question

BojanZivkovic-7448 avatar image
0 Votes"
BojanZivkovic-7448 asked LimitlessTechnology-2700 answered

Conditional forwarders - TTL

Hi, we have conditional forwarder zone stored in AD with 2 master servers authoritative for that DNS zone (BIND servers). Due to some network glitches each day clients in Europe can not resolve host names in that zone (RODCs used as primary/secondary DNS servers lose connection to BIND servers) - I checked TTL on my laptop for cached A record in troublesome DNS zone to see that each time it is different and varies from 152 seconds to 484 seconds. Is there anything to be done here to set TTL of A record in troublesome DNS zone (on client/RODCs or BINDs themselves) to for example several hours until network team determine when and why RODCs <--> BINDs communication is blocked. I know it is not elegant solution but it would be just temporary workaround.

windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

It would be best to troubleshoot why RODC connections are blocked. What ports are open between the RODC and the RWDC? You will need to have the same ports for an RODC that you have for an RWDC.

For the test propose open all firewall ports for the connection and see if they are still blocked for certain clients in your case clients in Europe and also make sure you have not set any specific Inbound & Outbound rules which might block the connection.

The default TTL for positive responses is 86,400 seconds (1 day).
The default TTL for negative responses is 5 seconds; prior to Windows 10, version 1703 the default was 900 seconds

Below threads discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/0ef2a6a7-7b8b-4fc9-929c-85ae2f223ac6/rodc-problems?forum=winserverDS

https://social.technet.microsoft.com/Forums/en-US/ef8b6bb5-3c3d-4c96-92e0-331d566e2f44/rodc-or-rwdc-in-branch?forum=winserverDS

https://docs.microsoft.com/en-us/answers/questions/623324/problem-with-rodc-read-only-domain-controller-forw.html


--If the reply is helpful, please Upvote and Accept it as an answer–

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.