Closed malix0 closed 5 years ago
Thanks for the feedback. What you are seeing here is cached entry for failure record (negative caching). That is the DNS server found that "proxy.eng.it" domain does not exists and it has cached this result so that the DNS server does not need to check with the "eng.it" name servers frequently.
You can check that the domain is indeed non existent with this tool: https://dnsclient.net/#Recursive%20Query%20(recursive-resolver)/proxy.eng.it/A/UDP
The authoritative server returns SOA record in response for that query with "Minimum": 86400. This minimum value is in seconds and is used to cache the failure record (negative caching).
If this is your internal DNS server then you need to create a stub zone in Technitium DNS Server so that the internal server is queried for that domain name. Check the help topics for conditional forwarding to create this stub zone.
Hi,
thank you for your prompt reply. I forget to mention that I configured my internal DNS ip as Forwarders in Settings. I confirm that the cached record lose ip addres when it expire and the PC is not connected to the network. I tested it sending PC to sleep 2 minutes before the record expired and turned it on after it was expired, and then the ip address was lost. If PC is connected to network the record expire ad the ip is renewed, otherwise when the PC is diconnected and the cached entry expire, the ip is lost and it will never renew until it is deleted from cache.
Thanks for the details. Do you have your internal DNS set as the only forwarder or do you have another forwarder too configured with the internal one?
I would suggest you to try using the built in DNS Client tool to directly query your internal server in between to see if there is any inconsistency.
You can also test this with some other domain name not hosted on the internal DNS and see if you can find same pattern.
If the DNS server receives NameError in response then it will overwrite any valid IP address in cache with negative cache entry with 24hr expiry as per the SOA minimum value and it wont refresh the cache till the negative entry expires. This is the only way you could lose IP address since the record you showed in screenshot with empty "rData" only occurs for negative cache entries.
Also, all the cached entries are kept for 7 days even after they expire for serve-stale feature. This feature will use expired cache entries to respond to queries in case the server is unable to connect with authoritative name servers or forwarders due to any reason.
I have another forwarder 8.8.8.8, otherwise when I'm outside the local network I can't resolve internet domains. I will try your suggestion and let you know
Well, that is the issue with forwarder configuration. When the DNS Server queries 8.8.8.8, it gets a response that says the domain is non existent and so the cache is entry is overwritten with negative cache.
Just set the forwarder to 8.8.8.8 and for the DNS server to be able to resolve internal domain names, you need to create stub zones for conditional forwarding in the DNS server like I had mentioned earlier.
Hi, I try to resolve proxy.eng.it using the built in DNS Client tool from 3 servers: "This Server", "Recursive Query" and "Google (8.8.8.8)", the results are shown below
"This Server" { "Metadata": { "NameServer": "masfidanw:53 (127.0.0.1:53)", "Protocol": "Udp", "DatagramSize": "46 bytes", "RoundTripTime": "1 ms" }, "Header": { "Identifier": 54329, "IsResponse": true, "OPCODE": "StandardQuery", "AuthoritativeAnswer": false, "Truncation": false, "RecursionDesired": true, "RecursionAvailable": true, "Z": 0, "AuthenticData": false, "CheckingDisabled": false, "RCODE": "NoError", "QDCOUNT": 1, "ANCOUNT": 1, "NSCOUNT": 0, "ARCOUNT": 0 }, "Question": [ { "Name": "proxy.eng.it", "Type": "A", "Class": "IN" } ], "Answer": [ { "Name": "proxy.eng.it", "Type": "A", "Class": "IN", "TTL": "461 (7 mins 41 sec)", "RDLENGTH": "4 bytes", "RDATA": { "IPAddress": "192.168.10.1" } } ], "Authority": [], "Additional": [] }
"Recursive Query" { "Metadata": { "NameServer": "dns2.fastweb.it:53 (213.140.2.21:53)", "Protocol": "Udp", "DatagramSize": "81 bytes", "RoundTripTime": "33,05 ms" }, "Header": { "Identifier": 8438, "IsResponse": true, "OPCODE": "StandardQuery", "AuthoritativeAnswer": true, "Truncation": false, "RecursionDesired": false, "RecursionAvailable": true, "Z": 0, "AuthenticData": false, "CheckingDisabled": false, "RCODE": "NameError", "QDCOUNT": 1, "ANCOUNT": 0, "NSCOUNT": 1, "ARCOUNT": 0 }, "Question": [ { "Name": "proxy.eng.it", "Type": "A", "Class": "IN" } ], "Answer": [], "Authority": [ { "Name": "eng.it", "Type": "SOA", "Class": "IN", "TTL": "3600 (1 hour)", "RDLENGTH": "39 bytes", "RDATA": { "MasterNameServer": "dns.eng.it", "ResponsiblePerson": "postmaster.eng.it", "Serial": 2019072600, "Refresh": 3600, "Retry": 1800, "Expire": 2419200, "Minimum": 86400 } } ], "Additional": [] }
"Google (8.8.8.8)" { "Metadata": { "NameServer": "dns.google:53 (8.8.8.8:53)", "Protocol": "Udp", "DatagramSize": "81 bytes", "RoundTripTime": "21,77 ms" }, "Header": { "Identifier": 38006, "IsResponse": true, "OPCODE": "StandardQuery", "AuthoritativeAnswer": false, "Truncation": false, "RecursionDesired": true, "RecursionAvailable": true, "Z": 0, "AuthenticData": false, "CheckingDisabled": false, "RCODE": "NameError", "QDCOUNT": 1, "ANCOUNT": 0, "NSCOUNT": 1, "ARCOUNT": 0 }, "Question": [ { "Name": "proxy.eng.it", "Type": "A", "Class": "IN" } ], "Answer": [], "Authority": [ { "Name": "eng.it", "Type": "SOA", "Class": "IN", "TTL": "1666 (27 mins 46 sec)", "RDLENGTH": "39 bytes", "RDATA": { "MasterNameServer": "dns.eng.it", "ResponsiblePerson": "postmaster.eng.it", "Serial": 2019072600, "Refresh": 3600, "Retry": 1800, "Expire": 2419200, "Minimum": 86400 } } ], "Additional": [] }
Thanks for the details. The issue is just caused just by having your internal DNS set as forwarder with Google DNS. Removing the internal DNS from forwarders list will fix it.
I tried to remove the local DNS from the forwarders, but in this way I can't resolve the internal addresses anymore
I tried to remove the local DNS from the forwarders, but in this way I can't resolve the internal addresses anymore
You need to use conditional forwarding feature to resolve internal domain names. You cannot use forwarder setting to do it. See this link to know how to do conditional forwarding: https://technitium.com/dns/help.html#conditional-forwarding
@malix0 were you able to get it configured correctly?
closing this issue since its misconfiguration.
Hi,
as you can see from attached image, the chached entry lost ip address. I don't know exactly when it happens but randomly my browser (this is the address of our internal proxy) gave me page not found error, then I need to delete the cached entry. I suspect this happens when the record expires and the PC is not connected to the network, but I'm not shure.