Domain joined servers caching wrong records

[EHRETic]

Hi there,

On my journey to Technitium, I wanted to use my super DNS servers also for my Windows servers, but I got the following issue on some of them : they registered some records as followed and of course, no resolution was possible (no IP record):

Example : server mail-03.xxxxxx.local

[ { "name": "mail-03.xxxxxx.local", "type": "A", "ttl": "1790 (29 mins 50 sec)", "rData": { "dataType": "DnsSpecialCacheRecord", "data": "NxDomain, xxxxxx.local. SOA IN 3600 dc-03.xxxxxx.local. hostmaster.xxxxxx.local. 37394 900 600 86400 3600" } }, { "name": "mail-03.xxxxxx.local", "type": "AAAA", "ttl": "493 (8 mins 13 sec)", "rData": { "dataType": "DnsSpecialCacheRecord", "data": "NxDomain, xxxxxx.local. SOA IN 3600 dc-03.xxxxxx.local. hostmaster.xxxxxx.local. 37386 900 600 86400 3600" } } ]

I've have for xxxxxx.local domain a dual forwarder to my domain controllers, which hold all Windows joined records in their own DNS (configuration is here: https://github.com/TechnitiumSoftware/DnsServer/issues/189).

Apparently, the servers registered those themselves when I changed the DNS IP addresses (without reboot). Previous DNS settings were pointing them directly to Domain Controllers. I had a similar issue of a MS SQL server which was from one second to the other not available anymore.

Now I want to understand what happened and what are those records because of course, services were not available straight after the record update.

Any clue? 😉

PS : Technitium v7.1

[ShreyasZare]

Thanks for the post. Its just how the clients work when you have a domain name configured on Windows.

For example, lets say you have a .local domain configured. When you try nslookup google.com, its going to try google.com.local first and when it gets NXDOMAIN response that it will try for google.com.

The DNS server is going to cache all the negative responses in the cache so you will see all those .local domain names in the cache with a DnsSpecialCacheRecord record that contains the NXDOMAIN response.

[EHRETic]

Hi,

What would be the solution (if there is any now)?

If I understand the "problem" (behavior), a solution would be not to cache .local but I don't think it is possible for the moment, right? 😉

But it's probably a good thing for a new feature request no? 😁

[ShreyasZare]

What would be the solution (if there is any now)?

The solution is to just ignore it since its how its indented to work.

If I understand the "problem" (behavior), a solution would be not to cache .local but I don't think it is possible for the moment, right? 😉

But it's probably a good thing for a new feature request no? 😁

Negative caching feature cannot be turned off. It is actually an important feature that prevents the DNS server from trying to resolve queries for every request, optimizing the performance of the server.

[EHRETic]

I'll give it another try by changing one server after the other... maybe I wasn't patient enough but I got a little scared when one of my server didn't find it's SQL database anymore.

But for sure, I feel I miss some knowledge about DNS servers... if you have a good website for me to fill those holes, I'll be more than happy ! 😉

[ShreyasZare]

I'll give it another try by changing one server after the other... maybe I wasn't patient enough but I got a little scared when one of my server didn't find it's SQL database anymore.

That happens with everyone 😊

But for sure, I feel I miss some knowledge about DNS servers... if you have a good website for me to fill those holes, I'll be more than happy ! 😉

Check out this link. Lot of DNS stuff is not available and is only present in the RFCs that define it.

[EHRETic]

Check out this link. Lot of DNS stuff is not available and is only present in the RFCs that define it.

Thanks a lot (and try to enjoy your weekend) !