Cached entries and Stub zones

  • Thread starter Thread starter W C Hull
  • Start date Start date
W

W C Hull

I need some info regarding Stub zones and how to control the time to live on
records cached entries in Windows 2003 DNS.

Here's my issue....We have 2 rather large zones in one of our domain
environments. Currently, there are secondary zone copies of these zones on
our two main DNS servers that are in a different domain environment. We
were thinking about removing the secondary zones and replacing them with
stub zones thinking that this would be more efficient to have DNS queries
get routed by the stub zones directly the primaries.

When we setup some test stub zones on our two DNS servers the first query
worked just great but after we changed the IP addresses of some of the
records are DNS queries kept showing the old address instead of the new.
What we discovered a bit later was that the DNS server was creating a cache
of the queried entries for that stub zone and that the cached entries were
of the old IP. It was my impression that a query for a stub zone record
would be sent to the primary zone and that the cache would not be checked
but it appears that I was wrong.

So...My problem is that we get requests all the time to change IP addresses
on devices and today, thru scripting, we update the primary zone and force a
secondary zone transfer to occur immediately so the secondary zones get
updated. With a stub zone there is nothing to update so I either need a
means of setting any record queried from that stub zone to have a VERY short
life when it gets placed into cache or I need some means of removing a
single record from Microsoft DNS's cache without having to flush the entire
cache. Can someone point me in the right direction in regard to this
problem?

Thanks,
 
Read inline please.

In
W C Hull said:
I need some info regarding Stub zones and how to control the time to
live on records cached entries in Windows 2003 DNS.

Here's my issue....We have 2 rather large zones in one of our domain
environments. Currently, there are secondary zone copies of these
zones on our two main DNS servers that are in a different domain
environment. We were thinking about removing the secondary zones and
replacing them with stub zones thinking that this would be more
efficient to have DNS queries get routed by the stub zones directly
the primaries.

When we setup some test stub zones on our two DNS servers the first
query worked just great but after we changed the IP addresses of some
of the records are DNS queries kept showing the old address instead
of the new. What we discovered a bit later was that the DNS server
was creating a cache of the queried entries for that stub zone and
that the cached entries were of the old IP. It was my impression
that a query for a stub zone record would be sent to the primary zone
and that the cache would not be checked but it appears that I was
wrong.

So...My problem is that we get requests all the time to change IP
addresses on devices and today, thru scripting, we update the primary
zone and force a secondary zone transfer to occur immediately so the
secondary zones get updated. With a stub zone there is nothing to
update so I either need a means of setting any record queried from
that stub zone to have a VERY short life when it gets placed into
cache or I need some means of removing a single record from Microsoft
DNS's cache without having to flush the entire cache. Can someone
point me in the right direction in regard to this problem?

Thanks,
Click to expand...

The TTL is taken from the TTL of the record in the authoritative zone, when
the server caches the record it starts counting down from this TTL (Maximum
default is 1 day) until the TTL reaches 0 when it is deleted.
If you need a lower TTL you have to set it on the Primary server when the
record is created. When you create a record and do not set its TTL, it will
get the Default TTL from the SOA record.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
Kevin,

Thanks for the info but here is my need.....

You stated that:

The TTL is taken from the TTL of the record in the authoritative zone......

I suppose that I could somehow go in and adjust each TTL on every record but
that seems cumbersome. Is there a way in which you can set the TTL so that
when a new record is added to the zone it gets the default?

BH
 
Read inline please.

In
W C Hull said:
Kevin,

Thanks for the info but here is my need.....

You stated that:

The TTL is taken from the TTL of the record in the authoritative
zone......

I suppose that I could somehow go in and adjust each TTL on every
record but that seems cumbersome. Is there a way in which you can
set the TTL so that when a new record is added to the zone it gets
the default?
Click to expand...

That is what the Minimum (default) TTL setting on the SOA record is for, if
you set the default TTL to say 15 minutes, all new records get the default
15 minute TTL, by default. This TTL is also given to Negative responses.
Keep in mind, setting the Default TTL to a very low value, it greatly
increases the traffic between the caching and Authoritative servers. I
wouldn't go below 30 seconds in any case, if you set it to 0, the record can
expire before it is cached and can cause DNS errors.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
Back
Top