DNS Client Resolver Behavior

The following question comes up from time to time and for various reasons. What is the expected name resolution behavior of the DNS client resolver on Windows XP or Windows Vista? This may be for a single or for multiple network interfaces. So I thought I would put together a brief overview of what you would see on the network for DNS name resolution for different interface configurations. I am including network captures of three different scenarios that illustrate the expected behavior. This is just a quick overview; there is additional documentation available that covers how the ordering of the Preferred and Alternate DNS servers can change per interface, so I am not going to cover that here.

Scenario 1

A single network interface with a Preferred and Alternate DNS configured.
Preferred – 192.168.0.10
Alternate – 192.168.0.100

image

From the capture you will see the following behavior:

  1. Send a DNS query to the Preferred DNS server.
  2. If there is no response within 1 second then send a DNS query to the Alternate DNS server.
  3. If there is no response within 1 second send a DNS query again to the Preferred DNS server.
  4. If there is no response within 2 seconds send a DNS query to both the Preferred and Alternate DNS servers.
  5. If there is no response within 4 seconds again send a DNS query to both the Preferred and Alternate DNS servers.
  6. If there is still no response after 7 seconds, the process times out.

Notice that the whole process takes about 15 seconds.

Scenario 2

Two network interfaces each with a Preferred and Alternate DNS server configured.
Interface 1:
Preferred DNS server – 192.168.0.10
Alternate DNS server – 192.168.0.100

Interface 2:
Preferred DNS server – 10.10.10.10
Alternate DNS server – 10.10.10.11

image

From the capture you will see the following behavior:

  1. Send a DNS query to the Preferred DNS server.
  2. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 2 and the Alternate DNS server on Interface 1.
  3. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 1 and the Alternate DNS server on Interface 2.
  4. If there is no response within 2 seconds send a DNS query to ALL DNS servers.
  5. If there is no response within 4 seconds again send a DNS query to ALL DNS servers.
  6. If there is still no response after 7 seconds the process times out.

Again, notice that the whole process takes about 15 seconds.

Confused yet? If so, maybe this table will help simplify things. Let’s say we have two interfaces, each with two DNS servers configured. The interfaces are numbered 1 and 2 and the DNS servers are A, B, C, and D.

Interface / DNS Server 1 DNS A,B 2 DNS C,D
1st Query A  
2nd Query B C
3rd Query A D
4th Query A, B C, D
5th Query A, B C, D

Scenario 3

Just for fun, let’s see what happens if you add additional DNS servers to the first interface.
Interface 1:
Preferred DNS server – 192.168.0.10
Alternate DNS server – 192.168.0.100
Additional DNS server – 192.168.0.200
Additional DNS server – 192.168.0.250

Interface 2:
Preferred DNS server – 10.10.10.10
Alternate DNS server – 10.10.10.11

image

From the capture you will see the following behavior:

  1. Send a DNS query to the Preferred DNS server.
  2. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 2 and the Alternate DNS server on Interface 1.
  3. If there is no response within 1 second then send a DNS query to the Preferred DNS server on Interface 1 and the Alternate DNS server on Interface 2.
  4. If there is no response within 2 seconds send a DNS query to ALL DNS servers.
  5. If there is no response within 4 seconds again send a DNS query to ALL DNS servers.
  6. If there is still no response after 7 seconds the process times out.

This is the same behavior as Scenario 2, we just have more DNS servers.

 

Interface / DNS Server 1 DNS A,B, C, D 2 DNS E,F
1st Query A  
2nd Query B E
3rd Query C F
4th Query A, B, C, D E, F
5th Query A, B, C, D E, F

Notice that there are still only 5 queries and the whole process still takes about 15 seconds. It is not likely that many people would run into this particular scenario, but it is interesting to see how things behave.

Hope that helps clear up any questions.

– Clark Satter