Here’s an interesting question that came to us from one of the readers. If you have a question for us, don't forget that you can contact us using the Contact tile just to the right of this article when viewed from our TechNet blog.

Question:

With an AD-Integrated zone, when a record is added or updated in DNS on one server, how much time is needed for the DNS server service to find this record and load it (assuming that the other DC/DNS server is in the same site and DS replication is working fine)?

This is a great question that often confounds us and we see some people hitting the “Refresh” button every so often and others choosing to close/reopen the DNS MMC, while many others resort to restarting the DNS Server service. What is the correct method?

So here’s a little flow-chart that shows the “workflow” as a new DNS record is updated on a DNS server in an AD-Integrated zone:

image

 

So if all DNS servers are in the same site and AD replication is working fine, the short answer to this question is 180 seconds or 3 minutes since that’s how often DNS server service polls Active Directory for changes in Active Directory integrated zones.

And your next question maybe: How do I control this behavior? What if I want to reduce it to 2 minutes?

This setting is stored in the registry as “DsPollingInterval”under the subkey: HKLM\System\CCS\Services\DNS\Parameters.

Before you open regedit, let me show you an easier way to query (or change) this setting - by using dnscmd in an Administrator cmd prompt window:

dnscmd /info /dspollinginterval  - should show you the current setting, and

dnscmd /config /dspollinginterval 120 - would change it to 120 seconds.

Although the range of this setting is 0-3600, if the DNS server is running Windows Server 2008 or above, setting a value of 0 for dspollinginterval will result in the default interval of 180 seconds being configured, and values of 1-29 are not allowed as mentioned in this TechNet article.

While we are talking about dnscmd, I should mention that if you use dnscmd on a Windows Server 2012, you may see this message:

In future versions of Windows, Microsoft might remove dnscmd.exe.

If you currently use dnscmd.exe to configure and manage DNS Server,

Microsoft recommends that you transition to Windows PowerShell.

So you should start using PowerShell for these tasks.  Here’s the equivalent command in PowerShell 3.0:

Get-DnsServerDsSetting

The first setting returned is “PollingInterval(s)”.  To change it to say 120 seconds:

set-DnsServerDsSetting -PollingInterval 120

And one last thing: this is a per server setting.

So if you are thinking - this is great information but I have a LARGE number of DNS servers, how about some automation to make it easy to change this setting on all of them. No problem. There are many ways to automate this change, let’s look at two of them. First one is our good ol’ FOR command. Something like this at an Administrator cmd prompt:

for /F %A in (dnsservers.txt) do dnscmd %A /config /dspollinginterval 120

Where dnsservers.txt contains the list of DNS servers.

And for our second example, I have TWO different ways to do this in PowerShell:

First method: Using the dnsservers.txt file that has a list of all DNS servers that need to be modified:

Get-content .\dnsservers.txt |foreach {set-DnsServerDsSetting -PollingInterval 120}

Second Method: If all your domain controllers are DNS servers, this one will modify setting on all of them:

Get-DnsServerDsSetting -ComputerName (Get-ADDomainController | % {$_.Name})|Set-DnsServerDsSetting -PollingInterval 120

Until next time!

Rakesh Chanana