DNS Resolver Cache and Time-to-Live (TTL)

Friday, October 28, 2011

When you visit a website or access another computer on the network, the Windows Operating System will use a DNS Server to translate the hostname into an IP address. Since you may be accessing that resource more than once, the hostname and IP address information is stored in your computer’s DNS Resolve Cache to speed up the process the next time you access that resource.

The amount of time that the hostname and IP address is stored in cache on the local computer is dependent on two things. The first is the TTL, or Time-To-Live value that was assigned to the record stored in the DNS authoritative zone, and the other is the default maximum value that your operating system is configured cache the results. Both of these numbers are compared and the smaller of the two is the one that is used to timestamp the record in your cache. For example, the default maximum time that Windows XP uses is 24 hours. Therefore if you were to resolve the hostname http://www.microsoft.com/ and that TTL is set to 5 minutes, then the information for that record will be stored for 5 minutes and then purged from the cache. If the TTL for that record was 7 days, then XP would store it in your computer’s cache for 24 hours (unless you clear the cache manually, restart the Client DNS service, or restart the computer).

Windows will also store unsuccessful name resolution attempts in the cache. These negative entries are cached for 5 minutes. The problem is that if the website or the host you are trying to reach becomes available within those 5 minutes, you’ll have to wait until the negative entry is purged from the local cache.

Here is an example of the local DNS cache which displays positive and negative results. The command that was used to display this information is: ipconfig /displaydns.

DNS cache

We can tweak the registry to modify the maximum TTL and disable the Negative caching if necessary. Changes will not take effect until you restart the computer, or at least restart the DNS Client service.

Block Negative Entries

To force Windows XP not to cache negative entries we need to add a new DWORD to the following Registry key:


DWORD: MaxNegativeCacheTtl
Value: 0
This will now ensure NO negative entries are stored.

Maximum Cache TTL

To force Windows XP to keep positive entries in DNS Cache for a maximum of only 4 hours instead of the default 24 hours we need to apply the following change to the registry:



Value: 14400
Make sure you enter the 14400 (seconds) as Decimal Base and NOT Hexadecimal Base!

Now your registry key should look similar to this:

dns cache registry

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

Windows Server 2008 R2 Unleashed MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647