Solved

DNS cache timeout value

Posted on 2009-04-07
15
3,096 Views
Last Modified: 2013-12-14
In a normal DNS server setup on Win 2K3, how much is the DNS cache-time out .... In other words, for how long does it keep the entry in its cache so that it doesnt have to go to any other DNS server (root server or ISP server), etc ?
0
Comment
Question by:nabeel92
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 6

Expert Comment

by:WizardWill
ID: 24094165
here is an article on how to disable or change the TTL on the dns cache windows xp and server 2003

http://support.microsoft.com/kb/318803
0
 
LVL 6

Expert Comment

by:WizardWill
ID: 24094168
The default TTL for positive responses is 86,400 seconds (1 day).
The TTL for negative responses is the number of seconds specified in the MaxNegativeCacheTtl registry setting.
The default TTL for negative responses is 900 seconds (15 minutes).
0
 

Author Comment

by:nabeel92
ID: 24094214
Ok ... Now i need your opinion on 1 thing ...
I have 2 DNS servers on my LAN network ... First one looks for Root DNS servers to resolve DNS entries and has ofcourse DNS caching enabled ... The second DNS server has ISP's (Telstra) DNS server configured and that ISP is the one that we use for our internet links as well ... Now, I have attached 2 figures as well (figure 1 for DNS server 1 and fig 2 for DNS server 2) .. I'm a bit new to Microsoft training so first if you can confirm me if my understanding is correct ... and if this is so, then shouldnt the first DNS server use ISP's I.P address instead of root internet servers ???
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:nabeel92
ID: 24094218
Sorry, screenshots are attached !
DNS-1.jpg
DNS-2.jpg
0
 
LVL 6

Expert Comment

by:WizardWill
ID: 24094288
Im not sure what you mean.. where are the requests from clients being sent to what dns server or can both access the internet ?

A DNS server on a network is designated as a forwarder by having the other DNS servers in the network forward the queries they cannot resolve locally to that DNS server.
Without having a specific DNS server designated as a forwarder, all DNS servers can send queries outside of a network using their root hints.
 
look here at this article it might help you alot
http://technet.microsoft.com/en-us/library/cc782142.aspx
0
 

Author Comment

by:nabeel92
ID: 24094307
Client PCs send DNS request to a local IP which is 10.0.8.13 (Local DNS server 1) .... Now, this DNS server shows its acting as a forwarder and in Forwarders tab, it says "All Other DNS domains" ..... If i click on Root Hints tab, it shows all those root DNS servers and their I.P addresses, etc  ... So does this mean that our DNS is contacting root internet servers for resolving any DNS entries ?
Please let me know if anything was unclear ?
0
 
LVL 6

Expert Comment

by:WizardWill
ID: 24094318
Well if your clients are querying dns server one which is configured to forward all requests to your isp .... than all client dns queries are going to ur isp to look up and returning them to your dns server
0
 
LVL 6

Expert Comment

by:WizardWill
ID: 24094322
When the DNS server receives a query, it attempts to resolve this query using the primary and secondary zones that it hosts and its cache.

If the query cannot be resolved using this local data, then it will forward the query to the DNS server designated as a forwarder.

The DNS server will wait briefly for an answer from the forwarder before attempting to contact the DNS servers specified in its root hints.
0
 

Author Comment

by:nabeel92
ID: 24094332
Actually, that was a typo error i made ... It's the DNS 2 server that is configured to contact the ISP (i.e. 139.130.4.4) ... DNS server 1's forwarder says "All other DNS domains" and has a list of root hints " .....So my question is "Shouldn't it be the other way around ? " As in, Primary DNS should be talking to ISP's DNS server for resolving queries ??? It seems right now it is talking to Root internet servers for resolving any non-cached queries ?


0
 

Author Comment

by:nabeel92
ID: 24094334
What i mean is that wouldnt it increase the DNS resolution time if my local DNS server talks to root internet servers for resolving DNS queries ? Shouldnt it instead talk to my ISP's DNS that usually has a big cache ... What's the general recommendation !
0
 
LVL 6

Accepted Solution

by:
WizardWill earned 500 total points
ID: 24094410
yes the amount of bandwidth used over the Internet connection is considerably less and the processing load on the internal name server is minimized as well by using the ISP

Of course, if the forwarder doesn't respond within the timeout configured, the server can either try another forwarder (if configured) or use root hints (if available) or give up and return an error.
0
 

Author Comment

by:nabeel92
ID: 24094418
Ok, I get it now ...
I will then schedule an activity to change DNS forwarder to ISP's name server at some less busy time,
Thanks for your info
0
 

Author Comment

by:nabeel92
ID: 24094421
between is there anyway i can check from the PC (possibly some command prompt command) that how much time does it take to resolve a certain entry ? That way I would be able to make a comparison between the DNS resolving time it takes through root server and DNS resolve time it takes using ISP's name server...
0
 
LVL 6

Expert Comment

by:WizardWill
ID: 24094439
0
 
LVL 6

Expert Comment

by:WizardWill
ID: 24094441
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question