SBS 2008 DNS stops working after 1 day for .uk, .eu and some other TLDs outside USA

windows-server-2008 domain-name-system windows-sbs-2008 web windows-sbs-2011

6,897

The cause of this problem is that in EU countries (and certain other TLDs outside the USA), nameserver records are typically cached for more than 1 day. SBS2008 has a cap on the maximum time that it will allow nameserver records to be cached, which defaults to 1 day. This default works fine in the USA but When the .uk and .eu records become stale, they are not deleted from the cache but are no longer returned as valid records. Therefore, they effectively prevent DNS lookups in those TLDs from succeeding until the records expire and are deleted from teh cache, or the DNS Server service is restarted.

The fix is to increase the maximum Time To Live (TTL) setting in the DNS server so that it recognises records older than 1 day. Experience has shown that setting the value to 4 days is usually enough, but the maximum setting is 30 days.

Workaround

This problem can be temporarily resolved by restarting DNS Server service or by clearing the DNS cache on DNS server.

Permanent resolutions include - increasing the maximum DNS cache TTL value. - Reconfiguring the DNS server to use DNS forwarders instead of relying on Root Hints.

Solution

For a permanent work around, the MaxCacheTTL value needs to be changed to a value larger than the TLD TTL (Default value is 1 day, maximum value is 30 days). On SBS2008 there is no negative impact since this is the TTL for the cache of Resource Records. This is just the maximum value that it will be stored on DNS server. If the actual TTL is shorter, the shorter value will be used.

Start Registry Editor (Regedit.exe).
Locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
On the Edit menu, click New, click DWORD (32-bit) Value , and then add the following value:

Value: MaxCacheTtl
Data Type: DWORD
Data value: 0x69780 (432000 in decimal = 5 days)
Click OK .
Quit Registry Editor.
Restart the DNS server.

As an extra precaution, clear the DNS resolver cache using

IPCONFIG /FlushDNS

After the change, the server should be monitored to check if the issue occurs again. Since this value won’t affect the normal behavior on SBS2008, we can increase this value to a larger value if the issue persists.

I am a freelance software developer and IT professional. I trade as Tigra Astronomy and Tigra Networks. As a software developer I currently specialize in producing firmware and Windows software to control astronomical instruments and devices and I have worked with a number of well-known brands that sell equipment to amateur astronomers. Some of the brands I have worked with to produce shipping commercial products include NexDome, Optec, Gemini Telescope Design, AWR Technology, Technical Innovations. I have also produced one-off solutions for several private individuals and institutions. I am a member of the steering group for The ASCOM Initiative which produces standards and interoperability software used by almost all software available to amateur astronomers, and lately some universities and government departments. This work is purely voluntary but highly rewarding, because the impact of ASCOM on amateur astronomy cannot be overestimated. ASCOM was historically Windows-only but is currently undergoing a transformation to a network-centric cross-platform technology. With my IT hat on, I support several organizations with servers, cloud services and CCTV security systems. I am active mainly with arts companies such as Music Theatre Wales and conservation charities such as Thanet Countryside Trust and Pwll Du Cave Management Group, where I am a trustee. I was awarded Microsoft MVP ('Most Valuable Professional') for Windows Small Business Server in 2007, 2008 and 2009. I prefer to develop in C# and try to be an early adopter of the latest tools and techniques, where it makes sense. CodeMentor Twitter @Tim_Long Google+ Facebook LinkedIn timlong

Updated on September 17, 2022

Comments

Tim Long almost 2 years

In SBS 2008, when first installed or rebooted, DNS queries succeed, but after a period of about 1 day users report that they are unable to access some web sites. On inspection, it may be noticed that the inaccessible web sites are in the .uk and .eu Top Level Domains (TLDs) or certain other TLDs that are outside of the USA.

If left for several days, the problem may appear to resolve itself then re-occur after another day or so.

If the DNS server service is restarted, or the DNS cache on the server is cleared, then the problem is temporarily resolved but re-occurs after a day or so.
Alnitak over 14 years

I'd upvote this, if it weren't for the USA and EU crap. It's nothing to do with geography or politics, etc, it's just coincidence that many TLDs chose longer TTLs for their NS records.
Tim Long over 14 years

@Alnitak: Ah but it does concern geography, because it is the root nameservers that are affected and they are divided up geographically. Certainly, that is how the problem presents to end users. The problem only occurs when the server is configured to use root hints and the caching issue then becomes apparent mainly on non-US TLDs because of their longer TTL. But, I agree the way I've worded it is a bit unclear. I'll try to revise it over the next day or two.