Blogs

Don’t cache ‘negative’ DNS lookups on Windows systems

Note: I, Bryan Lockwood, the writer formerly known as quux and adminfoo, am consolidating the best of my posts from my older sites (adminfoo.net, quux.wiki.zoho.com, quux.tumblr.com) here on ITcookbook. Going forward, this is where I’ll be keeping all of my ‘serious’ IT writings. adminfoo.net is going away. I’ll retain the wiki as a doodlepad, and quux.tumblr.com as a place for more lighthearted stuff. If a search landed you here unexpectedly, then hello and welcome to itcookbook.net!

This one is a little bit esoteric. Scenario:

  1. You try to connect to somesystem.yourdomain.com and fail - the name cannot be looked up.
  2. You discover that the DNS record is missing in your DNS server, and you fix it by adding the correct record.
  3. ... but you still can't connect to somesystem.yourdomain.com from your workstation!

What's happening here is that your system has cached a 'negative lookup'. Your local DNS cache basically doesn't think the DNS name exists - and it will go on thinking that until the cached entry expires.
Image credit: http://www.bullz-eye.com/entertainment/standup_hof/images/rodney_dangerfield.jpgHere is an example:

C:\Tools>ipconfig /displaydns

Windows IP Configuration
1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . .  : 0
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . .  : localhost

nosuchmachine.cojones.org
----------------------------------------
Name does not exist.

localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . .  : 0
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1

Here we see that the machine nosuchmachine.cojones.org was looked up, and found to be nonexistent. Now, even if I go and create a DNS record for nosuchmachine, my host will not resolve that name until the 'negative result' entry is flushed from my cache. I can manually flush it with an ipconfig /flushdns command.

Or I could put the following registry entries into my system:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"NegativeCacheTime"=dword:00000000
"NetFailureCacheTime"=dword:00000000
"NegativeSOACacheTime"=dword:00000000

Essentially this will tell my system to never cache 'negative lookups'.

Syndicate content