I've set up my own DNS server (Bind9) on a Pine64 running Ubuntu. On my Windows 10 computer, I've added the IP-address of my DNS to the top of the DNS server addresses in the Advanced TCP/IP Settings. The "real" DNS-servers provided by my ISP have also been added with lower priority, intended as fallbacks (see screenshot).
As long as my own DNS is responding, everything is working perfectly with this configuration.
However, if I pull the plug on my own DNS-server, Windows is unable to resolve names. Doing a nslookup results in DNS request timeouts.
According to Microsoft's documentation, if the first DNS doesn't work, it should try the next one in the list:
In most cases, the client computer contacts and uses its preferred DNS
server, which is the first DNS server on its locally configured list.
Listed alternate DNS servers are contacted and used when the preferred
server is not available.
My question is why don't Windows use the seconds DNS when the first one fails?
In this case, I expected the second DNS (83.255.229.23) to successfully respond, but it is not even issued a request.
Update / Solved:
Thanks to Zoredache's answer, I figured out that my DNS list (in Windows) was incorrect. The DNS servers from the screenshots are named "ns1.comhem.se" and belong to my ISP. However, apparently they can't be used directly:
Resolve-DnsName -DnsOnly -Name ubuntu.com -Server 83.255.229.23
Resolve-DnsName : ubuntu.com : DNS operation refused
At line:1 char:1
+ Resolve-DnsName -DnsOnly -Name ubuntu.com -Server 83.255.229.23
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (ubuntu.com:String) [Resolve-DnsName], Win32Exception
+ FullyQualifiedErrorId : RCODE_REFUSED,Microsoft.DnsClient.Commands.ResolveDnsName
I took a look at what DNSes my router got from my ISP, and they turned out to be named "anyresolver1.comhem.se" (IP 83.255.255.1). When I put them in the list instead, everything worked exactly as expected!
Well, nearly everything. As noted in the comments below, nslookup still doesn't work:
nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 192.168.0.18
> set d2
> ubuntu.com
Server: UnKnown
Address: 192.168.0.18
------------
SendRequest(), len 33
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
ubuntu.com.home, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 33
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
ubuntu.com.home, type = AAAA, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 28
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
ubuntu.com, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 28
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
ubuntu.com, type = AAAA, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to UnKnown timed-out
>
But browsing the Internet and resolving names does work:
Resolve-DnsName -DnsOnly -Name ubuntu.com
Name Type TTL Section IPAddress
---- ---- --- ------- ---------
ubuntu.com A 600 Answer 91.189.94.40
To sum it up: Use the correct DNS settings! (:
Best Answer
The nslookup command is not always the most useful tool to test how the client resolve things. While the nslookup command will connect to one of the DNS servers configured for that client, it will not automatically fail over. Unlike the built in Windows resolver.
If you are on a recent version of Windows you should open up powershell and use the commandlet
Resolve-DnsNameinstead to resolve names using the standard windows APIs.