Solved

DNS (a) record - TTL keeps reverting to default 10 minutes

Posted on 2009-04-13
6
1,243 Views
Last Modified: 2012-05-06
Greetings,

I have a W2K3 SP2 server farm with two domain controllers, both configured with Global Catalog and both running DNS server (AD integrated) which are able to replicate to each other perfectly. All my client servers are pointing to both DNS servers in their IP configuration, with the primary DC as the first DNS server and the secondary DC as the second DNS server. For reasons related to application failover and uptime, I need to set the TTL for my domain.name to 30 seconds so that if the primary DC goes down the domain.name will re-resolve to the second DC in under one minute. However although this method works, I discovered that the (a) records keep reverting to the default of 10 minutes?

Does anyone know why this is happening and how I prevent this please? I need my domain.name (a) records to have a TTL value which is less than one minute.
0
Comment
Question by:harnamsc
  • 3
  • 3
6 Comments
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 250 total points
Comment Utility
After doing some reading on default TTL's, I found the article below. It states that the default TTL is 20 minutes. I would guess that your TTL must be set to 10 minutes, so that when it elapses after you manually change the TTL, the next renewal resets it to 10 minutes:
http://support.microsoft.com/kb/246804
I think what you'd have to do is to disable dynamic registration for the two DNS servers and then set the TTL to what you want it to be.  
0
 
LVL 1

Author Comment

by:harnamsc
Comment Utility
hypercat: Sorry but the link you provided does not specifically state which registry key I need to edit?
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 250 total points
Comment Utility
Here's material quoted from the last few paragraphs of the article:
<<How to disable DNS updates in Windows Server 2003
By default, client computers that are running Windows Server 2003 have DNS updates enabled. To disable domain name system (DNS) dynamic update protocol registration for all network interfaces, use one of the following methods:
Method 1
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Tcpip\Parameters
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type DisableDynamicUpdate, and then press ENTER two times.
  5. In the Edit DWORD Value dialog box, type 1 in the Value data box, and then click OK.

    Note By default, the DNS update is enabled (0). Exit Registry Editor.
Method 2
Note This method does not apply to Windows 2000-based computers.
  1. Click Start, click Run, type regedit, and then click OK. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dnscache\Parameters
  2. On the Edit menu, point to New, click DWORD Value, and then type RegistrationEnabled.
  3. Right-click RegistrationEnabled, click Modify, type 0 in the Value data box, and then click OK.
  4. Exit Registry Editor.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 816592  (http://support.microsoft.com/kb/816592/ ) How to configure DNS dynamic update in Windows Server 2003>>
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:harnamsc
Comment Utility
So I have to edit the HKLM\SYSTEM\CurrentControlSet\Services\ Tcpip\Parameters (method 1) key on all my client servers and workstations? Method 2 probably does not apply to my environment as everything there runs Win2003 SP2.
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 250 total points
Comment Utility
Just on the DNS servers. The purpose of the reg edit is to prevent that particular machine from dynamically updating its DNS records. These are the machines that you are trying to force a particular TTL for the DNS records, right?  Since the TTL is defaulted and updated when the dynamic DNS update occurs, setting these machines not to update dynamically should prevent the TTL from changing. You will need to test this, of course, to see if it accomplishes what you are trying to do, as I'm not 100% sure it will.
0
 
LVL 1

Author Comment

by:harnamsc
Comment Utility
Thank you hypercat, I've modified the registry keys on my DNS servers and the modified TTL values for my domain.name (a) records no longer reset themselves.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now