Hi Steve
Interesting findings. Firstly, yes I am clearing the DNS Cache and not
doing ipconfig /flushdns on the DC.
I have shown the d2 output below but also see the following:
1. Clear the DNS cache on DC
2. Submit query for server1.nyc.test.com - success
3. Explicitly delete the record for above host from the cache leaving
the nyc parent folder in cache.
4. Submit query for server1.nyc.test.com - fail
5. Delete nyc parent folder
6. Submit query for server1.nyc.test.com - success
So what I think is happening is when the TTL for the cached record
expires it gets deleted (as per the manual deletion above) then
subsequent queries fail.
Note that the DNS server for test.com are QIP based - may have a
bearing?
> server1.nyc.test.com
Server: dns1.int.mycorp.com
Address: x.x.x.x
------------
SendRequest(), len 62
HEADER:
opcode = QUERY, id = 15, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
server1.nyc.test.com.int.mycorp.com, type = A, class = IN
------------
------------
Got answer (135 bytes):
HEADER:
opcode = QUERY, id = 15, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 1, additional
= 0
QUESTIONS:
server1.nyc.test.com.int.mycorp.com, type = A, class = IN
AUTHORITY RECORDS:
-> int.mycorp.com
type = SOA, class = IN, dlen = 47
ttl = 3600 (1 hour)
primary name server = dns1.int.mycorp.com
responsible mail addr = hostmaster.int.mycorp.com
serial = 54966
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
SendRequest(), len 55
HEADER:
opcode = QUERY, id = 16, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
server1.nyc.test.com.mycorp.com, type = A, class = IN
------------
------------
Got answer (118 bytes):
HEADER:
opcode = QUERY, id = 16, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 1, additional
= 0
QUESTIONS:
server1.nyc.test.com.mycorp.com, type = A, class = IN
AUTHORITY RECORDS:
-> mycorp.com
type = SOA, class = IN, dlen = 44
ttl = 86400 (1 day)
primary name server = name.int.com
responsible mail addr = postmaster.int.com
serial = 2006072002
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
------------
------------
SendRequest(), len 47
HEADER:
opcode = QUERY, id = 17, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
server1.nyc.test.com, type = A, class = IN
------------
------------
Got answer (47 bytes):
HEADER:
opcode = QUERY, id = 17, rcode = SERVFAIL
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
server1.nyc.test.com, type = A, class = IN
------------
*** dns1.int.mycorp.com can't find server1.nyc.test.com: Server
failed
>
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan
Sent: 24 Jul 2006 3:58
To: [email protected]; [email protected]
Subject: RE: [ActiveDir] DNS Issue
David,
A few more questions. When you state you cleared the cache I want to
insure this meant clearing the Cache on the DNS Server not the client
resolver cache. Also if you open the DNS snap-in in advanced mode and
look in the cache do you see a record for nyc.test.com and if so can you
provide a screenshot of the entry from the DNS MMC? Finally can you go
the DNS server open a cmd prompt and launch nslookup. Type "set d2"
without the quotes so that you get additional debug output and then type
in nyc.test.com and post the output. Why am I asking all of these
questions? Well we had a few issues where the DNS servers cache may not
correctly cache entries causing the behavior that you are seeing.
Sometimes even though you clear the cache if the record is looked up
frequently then even clearing the cache will not resolve the issue long
enough to see it corrected. I thought that all of these had been
addressed by the build that you are running however the output from the
above tests should let us see what is going on.
Thanks,
-Steve
________________________________
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
