Configuring Windows DNS resolver cache

Question

Note that I'm talking about the client DNS resolver cache. This message is not concerned with the Windows DNS Server.

I have a C# program that does a lot of DNS resolutions. Because the HTTPWebRequest component won't let me change the Host header, I can't create my own internal DNS cache. So I have to depend on the Windows DNS cache, which doesn't appear amenable to change.

There's a reasonably good TechNet article about the DNS cache Registry settings in Windows Server 2003, but I haven't been able to prove that setting them does anything. All the other pages I found through a Google search either reference that page, or paraphrase it, sometimes incorrectly.

Windows' ipconfig command has a /displaydns switch that will output the contents of the cache. To my knowledge, that's the only way to determine the size of the DNS cache. In my experiments on a 32 bit Windows XP box with 2 GB of memory, no matter what I set the DNS cache registry values to, I always end up with between 30 and 40 items in the cache--even after doing thousands of DNS resolutions. On my 64-bit Windows 2008 machine with 16 GB of memory, I always get between 270 and 300 items in the cache.

I'm stumped. I don't know what the answer is, but I figure one of the following is the case:

1. It's not possible to change the size of the DNS resolver cache.
2. It is possible, but the documentation is wrong.
3. The documentation is correct as far as it goes, but it’s incomplete.
4. The documentation is correct and complete, but I’m too dumb to make sense of it.
5. The documented registry entries actually changed the size of the cache, but ipconfig isn’t showing me all the entries that are in the cache.

Can anybody tell me if it's possible to configure the size of the DNS resolver cache in Windows XP, Vista, or Server 2008?

Answer 1

There is a program "Portable DNS Cache" that you can use to view the DNS cache, monitor activity of DNS resolver, and see queries resolved via cache and those forwarded to DNS server. In its settings, you can configure the maximum number of items in the cache. Although, it seems that it forces all items to stay in cache until you click "Clear Cache" button or cache limit is reached.

Answer 2

With these settings, after just a few minutes on the web, I am seeing 1517 cached entries:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"QueryIpMatching"=dword:00000001
"NegativeCacheTime"=dword:00000000
"NegativeSOACacheTime"=dword:00000000
"CacheHashTableBucketSize"=dword:00000001
"CacheHashTableSize"=dword:00000180
"MaxCacheEntryTtlLimit"=dword:00000e10
"MaxSOACacheEntryTtlLimit"=dword:0000012c

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"QueryIpMatching"=dword:00000001

Answer 3

A hack you can use is to add entries to the hosts file on Windows, which would make it not make DNS queries for all the entries in the file. You can periodically then query again to verify entries.

Answer 4

By default the minimum TTL for cache is 1 day, I've toyed with it but by default I believe the registry entry isn't there by default.

This is the key you're looking for, at least in XP:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache\Parameters

You need to add a DWORD MaxCacheTtl - This will change the minimum TTL to store in the resolver cache.

Since it defaults to 86,400 (value is in seconds, default = 1 day), anything shorter than this simply isn't cached. If you lowered it to say 300, you'd see tons more getting cached on the client.