On Friday I changed a public DNS A-record to a new IP address on our provider's DNS service for our public web-domain. To make these changes populate faster in our intranet (for our intranet clients/users) I used the powershell command Clear-DnsServerCache
on our Windows 2012R2 DNS Server machine.
My understanding of the command is that only the cache will be deleted. No records or anything else will be touched. Therefore (so I thought) the only negative implications of deleting the whole cache might be lower speed performance in resolving names. Hence I did not bother only deleting the cached records for the affected domain name, but deleted the whole cache. As we are only having around 20 people working on this site, I considered the performance penalties of a deleted cache as negligible.
Note: The machine on which the DNS server is running, is also a synchronized AD Domain Controller. It is a Windows 2012 R2 Standard machine. This DNS server hosts AD-integrated zones. Replication is active with two other DNS/ActiveDirectory-servers located in our headquarter. On this server we also have reverse DNS lookup set up and we have query-forwarding active to all replicated servers (each DNS Server has the other two replicated servers as query-forward servers set up).
Today (after the weekend) we have massive DNS problems. _gc
, _kerberos
and _ldap
forward-lookup entries in the AD integrated zones are missing in the DNS server. Hence we got problems of people not being able to find the domain name server et cetera. My team discusses now what the reason could be.
Can it be, that the Clear-DnsServerCache
did cause this?
The Technet article at https://technet.microsoft.com/en-us/library/jj649893(v=wps.630).aspx did not help either.
Side-question: is Clear-DnsServerCache
doing the same as dnscmd /clearcache
and also the same as in the GUI (DNS Management Console, View
-> Advanced
, then right-click on Cached Lookups
and then Clear Cache
)?
Update 2017-02-08
Thanks to all the commenters. Based on your input I am now confident that our problems have nothing to do with Clear-DnsServerCache
. Which leaves the question what caused our loss of multiple AD-relevant SRV records.
If I find out I will come back and write another update. Though I have my doubts whether we will ever find out.
Answer
Q: Side-question: is Clear-DnsServerCache doing the same as dnscmd /clearcache and also the same as in the GUI (DNS Management Console, View -> Advanced, then right-click on Cached Lookups and then Clear Cache)?
A: Yes.
That command should not have had any affect on the AD SRV records.
That being said, you can recreate the missing SRV records by using one of the following methods:
Restarting the Netlogon service on one of your DC's.
Importing the SRV records from C:\SystemRoot\Config\NetLogon.dns on one of your DC's.
Running DCDiag /Fix
Running NetDiag /Fix
No comments:
Post a Comment