cache of non-responsive servers or something?  I'll post back if I learn more...

Page 1 of 1 (10 items)