Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
DNS

How can I disable the caching of failed DNS lookups in Windows 2000/XP/2003?

Windows 2000/XP/2003 added the ability to cache DNS lookup results in the client’s cache. This cache can be viewed by typing ipconfig /displaydns in the command prompt:

Windows IP Configuration

 ddlnetwork.net
 ----------------------------------------
 Record Name . . . . . : ddlnetwork.net
 Record Type . . . . . : 1
 Time To Live . . . . : 13445
 Data Length . . . . . : 4
 Section . . . . . . . : Answer
 A (Host) Record . . . : 67.159.5.63

 Record Name . . . . . : ns1.gothosted.com
 Record Type . . . . . : 1
 Time To Live . . . . : 13445
 Data Length . . . . . : 4
 Section . . . . . . . : Additional
 A (Host) Record . . . : 67.159.5.63

 kona3.kontera.com
 ----------------------------------------
 Record Name . . . . . : kona3.kontera.com
 Record Type . . . . . : 1
 Time To Live . . . . : 3161
 Data Length . . . . . : 4
 Section . . . . . . . : Answer
 A (Host) Record . . . : 208.185.211.88

 Record Name . . . . . : ns.above.net
 Record Type . . . . . : 1
 Time To Live . . . . : 3161
 Data Length . . . . . : 4
 Section . . . . . . . : Additional
 A (Host) Record . . . : 207.126.96.162

 Record Name . . . . . : ns3.above.net
 Record Type . . . . . : 1
 Time To Live . . . . : 3161
 Data Length . . . . . : 4
 Section . . . . . . . : Additional
 A (Host) Record . . . : 207.126.105.146

 dns.stack.net
 ----------------------------------------
 Record Name . . . . . : dns.stack.net
 Record Type . . . . . : 1
 Time To Live . . . . : 2644
 Data Length . . . . . : 4
 Section . . . . . . . : Answer
 A (Host) Record . . . : 217.73.194.98

and so on.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

While being a good idea as this lowers the required amount of DNS queries on the LAN and to the ISP’s DNS, whenever a query returns a negative answer (i.e. the answer was “I don’t know”), the client also caches this information.

If this answer was due to a misconfigured entry in DNS, and you, as administrator, have fixed it, it won’t matter for that specific client, as the negative answer is already stored in its cache. It’s like the client is telling itself “why should I bother asking again, I know that the DNS doesn’t have an answer for me”…

You can manually clean this cache by running the ipconfig /flushdns command from the command prompt:

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

But in order to totally avoid this situation, you could simply configure the client to not cache any negative DNS lookup results.

To do so follow these steps:

  1. Open Registry Editor.
  2. In Registry Editor, navigate to the following registry key:
     lang="reg">HKEY_CURRENT_USERHKEY_CURRENT_USERHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
  3. Create the following value (DWORD):
    NegativeCacheTime
    and give it a value of 0 (zero).

    Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you’re supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

  4. Close Registry Editor.

Done!

Links

Rename or Delete Special Folders

Related Topics:

DNS
BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: