having to clear DNS cache frequently

M

Mark

Hello

My clients all point to my DNS server for resolution. Periodically one
particular URL will fail to resolve on their PCs. If I clear the DNS
server cache, resolution works for another 5 days or so. Any idea
what's going on and whether or not I should setup some automated cache
clearing task?

Thanks
Mark
 
G

Guest

It sounds to me like that the specific URL isn't alway available and and then
a negative cache entry is made in the DNS server cache. You could schedule
the following command "dnscmd ServerName /clearcache" to run every 5 days....
 
K

Kevin D. Goodknecht Sr. [MVP]

Mark said:
Hello

My clients all point to my DNS server for resolution. Periodically
one particular URL will fail to resolve on their PCs. If I clear the
DNS server cache, resolution works for another 5 days or so. Any idea
what's going on and whether or not I should setup some automated cache
clearing task?
Click to expand...

Have you changed the maximum cache TTL?
This is strange behavior in the fact that the default Maximum Cache TTL in
Windows 2000 is 1 day.
813964 - Description of DNS registry entries in Windows 2000 Server, part 2
of 3: http://support.microsoft.com/default.aspx?kbid=813964


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
M

Mark

Thanks to all for the information.

What value do you recommend the maxcachettl be set to? I have not
played with it, although if the default is 1 day it seems like the
problem would have cleared after a day. Before I discovered clearing
the cache would restore the URL, the problem went on for at least 3
days with no change.

I also noticed a maxnegativecachettl entry. I set that to 0 to disable
negative cacheing. Maybe a bad record was being cached then sitting
there causing problems. That also defaults to 1 day though, so same
things as above: after 3 days it should have cleared up.

Mark
 
K

Kevin D. Goodknecht Sr. [MVP]

Mark said:
Thanks to all for the information.

What value do you recommend the maxcachettl be set to? I have not
played with it, although if the default is 1 day it seems like the
problem would have cleared after a day. Before I discovered clearing
the cache would restore the URL, the problem went on for at least 3
days with no change.

I also noticed a maxnegativecachettl entry. I set that to 0 to
disable negative cacheing. Maybe a bad record was being cached then
sitting there causing problems. That also defaults to 1 day though,
so same things as above: after 3 days it should have cleared up.
Click to expand...

One particular URL?
What is the URL?
Are you using a forwarder?
What is the forwarder's IP address?


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
M

Mark

Kevin - I don't use a forwarder, just root hints. I've never known why
I should specify a forwarder since the root hints work, but maybe
that's not a good practice.

The specific URL I see this problem with is: www.ncmb.uscourts.gov

My users haven't reported trouble with any other URLs.


Mark
 
M

Mark

Mark said:
Kevin - I don't use a forwarder, just root hints. I've never known why
I should specify a forwarder since the root hints work, but maybe
that's not a good practice.

The specific URL I see this problem with is: www.ncmb.uscourts.gov

My users haven't reported trouble with any other URLs.


Mark
Click to expand...


Correction - it seems to be more than one uscourts.gov address causing
trouble.
Mark
 
K

Kevin D. Goodknecht Sr. [MVP]

Mark said:
Kevin - I don't use a forwarder, just root hints. I've never known
why I should specify a forwarder since the root hints work, but maybe
that's not a good practice.
Click to expand...

Actually, using root hints only or use a delegated root zone, which is my
preferred practice. You can download a delegated root zone from Internic.
294906 - How to Delegate All Internet Top-Level Domains on an Internal Root
DNS Server: http://support.microsoft.com/default.aspx?scid=kb;en-us;294906
The specific URL I see this problem with is: www.ncmb.uscourts.gov
Click to expand...

I don't see a problem that would cause an issue with this domain, all TTLs
and NS records and parent domains appear to be in line with RFCs. Verify
that secure cache against pollution is selected on the Advanced tab.
If the domain stops resolving again, you might use the DNS management
console to visually check that domain in the cache to make sure any cached
NS & SOA records are valid for the domain.
If you are using Root Hints, your Root Hints file may be corrupted or it may
have been hijacked. Check the Root Hints tab to see if only valid Root
Servers are listed and are resolved to correct IPs.

I prefer using a Delegated Root zone because if properly set up, they are
extremely difficult to hijack because only Authoritative DNS servers are
used for all resolution. Just make sure your firewall allows the Root Server
to make iterative queries, some firewalls will redirect all connections on
port 53 UDP and TCP to another DNS server, making iterative queries
impossible.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Clearing DNS Cache frequently 3
Disable DNS Cache 4
DNS cache corruption 4
DNS Cache broken? 2
DNS and Primary/Secondary Zones Resolution 1
How to setup DNS 1
DNS Resolve issues 19
Cmd: ipconfig /flushdns fails to clear/flush DNS Cache in Vista 64-bit 5

Top