Local DNS Cache and NXDOMAIN Responses

  • We're rolling out automated installs to subdomains at work and finding that we're getting cached responses from local nameservers. E.g. we create bob.example.com, but the local dns cache is returning NXDOMAIN on bob.example.com (192.168.1.1) even though an nslookup on the specific nameserver yields the correct domain.

    What kind of solutions do we have for this problem.

Answers(8)

    • They will time out eventually. Before making changes you should reduce your negative TTL to a reasonable amount. The value is specified in your SOA record for the domain. Query your servers for the SOA record to determine how long the timeout might last.

      Default value is documented as 3 hours, and maximum value is 7 days.

      As you have found, it is not a good idea to query your local servers for new services before you know they are available on all your authoritative nameservers. Doing so may prime the cache with a negative answer. Query them first to verify.

    • I suspect what might be happening is chrome might be pre-fetching urls it finds on the page - we place bob.example.com in a hidden div when the "thank you" page loads. – bundini Jul 15 '11 at 15:12

    • Chromium indeed does that very thing. – JdeBP Jul 22 '11 at 16:39

    • DNS results are also cached by Windows and may impact reachability. Try ping bob.example.com from the command line. Browsers cache pages results unless there is an appropriate no-cache directive in the headers. Usually a forced reload will look for changes and reload changed content. If not, restarting the browser should do so. The browser should have configuration items controlling when changes are queried for. – BillThor Jul 15 '11 at 17:02

      • DNS results are also cached by Windows and may impact reachability. Try ping bob.example.com from the command line. Browsers cache pages results unless there is an appropriate no-cache directive in the headers. Usually a forced reload will look for changes and reload changed content. If not, restarting the browser should do so. The browser should have configuration items controlling when changes are queried for. – BillThor Jul 15 '11 at 17:02

          • They will time out eventually. Before making changes you should reduce your negative TTL to a reasonable amount. The value is specified in your SOA record for the domain. Query your servers for the SOA record to determine how long the timeout might last.

            Default value is documented as 3 hours, and maximum value is 7 days.

            As you have found, it is not a good idea to query your local servers for new services before you know they are available on all your authoritative nameservers. Doing so may prime the cache with a negative answer. Query them first to verify.

          • I suspect what might be happening is chrome might be pre-fetching urls it finds on the page - we place bob.example.com in a hidden div when the "thank you" page loads. – bundini Jul 15 '11 at 15:12

          • Chromium indeed does that very thing. – JdeBP Jul 22 '11 at 16:39