Solved

What is "CACHE.DNS file" in a DNS server?

Posted on 2008-10-03
5
2,604 Views
Last Modified: 2012-05-05
Hi,

1. This is related to CACHE.DNS file in a DNS server
2. My questions: (Please FIRSTLY explain it with your own WORDING, and then provide "LINKS" if necessary), i) Where is the DEFAULT LOCATION of the CACHE.DNS file in a DNS server machine?, ii)Could we configure it ?, iii) Could we ADD or DELETE the "input" to this file, and how to do it?, iv) What is the PURPOSE or the FUNCTION of this file? Could we DELETE it  and what is the risk?
3. Thank you

Tjie
0
Comment
Question by:tjie
5 Comments
 
LVL 23

Assisted Solution

by:Justin Durrant
Justin Durrant earned 100 total points
Comment Utility
The cache DNS file caches hostnames to speed resolution.. it can be edited with notepad and the cache can be purged via dnscmd /clearcache
0
 
LVL 9

Assisted Solution

by:authen-tech
authen-tech earned 110 total points
Comment Utility
All DNS servers have a cache.dns file that contains the IP addresses of all Internet root servers (sometimes called Root Hints).

Purging this file in windows can also (or possibly only) be done using ipconfig /flushdns in a cmd prompt.  

Here's info on it:
http://support.microsoft.com/kb/316341

I believe the file is located here:
cd %systemroot%\system32\dns



Hope that helps!
0
 
LVL 3

Accepted Solution

by:
DraconianSoul earned 150 total points
Comment Utility
flushdns clears the local resolvers dns cache.  jjdurrant has the right syntax to clear the cache.

Assuming you're familier with the concepts of DNS, the cache file is where the DNS server puts a copy of the all the ip addresses it has resolved.  It will keep these entries in the cache flle until the TTL (time to live) expires at which time they are removed the next time a lookup is done and a fresh resolution is retrieved from the internet.  The cache file is also where the root domain servers' IP addresses are kept.

The default location is C:\WINDOWS\system32\dns

There is nothing to configure in the cache file... it is simply a cache.  You could add static entries to it, but windows would not know to preserve them.  If you cleared your cache or if you were trying to redirect traffic from a website to antoher IP, the entry could be overwritten when the TTL on that records expires.

If you're trying to update the root dns entries you should do so through the DNS console.

I beleive if you delete the file, windows will recreate the file next time the service is started.  However, I'm not going to verify that.  You'd be better off not messing with it.
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 140 total points
Comment Utility
DNS cache is a cache of previously used DNS addresses, and it is stored on the DNS server and on workstations to speed up resolution.

_____________________________________________________________________________
The chronology of a WINS query and DNS query: (how similar they are)
So a client sends out a DNS query:
1) The first place a client looks for is a cached entry. These records could be bad. (To determine if this is the case, go to the command prompt of the client and type IPconfig /flushdns.) (For WINS cach, type NBTstat -rr)
3) Then if your client doesn't have the cached entry, it will look at the client's C:\Windows\system32\drivers\ect\Host file for DNS resolution. (For WINS, you comptuer looks in the C:\Windows\system32\drivers\ect\LMHOST file(You can look at and edit the host file with word pad. Check and see that there are no entries, except 1.0.0.127 local host file in that file for the HOST file and no entries in LMHOST. These files are used if you don't have a DNS server or WINS server respectively. They can be configured to maintain a list of computers you want to contact via a DNS query or WINS query.)

After the client can't determine its own DNS query it will look at the prefered DNS server: (To determine the prefered DNS server, it will be the first on on the list in an IPconfig /all of the client). (For WINS, it will be the preferred WINS server)
1) The first place the server looks for DNS records is its own DNS cache. (You can flush the cash by again going to the command prompt and typing ipconfig /flushdns) (For WINS it you can flush it by purging the Server's WINS cache by using NBTstat -rr)
2) Then the server will look at its own C:\windows\system32\drivers\host file. (for WINS it will be the C:\windows\system32\drivers\LMHOST file
2)Then, the DNS server will have a list of Host A records, Alias records also known as CNAME records and SRV (service)records. (For WINS, it will look at the WINS record, Netbios Alias record, and other server records)
3) If the DNS server can't find the Host A, it will make an attempt to contact an outisde server. There are two types of contacts. One is a recursive and the other is an iteration query. There are also two types of lists to contact the outside server. One is called a forwarder and the other is called roothints.
---brief explaination of each:
---Recursive lookup: A recursive lookup is handled by the server. It will go out to a distant server and try to resolve DNS queries that it can't do on for the client. In other words, if the DNS server can't find an internal address, it will go out to other servers and ask them to look for it. If a resolution is provided. The resolution will be passed down to the client from the server. It is recommended to turn off recursive lookups for security reasons and performance reasons.
--Iteration: Iteration is done when the server can't resolve the query and tells the client, "I can't do it, ask another DNS server." The resolution comes from the remote server, not the local server. So, this is basically passing the buck.
---forwarders: forwarders are manually configured DNS servers that your server will forward queries to if your server can't make the resolution. (most folks configure the ISP's DNS server as the forwarders)
---Root Hints: Root Hints are a list of public DNS servers that your server forwards DNS queries to if your server can't resolve the DNS query

DNS-query.gif
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 140 total points
Comment Utility
With that information comes some very powerful DNS troubleshooting skills:

---You can determine the problems of DNS is seconds by asking three questions:
Ask yourself, "is this the only client that is having problems?". If so, it is either the clients DNS cach or Host file that has a bad record.

---Ask yourself, "Are all of my PC's on the domain having problems with this DNS resolution?". If so, then it is probably the server's DNS cache, or Host file with a bad record.

---Ask yourself, "Are all of my PC's having problems getting to ALL outside websites?". If so, you probably have a problem with the configuration of root hints, preferred DNS servers, or forwarders.
___________________________________________________________________________
Look at DNS cache as a booklet of ever changing business cards. Then, look at host files as a rolladex of internal workstations. And look at DNS servers as a phone book to internal worksations with a link to other phonebooks outside of your domain.

All DNS DOES IS TRANSLATES: fully qualified domain names to IPs and visa-versa. So, there is minimal risk to any of DNS.

Host files can be manually configured in the event that a DNS server is not present. So, there should be NO NEED to edit this. However, this is a need to purge these entries, because with this file configured, it will skip your DNS server and think it can provide its own resolution.

DNS cache is just a bunch of DNS resolutions that were previously made, and it is ever changing. There is NO NEED to ever Edit this. There are times when you might consider purging (let's call it flushing) these records because once in a while you can get a bad DNS record in the cache. Then, your clients once again skip the server for resolution. How do you purge your DNS cache> go to the command prompt and type IPconfig /flushDNS
________________________________________________________________________________



0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now