How do i determine what is the "active" dns servers in defacto use?
If I do nslookup windows actively connects to (a) specific dns-server(s).
My guess is that it is the nameserver(s) configured for the network interface with the current default gateway but that is a pretty vague way to put it.
What if I have several network interfaces configured, all up, all with different nameservers configured. How do windows determine which dns servers to query?
It is determined by your binding order, which is set here:
Control Panel>Network and Internet>Network Connections>Advanced>Advanced Settings
The DNS servers it uses will be from the highest connection in the binding order, and go down the list from there.
You can test this, but I have had to change this on numerous occasions to put the [Remote Access Connections] to the top so a Microsoft PPTP VPN would use the domain controller's DNS to resolve to the domain's internal DNS server.
If you have multiple interfaces with multiple DNS servers, then you aren't asking which dns server you will use. Technically, you are asking which interface you will use. That is determined by your routing table.
Reading the routing table is the key to learning how Windows, or any operating system, chooses an interface.
http://technet.microsoft.com/en-us/library/cc779122(WS.10).aspx
If you are familiar with TCP/IP, then reading the routing table is easy. If not, I'd suggest you hit up google. Basically, you take the Network Destination and subnet mask and walk down the list til you get your first match. Then send the packet on through.
Which DNS server Windows will use is determined by several things. But to keep things simple, it will always use the primary DNS server listed on the interface. Then it will go down the list.
I believe the answer may depend on the version of Windows.
You can configure a list of DNS name-servers for each network connection shown in Control-Panel/Network-Connections.
You can see from the above that, for statically configured name-servers, one DNS name-server is considered the preferred one and the other an alternate. From this we can infer that the preferred name-server will normally be used for all queries, only if the primary is unavailable would the secondary be used.
We could assume that a list of DNS-servers provided dynamically (e.g. by a DHCP server) would be treated in a similar manner.
It is possible that the operating system might mark a name-server as down if it persistently fails to respond. Otherwise it must regard all of them as active - assuming the corresponding network interface is active ("up").
If you want an empirical answer, use something like wireshark to capture just DNS traffic and to produce some statistics about servers used.
