Site menu:



Windows XP > Customizing Windows XP


Adjust Windows XP DNS Cache Settings

By: Arie Slob

Windows XP includes a cache where responses to queries of DNS (Domain Name System) servers are stored on the local machine. DNS servers are needed, because while domain names are alphabetic (like www.helpwithwindows.com), the Internet is really based on IP addresses. Every time you use a domain name, a DNS service must translate the name into the corresponding IP address. For example, our domain name www.helpwithwindows.com translates to 67.15.18.52.

The local cache on Windows XP (and Windows 2000) is there so that local clients don't need to query the DNS servers for the same addresses. This has a slight speed advantage, and also reduces network traffic, when you would want to (re)use an address that is already in the cache. This cache is known as Resolver Cache.

To view the Resolver Cache, open a command prompt (Run > CMD) and type ipconfig /displaydns

ipconfig /displaydns

The contents of the DNS resolver cache includes not only recently queried names resolved by the system, but also entries from the Hosts file. Each entry also lists the remaining Time To Live (TTL) in seconds.

You can clear the DNS resolver cache using the following command entered at the command prompt: ipconfig /flushdns

The length of time for which entries (negative or positive) are stored in the cache depends on settings in the Windows registry. By default, positive responses (meaning there was a "match" for the name queried) are stored for 86,400 seconds (1 day). Negative responses are stored for 300 seconds (5 minutes) by default. However, you may want to adjust these settings.

It might be useful not to store any negative responses at all. For example, your ISP's DNS cache might produce a lookup failure due to a temporary server problem (network path congested). By default, you'd have to wait at least 5 minutes before Windows XP would do a new DNS lookup on the server. Until then Windows XP will just return the invalid cached info (giving you that lovely "Cannot find server or DNS Error" in Internet Explorer). To change this:

  1. Start the Registry Editor
  2. Go to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Dnscache \ Parameters
  3. From the Edit menu select New > DWORD value
  4. Enter the name MaxCacheTtl to change the positive cache period or the name MaxNegativeCacheTtl to change the negative cache period
  5. Double-click the new value, set it to the desired number of seconds, choosing Decimal as Base (see picture below)
  6. To stop Windows XP from caching negative responses set the value of MaxNegativeCacheTtl to 0
  7. Close the registry editor and flush the DNS cache (see above for instructions) for the changes to take effect

The reason you might want to change the time that positive responses (MaxCacheTtl) are cached for is this: in the 'old' days on the Internet, DNS entries were updated only twice a day, but today, most ISP's and domain name registrars have set their TTL (Time To Live) to 4 hours, so entries could change faster than before. I have set my MaxCacheTtl time to 14400 seconds, or 4 hours.

Note: Previously I had assumed the Windows 2000 registry entries to be the same for Windows XP. This is not the case! If you find DWORD values MaxCacheEntryTtlLimit and/or NegativeCacheTime in the HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Dnscache \ Parameters registry location, please delete those. When present they will prevent Windows XP using the correct settings.


MaxCacheTtl

Preventing the Resolver from accepting responses from nonqueried servers

By default, the resolver accepts responses even from servers it did not query. This could present a possible security liability, as an unauthorized DNS server might pass along invalid resource records to misdirect DNS queries. This can be avoided by adding a DWORD value named QueryIpMatching with a value of 1 to the following location in the registry: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters.

Note: Previously many documents including VU#458659, ISS X-Force#4280, and DNS white papers from Microsoft indicated that the registry location for QueryIpMatching is HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Dnscache \ Parameters. But several people have found in testing that the correct location for this entry should be HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters which is also described in Microsoft Windows 2000 TCP/IP Implementation Details.

This is one of the functions performed by:


Tweaking Toolbox XP