"DNS Client" service: What are the correct parameters?

Discussion in 'DNS Server' started by _Vanguard_, Nov 28, 2004.

  1. _Vanguard_

    _Vanguard_ Guest

    Posted this earlier (but
    got no takers. Might do better here.

    Windows XP has its "DNS Client" NT service for client-side caching of
    DNS queries but it caches both positive and negative results. I want to
    disable or reduce the caching time for negative results. However,
    different articles found by a search mention different parameters used
    to change the caching parameters.

    In http://www.winguides.com/registry/display.php/1203/, it talks about
    changing the values for the MaxCacheTTL and MaxNegativeCacheTTL (TTL =
    time to live). These are the same values mentioned in Microsoft's KB
    article 318803 (http://support.microsoft.com/?id=318803). Neither of
    these parameters exist under the mentioned key in my registry but then
    Windows XP often uses default values when parameters are absent.

    In http://www.speedguide.net/read_articles.php?id=158,
    http://www.tweakxp.com/tweak2081.aspx, and other found articles, they
    talk about using completely differently named settings called
    NegativeCacheTime, NetFailureCacheTime, and NegativeSOACacheTime. These
    parameters *do* exist in my registry and are set to the recommend value
    of zero (0). I don't know if these parameters are actually used in
    Windows XP versus the TTL values mentioned above in the other articles.
    Since they are there and since they are set to zero (0), I have to
    assume that I probably applied these changes before based on information
    that I used to configure the DNS Client service.

    So I am at a quandary as to which values should be set to disable
    negative DNS caching (or reduce its TTL to be much shorter). Some
    articles mention the *TTL parameters and other articles mention changing
    a different set of parameters. I don't know which are applicable under
    Windows XP Professional, or maybe all of them are applicable although
    the MaxNegativeCacheTTL parameter would seem to duplicate the
    NegativeCacheTime parameter. I would like respondents to tell me what
    they have for registry data items under the following registry key and
    their values:


    Which of the following data items exist in your registry and what are
    their values?



    Microsoft mentions the *TTL parameters in the KB articles, but a search
    across all of microsoft.com on the other parameters (NegativeCacheTime
    and NetFailureCacheTime) results in no matches. So I am wondering which
    parameter(s) to use, Microsoft's *TTL parameters or the parameters
    mentioned in the various tweak articles
    _Vanguard_, Nov 28, 2004
    1. Advertisements

  2. _Vanguard_

    Herb Martin Guest

    Disabling the cache for POSITIVE results is sometimes useful
    (e.g., when the machine is also a DNS server itself.)

    Why do you wish to disable or change the negative timeout?
    There is almost never a reason for doing this separate from
    disabling the entire cache?

    There is a registry setting (300 seconds) I believe, or you
    can just <Net Stop "DNS Client"> and/or set the services
    control panel to put the services in manual (or disabled)
    mode on next boot.
    Herb Martin, Nov 29, 2004
    1. Advertisements

  3. _Vanguard_

    _Vanguard_ Guest

    I already know how to *stop* the DNS Client service.

    I don't want to disable caching of postive results (i.e., for a
    successful DNS lookup). According to the mentioned articles that
    describe the "MaxCacheTtl"-named registry data item, the default is 1
    day. That means for a day you could get errors in attempting to used
    the cached IP address for a site that has since changed its real IP
    address (as it got updated in the DNS server). You could be trying to
    hit a site using an invalid IP address from a prior lookup simply
    because it was valid up to a day before. Since you retrieve the cached
    positive result first then you don't get the updated record from your
    DNS server and you end up not being able to visit a site that changed
    its IP address in the last day. That seems ridiculously too long and
    I'll probably reduce it to 5 minutes or an hour - *if* MaxCacheTtl is
    the correct registry data item to change.

    I only want to disable the caching of negative results (i.e., for an IP
    name lookup that fails) but I find dissimiliar information as to what
    registry keys or data items to create or edit. "When a DNS lookup fails
    (due to temporary DNS problems), Windows still caches the unsuccessful
    DNS query, and in turn fails to connect to a host regardless of the fact
    that the DNS server might be able to handle your lookup seconds later"
    (SpeedGuide, and similar declarations in several other articles; see
    This is NOT a rare occasion. Many times when I am simply performing an
    NSLOOKUP, I get a failed result but another repeated attempt within a
    few seconds does work. "A problem can arise here because if the DNS
    cache hold a negative entry and the website you want to view is now OK
    to view, Windows XP will still give you a DNS error!" (updatexp.com).
    Why cache up a negative response from a failure? Why cache them up at
    all on a workstation since the user is unlikely to sit at their computer
    and repeatedly attempt for some huge number of retries to revisit that
    site (and the time between each manual attempt is not a concern
    regarding load on the DNS server) but instead will only try something
    less than half a dozen attempts to reach a site whose IP address fails
    to resolve or they get a fail from their DNS server. I'm not going to
    execute "ipconfig /flushdns" after every DNS failure hoping that it
    wasn't the local DNS cache with a negative result causing the problem.
    By the way, *if* MaxNegativeCacheTtl is the correct registry data item
    to edit (per Microsoft's KB article and some others), the default for
    caching of negative results is NOT just 300 seconds (5 minutes) but is
    instead 900 SECONDS (15 minutes)! Negative cachine causes more problems
    than it solves so I want to disable it but I do NOT want to disable
    positive results caching.

    I don't know if Windows XP's DNS Client is susceptible the exploit of
    receiving unsolicited responses from unauthorized DNS servers that could
    pollute its local DNS cache (see
    http://www.vlaurie.com/computers2/Articles/dnscache.htm, and Microsoft's
    own Windows XP reskit article at http://snipurl.com/azef). So I might
    end up defining that registry entry, too.

    The question really isn't about why I would want to change the caching
    values or whether to keep the DNS client running or not. The question
    is which are the actually correct registry data items to edit. So back
    to my question, and for a Windows XP Professional host (workstation,
    *not* server), what values do YOU see under:


    Do you see:


    Or do you see:


    And what are their values? Or are there no data items by these names
    under that registry key (so the defaults get used for them)?
    _Vanguard_, Nov 30, 2004
  4. In
    If the key name is not in the registry, the default value from the operating
    system's code is used. If you want to change these values add the key and
    the value and the data for the value.

    You have to remember that changing these values is only part of the picture.
    The reason for caching in the first place is to prevent clients from
    continually hitting a DNS server for the same record, or in the case you
    want, the lack of a record. Even if you disable negative caching, if the DNS
    server this client is using has the negative answer in cache it is still
    going to get a negative answer and is unlikely to change from second to
    second. 15 minutes is a reasonable negative cache time. DNS servers will
    keep the negative cache for the default Time to live on the SOA record for
    the domain the record is owned by.
    Disabling negative caching on the client is only going to put more load on
    the DNS server you are using, a lot more than you think. Because when the
    client goes down through the DNS suffix search list, those answers are
    negatively cached, without the negative cache all these queries are going to
    hit the DNS server, over and over.

    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    Keep a back up of your OE settings and folders
    with OEBackup:
    Kevin D. Goodknecht Sr. [MVP], Nov 30, 2004
  5. _Vanguard_


    Oct 28, 2009
    Likes Received:
    i have been hunting for just this question and answer, and found this thread. reading thru it has depressed me enough so that i decided to join up & post myself. it's an old thread, but still...

    there is a lot of off topic verbiage in this thread clouding the original posters query. there is a lot of unhelpful comment on why we should let things alone, but no help or actual answer. the OP had a reason for asking. to suggest he does not understand the ramifications and should leave well enough alone is patronizing. he seems to have enough info and research for him to make an informed decision for himself. he may even decide after all to go back to the defaults, but that should be his decision.

    does anyone have an answer?

    i'd like to know myself re win7, the other sites found seem to imply a variety of variable names depending on whether it's XP, 2003 or 2000, but i do not see anything specific on vista/win7. if someone can answer which name applies to vista/win7 and/or XP/2000/2003 that would be nice.

    15 min wait or longer to correct a one-off short term bad dns reply is too long, having to do a manual flushdns is unreasonable. whatever the correct parameter name is, setting it to a smaller value that will still not hammer those precious dns servers is not an unreasonable desire. telling us what the name is, and a suggested smaller than default value would be a nice condescension.

    dns servers do make errors, some more than others. running gibson's dns performance test is enlightening in this respect.

    don't run it if you are trying to prevent a lot of dns queries tho.


    i found this info on another site that may be enlightening: quoted in part:

    a slightly higher value than zero may be desirable.
    Last edited: Oct 28, 2009
    kronckew, Oct 28, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.