Question : absolutely bizarre W2K DNS cache problem

I have two DNS servers running in AD integrated mode on my lab network and they are returning bizarre cache results.

Here's the background:

* Two DNS servers (DC1 & DC2) in AD-integrated mode in the domain agilulf.local. Needless to say, they are authoritative for this zone.
* There is a subzone named lab-0.agilulf.local. A linux box running bind 9 is authoritative for this zone.
* The lab-0 zone contains records for only two hosts currently. Each host has an A rec and a CName rec.
* All queries directly to the linux server return correct results.
* The lab-0 zone has been delegated on the windows boxes. The zone exists, the glue records exist and everything looks good.

Now, heres the odd behavior:

* I clear the cache on the win servers with dnscmd /clearcache.
* I can query the win servers for hosts in the lab-0 domain by using the canonical names and everything works properly.
* The _first_ (and only the first) time I query the win servers for a host in the lab-0 domain using the CName, it fetches the info from the linux server and returns correct results.
* BUT, from then on querying the win servers for the CName they returns a non-authoritative answer for the CName but that answer contains the IP address for the linux DNS server, not the name which was queried!
* Clear the DNS cache on the win servers and the first query is correct again but the second and later come from the cache with the wrong IP again.

My current workaround is to set the TTL for the delegated zone to 0 hours. That way the win servers always query the linux server and return the correct info. But obviously this is not a long-term solution.

I'm completely baffled by this misbehavior. Anyone seen this or have any suggestions?

Answer : absolutely bizarre W2K DNS cache problem

The NS Record in the delegation presumably references directory-0? I would be tempted to check for stale glue, but that only really applies if gateway-0 was ever used in the NS record.

Presumably a lookup of gateway-0 against the MS server returns 10.42.0.3? And is still non-authoritative?

Any chance you have another MS DNS server at the same patch level to see if it carries across servers?

Chris

Random Solutions

Simple LAN query

Users connected via SMTP / Email spoofing / Spam issue

How is a websphere application 'supposed to be deployed'

How do I change the "Coporate Directory" name in Cisco Communication Manager 7.2

Load Library Failed

configure outlook express imap / pop to save all incoming and outgoing maill

Cisco Switch - spanning tree command

Problems with Domain/DNS

Unable to run RSoP/GPResult