If, for example, a host record changes in your local DNS server, Forefront TMG does not directly uses the updated DNS entry, even if you use the command ipconfig /flushdns (in an elevated cmd). This command works only for the locally logged on user. The DNS entry will only be updated until the TTL has expired (which can be found in the settings of your DNS server TMG is using). If you want TMG to use the new DNS entry directly, follow the steps below.
Solution
In the TMG 2010 Tools & Software Development Kit you can find several useful tools. One of them is DNSToolsPack. You can find it here: http://www.microsoft.com/download/en/details.aspx?id=11183
1. Download the DNSToolsPack and extract the archive. It contains a .doc file, .rtf file and DNSTools.exe.
2. Copy the DNSTools.exe to the installation directory of ForeFront TMG (by default C:\Program Files\Microsoft Forefront Threat Management Gateway).
3. Open an command prompt (with an user account which has the appropriate rights for ForeFront TMG) and type in: dnstools /c which clears the DNS cache of TMG. Every new DNS request will now use the updated DNS entry.
There are several other commands available. Just type in dnstools to see what you might need.
I have followed your link and downloaded the DNSToolsPack. When I run the dnstools command I get an error stating “the program can’t start because WSPAPI.dll is mmissing from your computer.” This is true. I have also checked an ISA 2006 server and it doesn’t exist. It appears the only way to get the DLL is to download registry error software, which I’m not going to do. How else can the DNS be cleared for TMG 2010? Or how can I simply download the missing driver? Thanks.
please put the file in the FTMG running directory… not the install where its being put.. it needs the core dir of FTMG to work..
copy “C:\Program Files (x86)\Microsoft Forefront TMG Tools\DNSTools\dnstools.exe” “C:\Program Files\Microsoft Forefront Threat Management Gateway\”