I need some info regarding Stub zones and how to control the time to live on
records cached entries in Windows 2003 DNS.

Here's my issue....We have 2 rather large zones in one of our domain
environments. Currently, there are secondary zone copies of these zones on
our two main DNS servers that are in a different domain environment. We
were thinking about removing the secondary zones and replacing them with
stub zones thinking that this would be more efficient to have DNS queries
get routed by the stub zones directly the primaries.

When we setup some test stub zones on our two DNS servers the first query
worked just great but after we changed the IP addresses of some of the
records are DNS queries kept showing the old address instead of the new.
What we discovered a bit later was that the DNS server was creating a cache
of the queried entries for that stub zone and that the cached entries were
of the old IP. It was my impression that a query for a stub zone record
would be sent to the primary zone and that the cache would not be checked
but it appears that I was wrong.

So...My problem is that we get requests all the time to change IP addresses
on devices and today, thru scripting, we update the primary zone and force a
secondary zone transfer to occur immediately so the secondary zones get
updated. With a stub zone there is nothing to update so I either need a
means of setting any record queried from that stub zone to have a VERY short
life when it gets placed into cache or I need some means of removing a
single record from Microsoft DNS's cache without having to flush the entire
cache. Can someone point me in the right direction in regard to this
problem?

Thanks,

Read inline please.

In news:(E-Mail Removed),
W C Hull <(E-Mail Removed)> typed:
> I need some info regarding Stub zones and how to control the time to
> live on records cached entries in Windows 2003 DNS.
>
> Here's my issue....We have 2 rather large zones in one of our domain
> environments. Currently, there are secondary zone copies of these
> zones on our two main DNS servers that are in a different domain
> environment. We were thinking about removing the secondary zones and
> replacing them with stub zones thinking that this would be more
> efficient to have DNS queries get routed by the stub zones directly
> the primaries.
>
> When we setup some test stub zones on our two DNS servers the first
> query worked just great but after we changed the IP addresses of some
> of the records are DNS queries kept showing the old address instead
> of the new. What we discovered a bit later was that the DNS server
> was creating a cache of the queried entries for that stub zone and
> that the cached entries were of the old IP. It was my impression
> that a query for a stub zone record would be sent to the primary zone
> and that the cache would not be checked but it appears that I was
> wrong.
>
> So...My problem is that we get requests all the time to change IP
> addresses on devices and today, thru scripting, we update the primary
> zone and force a secondary zone transfer to occur immediately so the
> secondary zones get updated. With a stub zone there is nothing to
> update so I either need a means of setting any record queried from
> that stub zone to have a VERY short life when it gets placed into
> cache or I need some means of removing a single record from Microsoft
> DNS's cache without having to flush the entire cache. Can someone
> point me in the right direction in regard to this problem?
>
> Thanks,

The TTL is taken from the TTL of the record in the authoritative zone, when
the server caches the record it starts counting down from this TTL (Maximum
default is 1 day) until the TTL reaches 0 when it is deleted.
If you need a lower TTL you have to set it on the Primary server when the
record is created. When you create a record and do not set its TTL, it will
get the Default TTL from the SOA record.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Kevin,

Thanks for the info but here is my need.....

You stated that:

The TTL is taken from the TTL of the record in the authoritative zone......

I suppose that I could somehow go in and adjust each TTL on every record but
that seems cumbersome. Is there a way in which you can set the TTL so that
when a new record is added to the zone it gets the default?

BH



"Kevin D. Goodknecht Sr. [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Read inline please.
>
> In news:(E-Mail Removed),
> W C Hull <(E-Mail Removed)> typed:
>> I need some info regarding Stub zones and how to control the time to
>> live on records cached entries in Windows 2003 DNS.
>>
>> Here's my issue....We have 2 rather large zones in one of our domain
>> environments. Currently, there are secondary zone copies of these
>> zones on our two main DNS servers that are in a different domain
>> environment. We were thinking about removing the secondary zones and
>> replacing them with stub zones thinking that this would be more
>> efficient to have DNS queries get routed by the stub zones directly
>> the primaries.
>>
>> When we setup some test stub zones on our two DNS servers the first
>> query worked just great but after we changed the IP addresses of some
>> of the records are DNS queries kept showing the old address instead
>> of the new. What we discovered a bit later was that the DNS server
>> was creating a cache of the queried entries for that stub zone and
>> that the cached entries were of the old IP. It was my impression
>> that a query for a stub zone record would be sent to the primary zone
>> and that the cache would not be checked but it appears that I was
>> wrong.
>>
>> So...My problem is that we get requests all the time to change IP
>> addresses on devices and today, thru scripting, we update the primary
>> zone and force a secondary zone transfer to occur immediately so the
>> secondary zones get updated. With a stub zone there is nothing to
>> update so I either need a means of setting any record queried from
>> that stub zone to have a VERY short life when it gets placed into
>> cache or I need some means of removing a single record from Microsoft
>> DNS's cache without having to flush the entire cache. Can someone
>> point me in the right direction in regard to this problem?
>>
>> Thanks,
>
> The TTL is taken from the TTL of the record in the authoritative zone,
> when
> the server caches the record it starts counting down from this TTL
> (Maximum
> default is 1 day) until the TTL reaches 0 when it is deleted.
> If you need a lower TTL you have to set it on the Primary server when the
> record is created. When you create a record and do not set its TTL, it
> will
> get the Default TTL from the SOA record.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

Read inline please.

In news:(E-Mail Removed),
W C Hull <(E-Mail Removed)> typed:
> Kevin,
>
> Thanks for the info but here is my need.....
>
> You stated that:
>
> The TTL is taken from the TTL of the record in the authoritative
> zone......
>
> I suppose that I could somehow go in and adjust each TTL on every
> record but that seems cumbersome. Is there a way in which you can
> set the TTL so that when a new record is added to the zone it gets
> the default?

That is what the Minimum (default) TTL setting on the SOA record is for, if
you set the default TTL to say 15 minutes, all new records get the default
15 minute TTL, by default. This TTL is also given to Negative responses.
Keep in mind, setting the Default TTL to a very low value, it greatly
increases the traffic between the caching and Authoritative servers. I
wouldn't go below 30 seconds in any case, if you set it to 0, the record can
expire before it is cached and can cause DNS errors.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================