Re: WinXP won't clear the DNS cache (can it be cleared manually)?

On Sat, 27 Mar 2010 15:00:54 +0000 (UTC), Kat Rabun wrote:

> In WinXP SP3 "Network Connections", I right click "Repair" the wired "Local
> Area Connection" but always get an error. How do I clear the DNS cache?

I did try "flushing" the dns cache but it gave a different error:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\kathleen>ipconfig /flushdns
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.

I don't know what else to check to see what is locking the DNS cache.
What could be preventing the DNS cache from flushing?

On Sat, 27 Mar 2010 16:15:12 +0000 (UTC), Kat Rabun
<> wrote:

>Every time I see an ad displayed in my browser, I find the link and ad it
>to my hosts file loopback so that I never again see an ad from that site.

If you're running Firefox, (isn't everyone? <g>), then just add
AdBlock Plus and stop messing around with your Hosts file. I can't
even fathom the amount of trouble you're enduring with your method of
blocking ads.

On Sun, 28 Mar 2010 00:12:16 +0000, Kat Rabun wrote:

> On Sat, 27 Mar 2010 14:38:47 -0500, Char Jackson wrote:
>
>> Just add AdBlock Plus and stop messing around with your Hosts file. I
>> can't even fathom the amount of trouble you're enduring with your
>> method of blocking ads.
>
> Is "AdBlock Plus" freeware?
Yep, it's a freeware add-on for firefox
>
> Your web reference says that you need one of 40 "filter subscriptions"
> to block "online advertising" and "malware domains".
The subscriptions are just lists of known malware sites, totally
free to subscribe (optional too). I just use a hosts file and dont bother
with subscriptions.

>
>
> Since it appears no one has answered your question....I will.
>
One person had: the person who asked the question, some 15 minutes after
asking it.

In message <hola76$j43$> Kat Rabun
<> was claimed to
have wrote:

>On Sat, 27 Mar 2010 15:33:01 +0000 (UTC), Kat Rabun wrote:
>
>> What does the DNS Client actually do (besides preventing a network repair)?
>
>For my type of home network, the DNS Client service doesn't appear to do
>anything useful!
>
>I have a giant hosts file which I update daily as I run into web sites I
>feel act suspiciously (malware, javaware, flashware, annoying popups,
>etc.). I also remove duplicate entries programatically (unixutils "sort
>-u").
>
>In my home network, all the Windows XP SP3 DNS Client seems to (really) do
>is just two bad things:
>- The DNS Client prevent network repairs (by preventing DNS flushes)
>- The DNS Client foul ups systems with large hosts files
>
>Apparently the DNS Client service optimizes the performance of DNS name
>resolution by storing previously resolved names in memory. If the DNS
>Client service is turned off, the computer can still resolve DNS names by
>using the upstream DNS servers.

DNS Client also caches the contents of the HOSTS file, otherwise every
single DNS lookup goes through the file line by line looking for
comparisons.

If you have local, fast, reliable DNS servers and a trivial HOSTS file,
DNS Client adds little benefit. However, if you have a large HOSTS
file, DNS Client speeds up lookups significantly. Similarly, if you
have unreliable DNS servers, or your DNS servers are more than a few
milliseconds away, DNS Client can create a significantly snappier user
experience.

In message <hol8fd$ili$> Kat Rabun
<> was claimed to
have wrote:

>On Sat, 27 Mar 2010 08:07:36 -0700, Kat Rabun wrote:
>
>> What could be preventing the DNS cache from flushing?
>
>I found the problem was the "DNS Client" service wasn't running.
>
>I hadn't been running the DNS Client service ever since I set the DNS
>CLient to "Manual" as per a web site months, or maybe even years ago, which
>said to disable all unnecessary and unneeded Windows XP services.
>
>Since the Internet connection has been working all that time (the router
>automatically assigns the DNS to the computer in the home network), I
>wonder what usful thing the DNS Client does???
>
>What does the DNS Client actually do (besides preventing a network repair)?

DNS Client doesn't "prevent a network repair" but rather, it's part of
the network repair process. By disabling parts of Windows randomly, you
should be prepared for unexpected behaviour when performing activities
that rely on those disabled components.

"Jonathan de Boyne Pollard" <J.deBoynePollard-> wrote in message news: ard.localhost...
> Why not research your problem before posting, instead of posting revised messages every ten minutes?
>
> I just remembered WHY I set the DNS Client service to Manual. I have a huge hosts file (with spam blocking). I don't remember the problem but that is why I disabled the DNS Client service.
>
> So my question has morphed to ...
>
> What does the DNS Client service actually do (besides slowing down huge hosts files and prevening network repairs)?
>
> Actually, the DNS Client speeds up things when one has huge hosts files. Without the DNS Client service, the hosts file is read and processed by every individual application process for every individual query. With the DNS Client service, the hosts file is read and processed once, by the DNS Client service at startup, and then re-read whenever the DNS Client service sees that it has changed.
>



I agree. In a nutshell, the DNS Client service is the caching service. :-)

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

"Kat Rabun" <> wrote in message news:hopm7v$s9d$...
> On Mon, 29 Mar 2010 01:18:31 -0400, Ace Fekay [MVP-DS, MCT] wrote:
>
>> I agree. In a nutshell, the DNS Client service is the caching service.
>
> The strange thing is that almost everyone on the net recommends we turn OFF
> the DNS Client (aka DNS Caching) services, especially for people (like me)
> who have a huge hosts file.
>
> That doesn't jive with the explanation given about why DNS Client (i.e.,
> caching) is useful for large hosts file.
>
> I'm very confused!
>
>
> REFERENCES:
>
> "The most important thing to do before using large HOSTS files is to
> disable the DNS Client"
> http://www.ericphelps.com/scripting/...osts/index.htm
>
> "We recommend disabling the "DNS Client" service on all local computers"
> http://www.simpledns.com/kb.aspx?kbid=1089
>
> "Turn off the "DNS Client" service entirely. This is What we are
> recommending!"
> http://grandcountyinternet.com/DNSResolverCache/
>
> "To avoid the slowdown, either disable the DNS Client or avoid using a
> large HOSTS file"
> http://smallvoid.com/article/winnt-s...-dnscache.html
>
> "Disable caching of unsuccessful ("negative") DNS lookups"
> http://forums.mozillazine.org/viewtopic.php?t=5501
>
> "Unless you are accessing network filesystems and databases, disable the
> DNS Client"
> http://www.jasonn.com/turning_off_un..._on_windows_xp
>
> etc.
>
> Even Microsoft weighs in, albeit not as strongly as the rest of the world!
>
> "DNS caching ... may generate a false impression that DNS "round robin"
> http://support.microsoft.com/kb/318803
>


In your last article posted, it says:
"Note The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated."

This means expect a performance hit with the service disabled. If you ask me, I would rather keep it active. The reason is caching. It prevents repeated lookups. Without caching, the client side resolver service has to initiate a query each and everytime you visit a website or connect to something by it's FQDN. This means if you are at a website, close the browser, re-open it and visit the same site, you will see it hang a bit while it resolves the IP again. Caching will keep a copy of the response for a length of time based on the TTL of the record defined on the SOA where it was created.

This service will also parse and cache anything you've preset in the hosts file.

You can view the cache by running:
ipconfig /displaydns

Cache lookups are fast. Why? It's literally in memory. If it's disabled, as I already said, a new query is iniatiated. If you have a large hosts file, the resolver service will have to parse the hosts file each and every time, which can be lengthy with an extremely large hosts file.

If you have an extremely large hosts files, it will cause a negative performance impact when first bringing up a machine, because it is parsing it and pulling it into cache. Once done, it's fine. It just gives an impression that your machine appears to be hanging after a restart.

If you are using a large hosts files for spam blocking that has every known spammer source name and IP, then it tells me your system is a standalone, that is not part of a network. THis lists constantly grows, and is not beneficial to do it this way. There are other ways around this with 3rd party spam tools that integrate with your mail client that you can set it to use RBLs.

Download Stop Spam Software
http://www.filesland.com/download/stop-spam.html

The Microsoft KB article also states:
"Windows contains a client-side Domain Name System (DNS) cache. The client-side DNS caching feature may generate a false impression that DNS "round robin" is not occurring from the DNS server to the Windows client computer. When you use the ping command to search for the same A-record domain name, the client may use the same IP address. "

I am not sure if you are aware of what round robin is, but I will briefly explain. If you have more than one record hostname with different IPs, DNS will rotate the responses. This is a weak version of distributing workload among multiple servers. Say if I have website, and it's so large I wanted to create the same website on another webserver. I would create a www record, give it IP#1, and another www record and give it IP#2. WHen a client side resolver sends the query, DNS will give it one of the IPs, then when another machine sends a query, it will give it the next, then when it repeats, it gives it the first one, and so on. It keeps rotating it. Disabling this service on the client side and manually creating one of the records will only give you the same server, and if it goes down, well, your kind of stuck thinking oh, the website must be down, but it's not. MOre importantly in an AD environment, when there are multiple GCs to choose from in it's site. The "false" impression that some get when using ping, is because of Ping's limitations. Nslookup is the better tool to test round robin, and many other nameserver tests.

In another article you posted (below), I see a technical error. I am surprised that some of these companies do not research this stuff before publicly posting:

> We recommend disabling the "DNS Client" service on all local computers"
> http://www.simpledns.com/kb.aspx?kbid=1089

The article states:
"IMPORTANT: On recent Windows versions, the "DNS Client" service is also used to register the computer's network connection in DNS (sends a dynamic update creating a host record on the local DNS server).
If you need this functionality, then obviously you should not disable the "DNS Client" service.
The same functionality is however also available in many DHCP servers (including the plug-in for Simple DNS Plus), making it unnecessary for the client computer to do this itself."

To me, it clearly states they didn't research this before posting. If you read the following article, it clearly states that the DHCP Client service is responsible for Dynamic DNS registration.

No DNS Name Resolution If DHCP Client Service Is Not Running
http://support.microsoft.com/kb/268674

So if I were you, I would better research this stuff at Microsoft's site, since this is a Microsoft engineered product. I didn't go through the other articles, but I have a feeling they are more product related with personal views and that I'll find similar errors.

My suggestions:
Enable DNS Client Service.
Don't use a large hosts file.
If a standalone workstation using Outlook, use an Outlook/RBL aware spam utility.
If on a domain and using Exchange, ask your administrator to install and use the IMF and an Exchange aware antivirus.
Carefully research everything, including Microsoft's TechNet for Microsoft product specifics.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

Jonathan de Boyne Pollard <J.deBoynePollard-> wrote:

> There two lessons here:

Well, the first lesson should be quoting some part of the original message
so other knows what you are talking about.

> Folk wisdom is often based upon people using magic incantations and not really understanding what their computers do.
>
>
> Abusing the DNS to solve an HTTP problem is wrongheaded.

In message <> Joel
<> was claimed to have wrote:

>Jonathan de Boyne Pollard <J.deBoynePollard-> wrote:
>
>> There two lessons here:
>
> Well, the first lesson should be quoting some part of the original message
>so other knows what you are talking about.

Not to call you out on missing something obvious, but the previous
poster *did* quote, but it was done using indents rather than quote
marks.