NSX-T: Clear NSX-T DNS Forwarder Cache


[Update: NSX-T ingests negative SOA TTL from myDNS server in this example.  Microsoft DNS defaults this to 1 hour.  So NSX-T will cache the negative result for an hour.
To combat this behavior, you can set your source DNS server to a lower TTL so that cache in NSX-T clear quicker.  Valid records in this setup will still cache for 1 hour or whatever you have your DNS server set to.]
To determine TTL value for the negative record:
nslookup -type=a -nosearch -d2 brokenaka.ninja.corp

Summary:

Ran into an interesting behavior w/ NSX-T's DNS forwarder service.  Basically, if I queried for an invalid DNS name, NSX-T's DNS caching appears to capture that invalid query for an undetermined amount of time.

So what does this do?  Basically, if I queried for ninja.naka.corp w/o creating the entry on my DNS server, NSX-T caches that invalid record.  If I then registered ninja.naka.corp on my DNS server, NSX-T will continue to tell me that the record is invalid even though does now exist in my DNS server.

Verified this behavior occurs w/ NSX-T 2.5.2.  It 'might' occur in 3.x, but unsure.  What I am aware of is that there still does not appear to be a UI method to flush this service's cache.

Workaround:

The only way around this problem appears to either wait for the cache to time out or force flushing of cache via API.  Below are curl and powershell examples of how to do this:

Curl Method:


Powershell Method:

Comments

Popular posts from this blog

Misc: Fire TV Stick 2 Screen Cut Off, no display adjustment option

Misc: Navien NPE-240A Navilink App missing scheduling function

Macbook Pro OSX 10.5.x Sprint Blackberry 8830 Data Tethering