W S
asked on
DNS servers not caching certain DNS records
Hello,
We have 2 x 2008R2 DCs in a site A which are caching some DNS records but not caching other DNS records. This seems to be affecting DNS performance.
We have 2 x 2008R2 DCs in site B which are caching all records as expected.
All servers are using Root Hints.
Example:
Site A DCs: ft.com in DNS cache shows 4 NS records
ns1.p23.dynect.com
ns2.p23.dynect.com
ns3.p23.dynect.com
ns4.p23.dynect.com
When I do:
NSLookup www.ft.com.
I get this response:
Non-authoritative answer:
Name: e.global-ssl.fastly.net
Address: 185.31.17.230
Aliases: www.ft.com
But the record for www.ft.com is not cached.
Site A DCs: ft.com in DNS cache shows 4 NS records
ns1.p23.dynect.com
ns2.p23.dynect.com
ns3.p23.dynect.com
ns4.p23.dynect.com
When I do:
NSLookup www.ft.com.
I get this response:
Non-authoritative answer:
Name: e.global-ssl.fastly.net
Address: 185.31.17.230
Aliases: www.ft.com
But the record for www.ft.com is not cached.
In SIte B, the same nslookup command results in the caching of:
ns1.p23.dynect.com
ns2.p23.dynect.com
ns3.p23.dynect.com
ns4.p23.dynect.com
and the caching of CNAME for www => e.global-ssl.fastly.net
Has anyone ever seen this behaviour?
Any idea why DC in one site is caching the www record and DC in other site is not?
Thanks.
We have 2 x 2008R2 DCs in a site A which are caching some DNS records but not caching other DNS records. This seems to be affecting DNS performance.
We have 2 x 2008R2 DCs in site B which are caching all records as expected.
All servers are using Root Hints.
Example:
Site A DCs: ft.com in DNS cache shows 4 NS records
ns1.p23.dynect.com
ns2.p23.dynect.com
ns3.p23.dynect.com
ns4.p23.dynect.com
When I do:
NSLookup www.ft.com.
I get this response:
Non-authoritative answer:
Name: e.global-ssl.fastly.net
Address: 185.31.17.230
Aliases: www.ft.com
But the record for www.ft.com is not cached.
Site A DCs: ft.com in DNS cache shows 4 NS records
ns1.p23.dynect.com
ns2.p23.dynect.com
ns3.p23.dynect.com
ns4.p23.dynect.com
When I do:
NSLookup www.ft.com.
I get this response:
Non-authoritative answer:
Name: e.global-ssl.fastly.net
Address: 185.31.17.230
Aliases: www.ft.com
But the record for www.ft.com is not cached.
In SIte B, the same nslookup command results in the caching of:
ns1.p23.dynect.com
ns2.p23.dynect.com
ns3.p23.dynect.com
ns4.p23.dynect.com
and the caching of CNAME for www => e.global-ssl.fastly.net
Has anyone ever seen this behaviour?
Any idea why DC in one site is caching the www record and DC in other site is not?
Thanks.
ASKER
Thanks Dan.
Typo in the original question (apologies), results are:
ns1.p23.dynect.net
ns2.p23.dynect.net
ns3.p23.dynect.net
ns4.p23.dynect.net
Typo in the original question (apologies), results are:
ns1.p23.dynect.net
ns2.p23.dynect.net
ns3.p23.dynect.net
ns4.p23.dynect.net
How about your forwarder configuration? There is no relation between fastly.net and dynect.net that I can find.
Again, I believe you have a configuration difference between your 2 sites. fastly.net is a global CDN and dynect is a managed DNS provider. faslty is based in San Francisco, CA, USA and DynEct is in Australia.
1. How is TCP/IP configured on the DCs at each site?
1a. what are the DC's DNS configuration?
2. What (if any) is the DNS forwarding configuration on the DCs at each site?
2a. Are you sure that all DCs in all sites are configured the same way?
3. Are there any proxies in place that could redirect outbound DNS queries?
Dan
Again, I believe you have a configuration difference between your 2 sites. fastly.net is a global CDN and dynect is a managed DNS provider. faslty is based in San Francisco, CA, USA and DynEct is in Australia.
1. How is TCP/IP configured on the DCs at each site?
1a. what are the DC's DNS configuration?
2. What (if any) is the DNS forwarding configuration on the DCs at each site?
2a. Are you sure that all DCs in all sites are configured the same way?
3. Are there any proxies in place that could redirect outbound DNS queries?
Dan
ASKER
Hello Dan,
Thanks for the input.
We are testing some alternate configurations.
I'll get back with results.
Thanks.
Thanks for the input.
We are testing some alternate configurations.
I'll get back with results.
Thanks.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
I resolve the nslookup to the following:
Open in new window
I cannot resolve the FQDNs for: nsX.p23.dynect.com
I would check your forwarder configuration on the DCs in site A and compare them to site B's config.
Dan