DNS Resolver Cache

Discussion in 'Windows' started by pradeep, Nov 5, 2005.

  1. pradeep

    pradeep Team Leader

    Apr 4, 2005
    Likes Received:
    Trophy Points:
    Kolkata, India
    Home Page:
    To help speed up Web browsing, Windows XP comes with a local cache containing any DNS addresses that have been looked up recently. Once an URL has been resolved by an Internet name server into a numerical IP, the information is stored locally. Anytime your browser requests an URL, Windows XP first looks in the local cache to see if it is there before querying the external name server used by your ISP. If it finds the resolved URL locally it uses that IP. This is supposed to save time and cut down on Web traffic.

    The default time period for keeping an address in the cache is 24 hours. Thus, a problem can arise if the IP for an URL changes before the 24 hour period is up. In this case an error message will result if you try to connect to the URL. It is not a frequent occurrence but is not unknown. Another more common problem can arise from URLs that are temporarily busy or from congested Internet traffic. If a negative response is received from an attempt to connect, that result is also kept in the local cache. The default time period for retaining a negative response is five minutes. In other words, once a negative response is received you will not be able to connect to the site for at least five more minutes. Since temporary congestion lasting a few seconds is often the cause of a momentary inability to connect to a site, this delay of five minutes can be a nuisance.

    Clear the DNS Resolver Cache
    Fortunately, it is possible to clear out the local DNS cache in order to get around these types of problems. Windows XP comes with a useful command-line utility, ipconfig, which has a switch, flushdns, for removing the entries in the cache. Open a command prompt and enter "ipconfig /flushdns" (without quotes) and the cache will emptied. Personally, I find that it sometimes speeds up Internet browsing to do this flush even when there are no obvious error messages. If you are curious about the contents of the DNS cache, they can also be seen by using ipconfig. In this case open a command prompt and enter "ipconfig /displaydns". If you are experiencing trouble connecting to a particular Web site, it may be useful to see if its URL is in the cache and what IP is being used.

    Configure the DNS Resolver Cache

    A way to minimize problems from the long default wait times that are used for holding data in the DNS cache is to reduce the times (known as Time to Live or TTL). This requires a Registry edit so should be done only by those who know how to restore their Registry. The Registry key that is involved is

    The binary entry MaxCacheEntryTtlLimit can be used to control how long positive responses are kept. Values are in seconds and the default value in the absence of an entry (the usual case) is 86,400 seconds or one day. If you wish to shorten the TTL, create the entry and enter your preferred time in seconds. Most PC users will probably not gain much this way, however.

    Negative responses are another story. I often encounter Web sites that do not respond immediately but which are available after a short wait and a retry. A wait of five minutes would be neither convenient nor necessary. I see no reason to store negative responses in the DNS cache and I have tweaked my own Registry to prevent them from being entered. In this case create a binary entry for the above Registry key and name it NegativeCacheTime. Set the value to "0" (zero). If you prefer to keep the negative responses, but with a shorter TTL, enter the appropriate number of seconds. The default TTL is 300 seconds.

    Defend Against Responses from Non-Queried Servers
    If its settings are left alone, the DNS cache will also accept responses from servers that it never queried. In other words, Web sites that you never tried to reach could send a message looking like a response and it would be stored in the cache. This is a security hole that might allow unauthorized DNS servers to send invalid information for the purpose of misdirecting subsequent DNS queries.

    Again a Registry edit is called for. To disable responses from sites that you never asked for, create a DWORD entry named QueryIpMatching . Put it in the same Registry key above and give it a value of 1.
    Last edited by a moderator: Nov 6, 2005

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice