SBS 2008 DNS stops working after 1 day for .uk, .eu and some other TLDs outside USA
In SBS 2008, when first installed or rebooted, DNS queries succeed, but after a period of about 1 day users report that they are unable to access some web sites. On inspection, it may be noticed that the inaccessible web sites are in the .uk and .eu Top Level Domains (TLDs) or certain other TLDs that are outside of the USA.
If left for several days, the problem may appear to resolve itself then re-occur after another day or so.
If the DNS server service is restarted, or the DNS cache on the server is cleared, then the problem is temporarily resolved but re-occurs after a day or so.
The cause of this problem is that in EU countries (and certain other TLDs outside the USA), nameserver records are typically cached for more than 1 day. SBS2008 has a cap on the maximum time that it will allow nameserver records to be cached, which defaults to 1 day. This default works fine in the USA but When the .uk and .eu records become stale, they are not deleted from the cache but are no longer returned as valid records. Therefore, they effectively prevent DNS lookups in those TLDs from succeeding until the records expire and are deleted from teh cache, or the DNS Server service is restarted.
The fix is to increase the maximum Time To Live (TTL) setting in the DNS server so that it recognises records older than 1 day. Experience has shown that setting the value to 4 days is usually enough, but the maximum setting is 30 days.
Workaround
This problem can be temporarily resolved by restarting DNS Server service or by clearing the DNS cache on DNS server.
Permanent resolutions include - increasing the maximum DNS cache TTL value. - Reconfiguring the DNS server to use DNS forwarders instead of relying on Root Hints.
Solution
For a permanent work around, the MaxCacheTTL value needs to be changed to a value larger than the TLD TTL (Default value is 1 day, maximum value is 30 days). On SBS2008 there is no negative impact since this is the TTL for the cache of Resource Records. This is just the maximum value that it will be stored on DNS server. If the actual TTL is shorter, the shorter value will be used.
- Start Registry Editor (Regedit.exe).
- Locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters -
On the Edit menu, click New, click DWORD (32-bit) Value , and then add the following value:
Value: MaxCacheTtl
Data Type: DWORD
Data value: 0x69780 (432000 in decimal = 5 days) Click OK .
- Quit Registry Editor.
- Restart the DNS server.
As an extra precaution, clear the DNS resolver cache using
IPCONFIG /FlushDNS
After the change, the server should be monitored to check if the issue occurs again. Since this value won’t affect the normal behavior on SBS2008, we can increase this value to a larger value if the issue persists.
See also
- Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains
- Cannot resolve names in certain top level domains like .co.uk