DNS client side cache

I'm taking a look at my DNS client cache(Windows XP) and there are only 2 records which are localhost and something else.

I attempt to use the ping, pathping, and tracert command to resolve names to IP addresses.

I check the DNS client cache and no records are being kept of these domains.
I used the command ipconfig /displaydns to check the dns resolver cache.

After this I made sure the DNS Client service was started and running and it was.

Why am I not retaining DNS resource records?

I understand when I use my browser it has built-in DNS resolver cache but I am not using the browser, everything I'm doing is strictly from the command prompt.

Any suggestions?

Also I checked my DNScache paramaters in the Registry and everything looks good.

Thanks

Find more posts tagged with

Comments

Pash

Are you using the netbios machine name when pinging?

Try using nslookup with the FQDN of the machine your looking up.

Goldmember

Pash,

I'm not having problems pinging sites, the problem is I need to find out why my DNS cache has no entries.

They might be timing out(TTL) but I manually set the registry to control the TTL.

Anyone have suggestions?

Pash

Goldmember wrote:

Pash,

I'm not having problems pinging sites, the problem is I need to find out why my DNS cache has no entries.

They might be timing out(TTL) but I manually set the registry to control the TTL.

Anyone have suggestions?

You mentioned you used ping, pathping and tracert for name resolution.

I am fairly sure the reason is that your DNS server is performing iterative queries on behalf of your resolver. Therefore the resolver will only try to use hosts file, if there is no entry it will ask it's primary DNS server and so on.

sprkymrk

Actually, it's a good question. In theory, once the client gets an answer from his DNS server, it should cache the response for it's TTL. I tried a few things, including using IE to go to some sites and they never showed up in the output of displaydns either.

I tried to find something about it on MS, but didn't find anything that would explain why it's not showing up:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/svrxpser_7.mspx#EHMAE

Resource records (RRs) from query responses are added to the client cache as applications query DNS servers. This information is then cached for a set Time to Live (TTL) and can be used again to answer subsequent queries.

http://technet.microsoft.com/en-us/library/bb727005.aspx#ECAA

The DNS Client Resolver Cache
The DNS client resolver cache is a RAM-based table that contains both the entries in the Hosts file and the host names that Windows has tried to resolve through DNS. The DNS client resolver cache stores entries for both successful and unsuccessful DNS name resolutions. A name that was queried but was not successfully resolved is known as a negative cache entry.

The following list describes the attributes of the DNS client resolver cache:

It is built dynamically from the Hosts file and from DNS queries.

Entries obtained from DNS queries are kept only for a period of time known as the Time to Live (TTL), which is set by the DNS server that has the name-to-IP address mapping stored in a local database.

Entries obtained from the Hosts file do not have a TTL and are kept until the entry is removed from the Hosts file.

You can use the ipconfig /displaydns command to view the contents of the DNS client resolver cache.

You can use the ipconfig /flushdns command to flush and refresh the DNS client resolver cache with just the entries in the Hosts file.

Pash

http://technet2.microsoft.com/windowsserver/en/library/19a63021-cc53-4ded-a7a3-abaf82e7fb7c1033.mspx?mfr=true

Yeh according to technet the resolver should cache indeed, but im fairly sure i have a link at home that says the DNS server will cache and answer the resolver if it is running iterative queries. Im not home for a week though so i cant check for the link.

If anyone can shed light before then, please do.

sprkymrk

Thanks Pash. Post the link if you can find it later.

Goldmember

UPDATE
**************************

I found out its my personal firewall blocking something related to the DNS resolver built-in with Windows. DNS requests are golden when using browsers like Mozilla or Explorer.

My firewall is Comodo.

Thanks

****************************************************************************

Thanks for the help so far.

Pash, I think you are looking at the server side of the operation moreso then the client.

I understand that my DNS server might be performing iterative queries on my behalf, but what happens when my DNS server sends me a response? What happens to this record locally on my client?

What I need is the client/resolver cache and how come my local computer is not retaining DNS entries(A records).

I know that when you use a browser, like sprkymark said, that the browser retains its own DNS resolver cache. Therefore the DNS records will be used by the browser.

How about when I'm using Windows without my browser(Firefox)?

What happens when I telnet www.microsoft.com? Shouldn't I get a response record which should be cached locally?

I'm not getting any locally cached records even though they are arriving at my computer.

Help!

I did some packet sniffing on my computer using Ethereal and found that DNS queries and responses were happening. I'm just not sure why my local resolver cache is not saving the responses....it must be. I just can't find out where to find them.

I tried
ipconfig /displaydns
but I get the same old 2 records.

Thanks

sprkymrk

So your firewall was intercepting them, eh?
Maybe my anti-spyware is doing the same thing....

Goldmember

I'm still working on what the firewall blocking.

It allows DNS requests and responses from the browser and it must for the ping command because everything works and names are resolved

For some odd reason the cache is not being updated because of the firewall.

I don't have time to mess with this particular problem today, but I will get back to it tomorrow.

Right now I'm studying 70-291 chapter 5.

Thanks