DNS Update Issue
-
The test should be...
- Flush DNS before the test
- nslookup X
- Do #2 several times.
- Kill the DNS server used in steps 2 & 3
- nslookup X
- Do #5 several times
- Restore DNS server from steps 2 & 3
- nslookup X
- Do #8 several times.
That's the test. Any pings tell us nothing, any flushes corrupt the test and mean none of the results are useful or valid.
-
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
-
Results will be different from a member and a workgroup computer?
-
@black3dynamite said in DNS Update Issue:
Results will be different from a member and a workgroup computer?
Will they? How does Window's DNS usage change based on that?
-
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
-
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
So I will have to flush the local DNS cach (only in the beginning), and PING hosts that are not yet cached locally to get the client to perform DNS lookups.
-
Confirmed:
The NSLOOKUP tool only uses the primary DNS server, period, unless you specify otherwise manually. So, not a good tool for testing the scenario of this thread. All other apps use the secondary DNS server, but not NSLOOKUP. -
So, @scottalanmiller , back to using PING again, because it's the easiest way to get hte computer to make DNS requests. No flushdns is required after the initial ones if i"m using different and uncached hostnames to get the client to perform DNS lookups.
Edit: Nirsoft has a DNS lookup tool, I'll try that
-
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
That's seriously messed up. So nslookup is just broken? So there is no proper query mechanism to know what the machine would definitely see?
-
@Obsolesce said in DNS Update Issue:
So, @scottalanmiller , back to using PING again, because it's the easiest way to get hte computer to make DNS requests. No flushdns is required after the initial ones if i"m using different and uncached hostnames to get the client to perform DNS lookups.
Edit: Nirsoft has a DNS lookup tool, I'll try that
Okay, so if we avoid the cache, and check logs to see what ping is doing...
Did it behave the same, with an automatic failover and, more importantly, fail back?
-
This is how
nslookup
should work.. Thanks Windows..You can see here that my router's DHCP scope is set to give clients 10.254.103.4 and then 10.254.103.1
You can see that `nslookup used .4 immediately.
I then shutdown the Pi-Hole on .4
and tried the lookup again, without ever exiting
nslookup
.It used the secondary, with a small delay while the primary timed out.
-
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
That's seriously messed up. So nslookup is just broken? So there is no proper query mechanism to know what the machine would definitely see?
You would be correct. Windows is more stupid than we knew.
-
@JaredBusch said in DNS Update Issue:
This is how
nslookup
should work.. Thanks Windows..You can see here that my router's DHCP scope is set to give clients 10.254.103.4 and then 10.254.103.1
You can see that `nslookup used .4 immediately.
I then shutdown the Pi-Hole on .4
and tried the lookup again, without ever exiting
nslookup
.It used the secondary, with a small delay while the primary timed out.
Exactly, it should only stick with the primary if the primary is specified, that's what the specification is FOR. Otherwise, it doesn't give a real world query as is its purpose.
It's clearly skipping part of the stack that it is supposed to be testing.
-
@JaredBusch said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
I did not use the wrong tool. When you ping something by hostname, it WILL do a DNS lookup.
Only if it is not cached. As YOU pointed out. So you know this isn't true.
In this next test, I will ping stuff that is guaranteed not to be locally cached.
WHY are you still pinging? We've established it cannot be used for anything to do with this thread.
When you ping something by host name only, it performs a DNS lookup... contacting a DNS server to get the IP address of the target, so that it can ping.
STOP!!! WE ALL KNOW WHAT PINGING DOES.
What we don't understand is why you think repeating information no one has disputed changes the situation.
It looks like there is a flaw in Windows. Surprise surprise.
I cannot use NSLOOKUP if the primary DNS server is unreachable. However, DNS queries to the secondary DNS server DO work, but the NSLOOKUP tool does not.
So, to recap, when the primary DNS server is down, DNS works fine with the secondary DNS server. But for some reason, the NSLOOKUP tool on the test computer doesn't try to use the secondary DNS server, although everything else does.
That's seriously messed up. So nslookup is just broken? So there is no proper query mechanism to know what the machine would definitely see?
You would be correct. Windows is more stupid than we knew.
I, apparently, have been giving it way too much credit.
-
powered the Pi-Hole back on and look..
-
Going to get my daughter's Surface running Windows 10 to verify for everyone.
-
@scottalanmiller said in DNS Update Issue:
@Obsolesce said in DNS Update Issue:
So, @scottalanmiller , back to using PING again, because it's the easiest way to get hte computer to make DNS requests. No flushdns is required after the initial ones if i"m using different and uncached hostnames to get the client to perform DNS lookups.
Edit: Nirsoft has a DNS lookup tool, I'll try that
Okay, so if we avoid the cache, and check logs to see what ping is doing...
Did it behave the same, with an automatic failover and, more importantly, fail back?
I'll try it with ping instead of nirsoft DNSDataView. I have a feeling that program is way smarter than Windows ping and nslookup and will use whatever DNS server it can. So I'll only use it to verify the hostnames i ping arent' cached.
-
@JaredBusch I used a watch command with nslookup on Fedora, which is neat because it just... updates.
-
I opened the left powershell window and did the lookup.
shutdown the Pi-Hole and typed again.
Then I opened the second window.Just in case maybe nslookup opened after the DNS server was offline would work. Nope.Piss off Windows.
-
So pretty much we should also be using Linux to troubleshoot Windows too.