Welcome to TechNet Blogs Sign in | Join | Help

News

  • Welcome to the blog for the Microsoft CSS Enterprise Platforms Networking team.

    Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.

    Blog Tools

    Add to Technorati Favorites
    Blog Flux Directory
    Computers Blogs - Blog Top Sites

    Add to Google

    Locations of visitors to this page

DNS Client Resolver Behavior

The following question comes up from time to time and for various reasons. What is the expected name resolution behavior of the DNS client resolver on Windows XP or Windows Vista? This may be for a single or for multiple network interfaces. So I thought I would put together a brief overview of what you would see on the network for DNS name resolution for different interface configurations. I am including network captures of three different scenarios that illustrate the expected behavior. This is just a quick overview; there is additional documentation available that covers how the ordering of the Preferred and Alternate DNS servers can change per interface, so I am not going to cover that here.

Scenario 1

A single network interface with a Preferred and Alternate DNS configured.
Preferred - 192.168.0.10
Alternate - 192.168.0.100

image

From the capture you will see the following behavior:

  1. Send a DNS query to the Preferred DNS server.
  2. If there is no response within 1 second then send a DNS query to the Alternate DNS server.
  3. If there is no response within 1 second send a DNS query again to the Preferred DNS server.
  4. If there is no response within 2 seconds send a DNS query to both the Preferred and Alternate DNS servers.
  5. If there is no response within 4 seconds again send a DNS query to both the Preferred and Alternate DNS servers.
  6. If there is still no response after 7 seconds, the process times out.

Notice that the whole process takes about 15 seconds.

Scenario 2

Two network interfaces each with a Preferred and Alternate DNS server configured.
Interface 1:
Preferred DNS server - 192.168.0.10
Alternate DNS server - 192.168.0.100

Interface 2:
Preferred DNS server - 10.10.10.10
Alternate DNS server - 10.10.10.11

image

From the capture you will see the following behavior:

  1. Send a DNS query to the Preferred DNS server.
  2. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 2 and the Alternate DNS server on Interface 1.
  3. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 1 and the Alternate DNS server on Interface 2.
  4. If there is no response within 2 seconds send a DNS query to ALL DNS servers.
  5. If there is no response within 4 seconds again send a DNS query to ALL DNS servers.
  6. If there is still no response after 7 seconds the process times out.

Again, notice that the whole process takes about 15 seconds.

Confused yet? If so, maybe this table will help simplify things. Let's say we have two interfaces, each with two DNS servers configured. The interfaces are numbered 1 and 2 and the DNS servers are A, B, C, and D.

Interface / DNS Server 1 DNS A,B 2 DNS C,D
1st Query A  
2nd Query B C
3rd Query A D
4th Query A, B C, D
5th Query A, B C, D

Scenario 3

Just for fun, let’s see what happens if you add additional DNS servers to the first interface.
Interface 1:
Preferred DNS server - 192.168.0.10
Alternate DNS server - 192.168.0.100
Additional DNS server - 192.168.0.200
Additional DNS server - 192.168.0.250

Interface 2:
Preferred DNS server - 10.10.10.10
Alternate DNS server - 10.10.10.11

image

From the capture you will see the following behavior:

  1. Send a DNS query to the Preferred DNS server.
  2. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 2 and the Alternate DNS server on Interface 1.
  3. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 1 and the Alternate DNS server on Interface 2.
  4. If there is no response within 2 seconds send a DNS query to ALL DNS servers.
  5. If there is no response within 4 seconds again send a DNS query to ALL DNS servers.
  6. If there is still no response after 7 seconds the process times out.

This is the same behavior as Scenario 2, we just have more DNS servers.

 

Interface / DNS Server 1 DNS A,B, C, D 2 DNS E,F
1st Query A  
2nd Query B E
3rd Query C F
4th Query A, B, C, D E, F
5th Query A, B, C, D E, F

Notice that there are still only 5 queries and the whole process still takes about 15 seconds. It is not likely that many people would run into this particular scenario, but it is interesting to see how things behave.

Hope that helps clear up any questions.

- Clark Satter

Posted: Friday, June 26, 2009 4:29 PM by MichaelPlatts

Comments

Richard R said:

Thanks for putting this together.

# June 27, 2009 1:28 AM

Robert said:

So there is only one question LEFT.

How is the interface selection done? Wich interface will be the first and the second, third,... one.

And how does this work if you have dynamic interfaces like VPN Adapters or Virtual Adapters?

Is there a change in this process with Win7  and W2008R2?

Thank you

# June 27, 2009 5:42 AM

Richard Hicks said:

Can you comment on the DNS resolver behavior changes in Windows Vista with regard to the handling of responses that include IP addresses that appear to be unreachable from the local host?

http://tmgblog.richardhicks.com/2009/01/10/dns-resolver-behavior-in-windows-vista/

Thanks!

# June 27, 2009 7:19 PM

Mkline said:

Really good information Clark, I haevn't seen this documented this well anywhere else.  This one is getting put into the favorites.

Thanks

Mike

# June 29, 2009 1:54 PM

David said:

> So there is only one question LEFT.

>

> How is the interface selection done? Wich interface

> will be the first and the second, third,... one.

Any answers here?  Windows 7 and Vista seem to prefer a VPN/PPP connection, but Windows XP would prefer ethernet/wireless connections.

I'd really like to get back the previous behavior.

# August 25, 2009 12:33 PM

Hannes said:

Can you complicate it a bit more?

What happens if you've got more than one Domain suffix.

e.g. 2 Interfaces with each 2 DNS Servers and two DNS Suffixes

Interface  1 A,B Domain a.a,b.b   2 C,D Domain a.a,b.b

Query1     A a.a

Query2     A b.b or B a.a ???     C a.a ???

Any Ideas?

# October 22, 2009 3:18 AM

lxh said:

> So there is only one question LEFT.

>

> How is the interface selection done? Wich interface

> will be the first and the second, third,... one.

Any answers here?  Windows 7 and Vista seem to prefer a VPN/PPP connection, but Windows XP would prefer ethernet/wireless connections.

I'd really like to get back the previous behavior.

--------------

yes,

i have same question and i get the resolve method:

it is simple,

go to control pannel - > network connection -> advanced -> advaned config -> adapter and binding -> here you can change the network service order.

hope it is helpful.

I use chinese version,

sorry for my bad english.

best regards,

lxh

# November 29, 2009 12:55 AM

yoke88 said:

how did you setup your test environment? i uses there dns servers in the list ,but it just try once

# December 5, 2009 8:33 PM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker