Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, November 1, 2013 5:00 PM
On Tuesday I registered a new domain name at NameCheap.com and on the same day I changed the NameServer settings at NameCheap to point to my webhost. Already that same day DNS was resolving to the correct server/IP. I was using OpenDNS on my computers and in my router.
Yesterday I setup and installed a new Windows Server 2012 R2 box and configured it as a domain controller and DNS Server on my network. I setup OpenDNS to be the DNS Forwarders. Using NSLookup on this server, I get an old/incorrect SOA record returned as well as old A records. I've ensured that the network adapter is configured to look at 127.0.0.1 as the DNS server for the server itself.
All of my tests online indicate that every ISP and DNS server out there is updated to the latest, correct records. I've used OpenDNS Cache Check, DNSStuff, and MXToolbox. Everything consistently returns correct and yet my server consistently returns incorrect results. Where can I start looking for the problem?
All replies (7)
Wednesday, November 13, 2013 2:11 AM ✅Answered
Hi,
The public DNS offen have the delay time when you change your DNS pointer, if you use your DNS server just turn off the higher level DNS server , in the enterprise environment that offen hard to troubleshooting when the issue occur.
Friday, November 1, 2013 6:15 PM
Perhaps network monitor would help you resolve the problem
Tuesday, November 5, 2013 6:24 AM
Hi,
“Using NSLookup on this server, I get an old/incorrect SOA record returned as well as old A records.”
Does the resolution result is your DC IP address? If yes, there must be the split brain DNS issue.
The similar thread:
Do I Need Split-Brain DNS?
The third party article:
Set up split-brain DNS with Active Directory integrated zones
Hope this helps.
Alex Lv
Tuesday, November 5, 2013 2:13 PM
No the resolution does not result in my DC IP address. It results in the IP address for the previous nameserver and A record.
The problem did clear later in the day that I posted this question. But I still haven't figured out what server(s) are at fault in caching these records for 3 to 4 days. All the settings I'm using should result in the newer, updated records. I tried using only root-hint servers and using Google DNS and OpenDNS both with and without Root Hint servers and the results always came back the same - old information. I cleared the DNS Server cache on the server as well as the DNS Client cache on the server multiple times and that never had any positive effect.
I could blame my router or my ISP's DNS servers, but I'm really not using either one for DNS. So it's a real mystery to me.
I was also going to mention that this is not the first time I've seen this. It seems somewhat likely to me that the problem might be in my router so next time I'm having this problem I'm going to look into that. I'm using a Linksys with DD-WRT firmware. Even though I said I'm not using it for DNS, I'm going to look into the possibility that that's where the problem lies. I actually remember something now about me setting up a script in there to enforce that all DNS queries get routed to OpenDNS. If that script is still in place and functioning properly, I think the router might be high-jacking every DNS query and perhaps it has a cache of three or four days.
Wednesday, November 13, 2013 2:43 PM
SpaceTime_L, you might be correct that public DNS usually have delay times due to caching. However, when this problem was occurring I used OpenDNS's Cache Check feature and all of the servers it queried were returning the correct values. Yet when I used OpenDNS in my office on my computers or server, I was getting an old value returned. If OpenDNS was at fault, then my local OpenDNS server must have longer caching than the others and apparently OpenDNS's cache check feature wasn't querying the particular DNS server that I was using. Which is possible, but I would think somewhat unlikely.
Thursday, November 14, 2013 6:17 AM
Can you post the domain name in question?
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Friday, November 22, 2013 8:15 AM
Hi,
I would like to check if you need further assistance.
Thanks.