Why is this computer using secondary dns server instead of primary?
I have a company that is using OpenDNS to filter ceartain web sites. The way I beleive it works is you set the workstations to use a OpenDNS servers. If you no longer wish for them to use OpenDNS filtering, then you use a different DNS server, such as 4.2.2.1.
Software/Hardware used:
XP, Opendns
Our domain controller has forwarders setup with only OpenDNS servers. So if I set a computer's primary dns server to 4.2.2.1 with no secondary server, then OpenDNS does not effect this computer. If i set the primary dns server to 4.2.2.1, and the secondary dns server to 192.168.1.200 (our DC, this way all internet traffic will use the primary dns server, and local stuff will fall back to the secondary dns server), then OpenDNS blocks stuff. This means that it's not using the primary dns server. Does anybody know why this is?
Software/Hardware used:
XP, Opendns
ASKED:
March 31, 2011 10:13 PM
UPDATED:
April 13, 2011 11:38 AM
Answer Wiki:
Specific to your question, I believe 4.2.2.1 is OpenDNS as well. You can try 8.8.8.8 which is Google's public DNS to see how it works.
Beyond answering the actual question of why would that be, a better practice for this is to have your clients pointing to your internal DNS server which will use a forwarder to 4.2.2.2 or 8.8.8.8 whichever you choose. It prevents you having to manually set all of them plus you probably don't want them to bypass the OpenDNS block.
For specific workstations that do need to work around the blocks, use 8.8.8.8 and yours as the secondary. You may need to run flushdns to have it work properly.
To see all answers submitted to the Answer Wiki: View Answer History.
My clients are pointing to the internal dns server, and there are forwarders setup on it using OpenDNS servers. That part works fine for everybody. The problem is for the people one workstation that shouldn’t be using OpenDNS.
4.2.2.1 is not an OpenDNS server, it is a Verizon DNS server. And as I already said, If i set the workstations primary dns server to 4.2.2.1, OpenDNS does not effect it, but then I can not resolve names on the local network. So I set my internal DNS server (192.168.1.200) as the secondary dns server. With this setup, all internet names should be resolved by the primary dns server (4.2.2.1), and internal names would fail, then go to the secondary dns server (192.168.1.200).
However, it’s not doing this. When it’s set like that, OpenDNS still blocks stuff, which means that the internet names aren’t being resolved by the primary dns server, they are being resolved by the secondary dns server. I can’t figure out why this is happening.
If you haven’t already, I would try to set the DNS settings under the advanced TCP/IP settings instead of setting a primary and secondary in basic options. You may be getting to the secondary simply because it’s less hops, where setting the DNS servers in order of use under advanced should only use the next server on the list if the first is unavailable or unable to resolve the request.
FYI, 4.2.2.x addresses are not related to OpenDNS. (see http://www.handcoding.com/archives/2005/04/15/alternate-dns-servers/)
Secondary dns servers are there mostly as backup for the primary, since most function on the Internet is so dependent on these servers being available. In most cases, it is not a good idea to have both a web server and a dns server on the same computer.