When a DNS server is looking up an IP address for a client, and it receives a list of multiple DNS servers to query, how does it choose one? Similarly, when a DNS client receives a list of multiple IP addresses for a FQDN, how does it choose one? Is it implementation specific, or is covered in an RFC?
How do DNS clients choose an IP address when they get multiple answers
domain-name-system
Related Solutions
If I'm not mistaken, it's determined by the NIC binding order in the Advanced Settings in the network connections folder. You can verify it by changing the binding order of the various NIC's and running nslookup as a test.
To expand on my answer, citing the article that Evan linked, here is an excerpt from said article:
The DNS Client service queries the DNS servers in the following order:
The DNS Client service sends the name query to the first DNS server on the preferred adapter’s list of DNS servers and waits one second for a response.
If the DNS Client service does not receive a response from the first DNS server within one second, it sends the name query to the first DNS servers on all adapters that are still under consideration and waits two seconds for a response.
If the DNS Client service does not receive a response from any DNS server within two seconds, the DNS Client service sends the query to all DNS servers on all adapters that are still under consideration and waits another two seconds for a response.
If the DNS Client service still does not receive a response from any DNS server, it sends the name query to all DNS servers on all adapters that are still under consideration and waits four seconds for a response.
If it the DNS Client service does not receive a response from any DNS server, the DNS client sends the query to all DNS servers on all adapters that are still under consideration and waits eight seconds for a response.
The preferred adapter in step 1 being the adapter that's listed first in the binding order.
I can't create the zone superwebsite.mycorp.com inside the intranet: this would cause the AD DNS server to consider itself authoritative and ignore the real authoritative server outside of the intranet.
You can, and that's the only way you're going to get what you want. I've had similar setups in the past, and as dirty as doing this will make you feel, I've never had issues doing it.
The key is to create a zone whose name matches the FQDN, superwebsite.mycorp.com, not for mycorp.com as a whole. Then create a new A record in the zone with the relevant IP.
The only time this will present a problem is:
- When the IP changes, you must remember to update it internally.
- If you ever use 4th level names, i.e. something.superwebsite.mycorp.com, you also need to maintain these both in the Internet DNS and the internal DNS.
Best Answer
A DNS server resolving a query, may prioritize the order in which it uses the listed servers based on historical response time data (RFC1035 section 7.2). It may also prioritize by closer sub-net (I have seen this in RFC but don't recall which). If no history or sub-net priority is available, it may choose by random, or simply pick the first one. I have seen DNS server implementations doing various combinations of above.
A client program picking an IP address from a list (of A/AAAA-records) will generally try the addresses in the order they where returned by the DNS server (round robin). If the client cannot connect to the first IP address returned, it should try the second and so on. For example all major browsers do this, however many other Internet client programs "forget" this step and fail if they cannot connect to the first IP address.