4

Four-site company using Windows Domain and DNS servers. Minimum of one DC/DNS server per site. One site is HQ and hosts most companywide servers and services. DNS records for Windows servers are allowed to register instead of static.

Critical servers are replicated hourly to datacenter failover (fifth site) site using Veeam. When testing failover we are noticing longer than ideal wait times for DNS records to resolve to "new" datacenter IPs if no flush is performed. Please note there's a DC running in the DC environment always.

To allow for quicker updates in the case of a failover, I have changed TTLs for A records for the replicated servers from the default of 20 minutes to 10. When researching SOA record TTL settings I am becoming confused. Does the SOA "Minimum (default) TTL" (image below) control how long clients will cache bad or unreachable records? What is the difference between "Minimum (default) TTL" and "TTL for this record"?

screenshot showing Windows DNS SOA record advanced properties

Tedwin
  • 559
  • 3
  • 14
  • If I was able to help you, could you please mark my answer as accepted by clicking on `v` under the answer's score. Thank you – Sergey Nudnov May 21 '19 at 03:50

1 Answers1

0

Does the SOA "Minimum (default) TTL" control how long clients will cache bad or unreachable records?

Yes

What is the difference between "Minimum (default) TTL" and "TTL for this record"?

  • Minimum TTL This will be minimum and default TTL of the records in the Zone.
  • TTL for this record This will be the TTL for SOA record.

Your DNS works in AD environment. Review this article for better understanding how to regulate TTL limits in AD:

The default values for the two configurable TTL parameters will be as follows:

  • Default TTL value = 86400 seconds (1 day)
  • Minimum TTL value = 900 seconds (15 minutes)

The configurable TTL parameters will be stored as AVA (attribute value assertion) entries of the form "=" in the attribute ms-DS-Other-Settings of the NTDS-Service object given by the following DN in the Configuration partition:

CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=...

The exact AVA syntax, for the two configurable TTL parameters, is as follows where NNNN is expressed in seconds:

DynamicObjectDefaultTTLSeconds=NNNN
DynamicObjectMinTTLSeconds=NNNN

These values can be set by an administrator through the command-line utility ntdsutil.

Sergey Nudnov
  • 863
  • 6
  • 12