2

Occasionally I must add new DNS entries in AD DNS. The zone is the domain's zone, and the server which I use to add it is in the same subnet as the clients affected by this issue.

After adding the entry, clients cannot resolve the name. If I wait a sufficiently long enough time, I believe that they eventually do resolve, but we're talking at least a matter of hours...

When users run nslookup they can resolve the added name.

I usually advise users to do net stop dnscache and net start dnscache followed by ipconfig /flushdns. This typically does the trick. However, it is not a very good solution.

What can cause this delay when adding new DNS entries? I've ruled out server-server replication (same site, user DNS configured to that DC), but not much else.

tacos_tacos_tacos
  • 3,250
  • 18
  • 63
  • 100

1 Answers1

5

Keep in mind that DNS clients cache negative responses as well as positve ones. Maybe this accounts for some of the time you spend waiting on newly added records?

You can configure the negative caching time on your clients:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache\Parameters

NegativeCacheTime value (DWORD). The default data is 300 seconds. If you do not want negative responses to be cached at all, set the value of NegativeCacheTime to 0.

http://technet.microsoft.com/library/Cc959309

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • But suppose I had a client who never looked up `myrandomhostname.com` before, and after I add the entry on the DNS server the client is using, he/she still cannot resolve `myrandomhostname.com`. This seems to be the case for me ... doesn't negative response caching require that clients make some previous attempt to resolve the hostname? – tacos_tacos_tacos Feb 14 '13 at 16:18
  • Since you said restarting and flushing dns cache typically fixes it... I cannot see how this is not a problem with the client's dns cache. But it's possible that we're both missing something. – Ryan Ries Feb 14 '13 at 16:35
  • Yes, that was my thought as well... but I wanted to see if anyone might have experienced a similar issue from a poor Windows DNS configuration or network issue or something like that... – tacos_tacos_tacos Feb 15 '13 at 11:04