We have DNS servers hosted on our Windows domain controllers, 2012R2. Currently we have a conditional forwarder for ad.trusted-domain.com, which is working fine. We'd like to also forward PTR queries for their IP range, so I created a conditional forwarder 30.20.10.in-addr.arpa to their DNS servers. However, it seems it doesn't work. When I do nslookup 40.30.20.10.in-addr.arpa I get NXDOMAIN. If I point it to their server, it works: nslookup 40.30.20.10.in-addr.arpa 10.20.30.5 returns the name of the machine.
Is there anything special needed when forwarding reverse domains? All the documentation and forum posts/blogs etc I've read while troubleshooting indicates that there shouldn't be any magic involved.
Best Answer
Adding a forwarder at runtime does not automatically invalidate any queries that are currently sitting in cache for that domain. This includes negatively cached records that returned
NXDOMAINwhen queried. The more frequently the record is being requested, the higher the probability that the record has been cached recently.If it's critical that the forwader change take effect immediately, the change should be accompanied by a cache purge of all records beneath that scope. It's still possible to confirm whether the change was successful without a cache purge, but you'll need to look at the returned TTL to verify that the response did not come from cache. In a pinch, you can add a fresh record on the authoritative server that you know will not be in cache.