PSS is already on the case. I will report back once the fix (hopefully!) has been identified.
Cheers so far David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: 24 Jul 2006 19:13 To: [email protected] Subject: RE: [ActiveDir] DNS Issue This is similar to the problem that we had seen before with caching and TTLs and I believe may be addressed by this fix: http://support.microsoft.com/kb/903720/en-us. You could confirm it by disabling the cache but your performance will suffer. It has been a while since I actually looked at this type of failure but I believe we worked around the issue temporarily by using stub zones. Since it looks like a possible issue with caching and TTL I would consider opening a case with Product Support Services (PSS) to get to the bottom of it. Thanks, -Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David Sent: Monday, July 24, 2006 10:44 AM To: [email protected] Subject: RE: [ActiveDir] DNS Issue Hi Steve Interesting findings. Firstly, yes I am clearing the DNS Cache and not doing ipconfig /flushdns on the DC. I have shown the d2 output below but also see the following: 1. Clear the DNS cache on DC 2. Submit query for server1.nyc.test.com - success 3. Explicitly delete the record for above host from the cache leaving the nyc parent folder in cache. 4. Submit query for server1.nyc.test.com - fail 5. Delete nyc parent folder 6. Submit query for server1.nyc.test.com - success So what I think is happening is when the TTL for the cached record expires it gets deleted (as per the manual deletion above) then subsequent queries fail. Note that the DNS server for test.com are QIP based - may have a bearing? > server1.nyc.test.com Server: dns1.int.mycorp.com Address: x.x.x.x ------------ SendRequest(), len 62 HEADER: opcode = QUERY, id = 15, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN ------------ ------------ Got answer (135 bytes): HEADER: opcode = QUERY, id = 15, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> int.mycorp.com type = SOA, class = IN, dlen = 47 ttl = 3600 (1 hour) primary name server = dns1.int.mycorp.com responsible mail addr = hostmaster.int.mycorp.com serial = 54966 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) ------------ ------------ SendRequest(), len 55 HEADER: opcode = QUERY, id = 16, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN ------------ ------------ Got answer (118 bytes): HEADER: opcode = QUERY, id = 16, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> mycorp.com type = SOA, class = IN, dlen = 44 ttl = 86400 (1 day) primary name server = name.int.com responsible mail addr = postmaster.int.com serial = 2006072002 refresh = 1800 (30 mins) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day) ------------ ------------ SendRequest(), len 47 HEADER: opcode = QUERY, id = 17, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN ------------ ------------ Got answer (47 bytes): HEADER: opcode = QUERY, id = 17, rcode = SERVFAIL header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN ------------ *** dns1.int.mycorp.com can't find server1.nyc.test.com: Server failed > -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: 24 Jul 2006 3:58 To: [email protected]; [email protected] Subject: RE: [ActiveDir] DNS Issue David, A few more questions. When you state you cleared the cache I want to insure this meant clearing the Cache on the DNS Server not the client resolver cache. Also if you open the DNS snap-in in advanced mode and look in the cache do you see a record for nyc.test.com and if so can you provide a screenshot of the entry from the DNS MMC? Finally can you go the DNS server open a cmd prompt and launch nslookup. Type "set d2" without the quotes so that you get additional debug output and then type in nyc.test.com and post the output. Why am I asking all of these questions? Well we had a few issues where the DNS servers cache may not correctly cache entries causing the behavior that you are seeing. Sometimes even though you clear the cache if the record is looked up frequently then even clearing the cache will not resolve the issue long enough to see it corrected. I thought that all of these had been addressed by the build that you are running however the output from the above tests should let us see what is going on. Thanks, -Steve ________________________________ ************************************************************************ **** This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. ************************************************************************ **** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
