Sunday, February 15, 2009

DNS Resolver Local Cache

The question was asked on the TechNet DNS forums and I wanted to write about this. When you open CMD window and type YourDomain.Local the reply is coming back from let's say DC3.smtp25.org. Well we have two more domain controllers why ping only talks to DC3 not DC1 or DC2?

This simple question brings a nice DNS explanation some of you might or might not know and I certainly think knowing DNS local resolver cache will help you to troubleshoot issues related to Exchange servers and domain controllers

  • For a DNS name, Netlogon queries DNS by using the IP/DNS-compatible Locator--that is, DsGetDcName calls the DnsQuery call to read the Service Resource (SRV) records and "A" records from DNS after it appends the domain name to the appropriate string that specifies the SRV records.

After the client locates a domain controller, the domain controller entry is cached on the client workstation in the DNS local resolver cache.

When you issue a ping command, the local resolver is used to locate the resource from its cache and therefore when you ping YourDomain.Com whatever is listed in the Resolver cache first is going to be the IP address you will be pinging all the time, this is true until the client DNS resolver cache changes and another authorative domain controller is being cached by the local DNs resolver.

If you want to test this here what you need to do,

Open two separate CMD windows from your workstation side by side. I used my domain name in below example

Ping smtp25.org

  • Pinging smtp25.org [10.10.10.6] with 32 bytes of data:
  • Reply from 10.10.10.6: bytes=32 time=1ms TTL=128
  • Reply from 10.10.10.6: bytes=32 time<1ms TTL=128

Now on the second CMD Window issue fallowing command

  • Ipconfig /DisplayDNS
    as you can see the first record has been cashed in the resolver is 10.10.10.16 , second is 10.10.10.3 third and last one is 10.10.10.2

smtp25.org

----------------------------------------

Record Name . . . . . : smtp25.org

Record Type . . . . . : 1

Time To Live . . . . : 49

Data Length . . . . . : 4

Section . . . . . . . : Answer

A (Host) Record . . . : 10.10.10.6

----------------------------------------

Record Name . . . . . : smtp25.org

Record Type . . . . . : 1

Time To Live . . . . : 49

Data Length . . . . . : 4

Section . . . . . . . : Answer

A (Host) Record . . . : 10.10.10.3

Now regardless how many times you ping your domain. Local --à you will always ping the first DC, which is 10.10.10.6

Now let's change this , on the second window type

  • Ipconfig /FlushDNS
  • Ipconfig /registerDNS
  • IPconfig /DisplayDNS------------à You wont have any entries here yet for the SMTP25.org, it mean on the first DNS query the answer will be cached in your local DNS resolver. So godhead and perform

Ping YourDoamin.local whatever the information you get from DNS will be loaded in your cache and you will use it until it gets flushed. As you see once local Cache is cached the DNS information the Client will not go to DNS server until the local cache gets flushed and new DNS information is cached.

View a DNS client resolver cache

How Domain Controllers Are Located in Windows

Oz Ozugurlu MVP (Exchange)

MCITP (EMA), MCITP (EA) MCITP (SA)

MCSE (M+, S+) MCDST,

Security+, Server +, Project+

Blog: smtp25.blogspot.com

Blog: telnet25.wordpress.com

No comments: