Why is this computer using secondary dns server instead of primary?

Ingram87

1285 pts.

Tags:

DNS

DNS server

Microsoft Windows XP

OpenDNS

I have a company that is using OpenDNS to filter ceartain web sites. The way I beleive it works is you set the workstations to use a OpenDNS servers. If you no longer wish for them to use OpenDNS filtering, then you use a different DNS server, such as 4.2.2.1.

Our domain controller has forwarders setup with only OpenDNS servers. So if I set a computer's primary dns server to 4.2.2.1 with no secondary server, then OpenDNS does not effect this computer. If i set the primary dns server to 4.2.2.1, and the secondary dns server to 192.168.1.200 (our DC, this way all internet traffic will use the primary dns server, and local stuff will fall back to the secondary dns server), then OpenDNS blocks stuff. This means that it's not using the primary dns server. Does anybody know why this is?

Software/Hardware used:
XP, Opendns

Asked: March 31, 2011 10:13 PM Last updated: April 13, 2011 11:38 AM

Answer Wiki

Last updated: March 31, 2011 11:05 PM GMT

KFaganJr1,355 pts.
History
Contributors
- Ordered by most recent
- KFaganJr1,355 pts.

Thanks. We'll let you know when a new response is added.

Specific to your question, I believe 4.2.2.1 is OpenDNS as well. You can try 8.8.8.8 which is Google’s public DNS to see how it works.

Beyond answering the actual question of why would that be, a better practice for this is to have your clients pointing to your internal DNS server which will use a forwarder to 4.2.2.2 or 8.8.8.8 whichever you choose. It prevents you having to manually set all of them plus you probably don’t want them to bypass the OpenDNS block.

For specific workstations that do need to work around the blocks, use 8.8.8.8 and yours as the secondary. You may need to run flushdns to have it work properly.

Discuss This Question: 4 Replies

Ingram87 Apr 1, 2011 2:34 AM GMT

My clients are pointing to the internal dns server, and there are forwarders setup on it using OpenDNS servers. That part works fine for everybody. The problem is for the people one workstation that shouldn't be using OpenDNS. 4.2.2.1 is not an OpenDNS server, it is a Verizon DNS server. And as I already said, If i set the workstations primary dns server to 4.2.2.1, OpenDNS does not effect it, but then I can not resolve names on the local network. So I set my internal DNS server (192.168.1.200) as the secondary dns server. With this setup, all internet names should be resolved by the primary dns server (4.2.2.1), and internal names would fail, then go to the secondary dns server (192.168.1.200). However, it's not doing this. When it's set like that, OpenDNS still blocks stuff, which means that the internet names aren't being resolved by the primary dns server, they are being resolved by the secondary dns server. I can't figure out why this is happening.

1,285 pointsBadges:

report
KFaganJr Apr 2, 2011 9:07 PM GMT

If you haven't already, I would try to set the DNS settings under the advanced TCP/IP settings instead of setting a primary and secondary in basic options. You may be getting to the secondary simply because it's less hops, where setting the DNS servers in order of use under advanced should only use the next server on the list if the first is unavailable or unable to resolve the request.

1,355 pointsBadges:

report
Koohiisan Apr 12, 2011 10:59 PM GMT

FYI, 4.2.2.x addresses are not related to OpenDNS. (see http://www.handcoding.com/archives/2005/04/15/alternate-dns-servers/)

5,045 pointsBadges:

report
Subhendu Sen Apr 13, 2011 11:38 AM GMT

Secondary dns servers are there mostly as backup for the primary, since most function on the Internet is so dependent on these servers being available. In most cases, it is not a good idea to have both a web server and a dns server on the same computer.

105,870 pointsBadges:

report