Caching DNS Resolver Service

Caching DNS Resolver Service

 

Windows includes a caching DNS-resolver service, which is enabled by default. For troubleshooting purposes, this service can be viewed, stopped, and started like any other Windows service. The caching resolver reduces DNS network traffic and speeds name resolution by providing a local cache for DNS Queries.

When a name is submitted to DNS, if the resolver is caching names, it first checks the cache. If the name is in the cache, the data is returned to the user. If the name isn't in the cache, the resolver queries the other DNS servers that are listed in the TCP/IP properties for each adapter. It does this in the following order:

  1. The resolver first checks the local hosts file (located by default in C:\Windows\System32\drivers\etc) to see whether the required name is listed in host file. The local host address, for example, resolves to 127.0.0.1 through use of the hosts file, not a DNS server.

 

2. In case the name isn't in the hosts file, the resolver then sends the query to the first server on the preferred adapter's list of DNS servers and waits one second for a response.

3. If the resolver doesn't receive a response from the first server within one second, it se nds the query to the first DNS servers on all adapters that are still under consideration and waits 2 seconds for a response.

4. If the resolver doesn't receive a response from any server within 2 seconds, it sends the query to all DNS servers on all adapters that are still under consideration and waits another 2 seconds for a response.

5. If it still doesn't receive a response from any server, it sends the query to all DNS servers on all adapters that are still under consideration and waits 4 seconds for a response.

6. If it still doesn't receive a response from any server, the resolver sends the query to all DNS servers on all adapters that are still under consideration and waits 8 seconds for a response.

7. If the resolver receives a positive response, it stops querying for the name, adds the response to the cache, and returns the response to the client. If it doesn't receive a response from any server by the end of the 8 seconds, it responds with a time-out. Also, if it doesn't receive a response from any server on a specified adapter, it responds for the next 30 seconds to all queries destined for servers on that adapter with a time-out and doesn't query those servers.

The resolver also keeps track of which servers answer queries more quickly, and it might move servers up or down on the search list based on how quickly they respond. In addition, the resolver also caches negative responses. If the resolver is able to successfully reach a domain controller, but that domain controller is unable to resolve the requested name to an IP address, the result is a negative response. So long as that negative response remains in the cache, the resolver will not try to resolve the address again. You can clear the cache by running the following from a command-line:

 

IPCONFIG /FLUSHDNS

Doing so forces the resolver to start over the next time any name needs to be resolved.

To learn more about Caching and Negative Caching, please refer below TechNet Article

http://technet.microsoft.com/en-us/library/cc959309.aspx

 

You can also fix this problem by using the IPCONFIG command. Entering the following command allows you to view the current list of DNS entries that the server has cached:

IPCONFIG /displayDNS

Entering the following command allows you to refresh all DHCP leases and re-register DNS names. (Wait 5 minutes for the DNS entries in the cache to be reset and updated with the RRs in the server's database.)

 

IPCONFIG /registerDNS

You can also use the IPCONFIG command to dump all of the DNS cache entries.

IPCONFIG /flushDNS

It's worth noting that the DNS server should eventually refresh the cache because each entry has a Time-To-Live (TTL) associated with it. TTL indicates a length of time used by other DNS servers to determine how long to cache information for a record before discarding it.