NSX-T: Clear NSX-T DNS Forwarder Cache
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ9bHXIda_Tz7ObdEb45Kf-vxKBsdUAjZ9bZYvBLbTXBgrFSF8preHrx6emwvMgxqmuP_aGOkzL5CB8Y6ZENUv1ugBzrrrEF_feEs2pn4L09JoovaC-_kmRBhaITIPgKCf1hHhf2ZwGab6/w640-h554/NSX-T+DNS+Cache.jpg)
[ Update: NSX-T ingests negative SOA TTL from myDNS server in this example. Microsoft DNS defaults this to 1 hour. So NSX-T will cache the negative result for an hour. To combat this behavior, you can set your source DNS server to a lower TTL so that cache in NSX-T clear quicker. Valid records in this setup will still cache for 1 hour or whatever you have your DNS server set to.] To determine TTL value for the negative record: nslookup -type=a -nosearch -d2 brokenaka.ninja.corp Summary: Ran into an interesting behavior w/ NSX-T's DNS forwarder service. Basically, if I queried for an invalid DNS name, NSX-T's DNS caching appears to capture that invalid query for an undetermined amount of time. So what does this do? Basically, if I queried for ninja.naka.corp w/o creating the entry on my DNS server, NSX-T caches that invalid record. If I then registered ninja.naka.corp on my DNS server, NSX-T will continue to tell me that the record is invalid even though does now exist in