The Windows 2000, Windows XP, and Windows Server 2003 resolvers have some advanced features that are worth describing here.
The Windows 2000, Windows XP, and Windows Server 2003 resolvers store every record they receive in a shared cache available to all programs on the system. The Windows NT 4.0 resolver caches, but only on a per-process basis. For example, if you have two different web browsers running (say, Internet Explorer and Netscape Navigator), each has its own copy of the resolver with a separate cache. Windows 98, 95, and 3.1 resolvers don't do any caching.
The Windows 2000, Windows XP, and Windows Server 2003 resolvers obey the TTL (time to live) field on resource records they cache, up to a maximum of 24 hours by default. So if a record specifies a TTL longer than that, the resolver rounds down to 24 hours. This maximum TTL is configurable with a Registry setting:
MaxCacheTtl HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache\Parameters Data type: REG_DWORD Default value: 86,400 seconds (= 24 hours)
(On Windows 2000, this Registry value is called MaxCacheEntryTtlLimit.)
The Windows 2000 and Windows Server 2003 resolvers also support negative caching. Windows Server 2003 caches negative responses for fifteen minutes by default, while Windows 2000 caches them for only five. This negative caching timeout is also configurable with a Registry setting:
MaxNegativeCacheTtl HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache\Parameters Data type: REG_DWORD Default value: 900 seconds (= 15 minutes)
(On Windows 2000, this Registry value is called NegativeCacheTime.) To disable negative caching altogether, set this value to zero.
To view the resolver's cache, use ipconfig /displaydns. To clear the cache, type ipconfig /flushdns. To disable caching on Windows XP or Windows Server 2003, you can use the command:
C:\> net stop dnscache
However, this only lasts until the next reboot. To disable caching permanently, go to Services (in the Administrative Tools program group) and set the DNS Client service's Startup type to Disabled.
Subnet prioritization is analogous to the BIND resolver's address-sorting feature. When the resolver receives multiple address records for the same domain name, it examines the IP address in each record and adjusts the order of the records before returning the list to the calling application: any records with IP addresses on the same subnets as the host on which the resolver is running are moved to the top of the list. Since most applications use addresses in the order returned by the resolver, this behavior causes traffic to remain on local networks.
For example, Movie University has two mirrored web servers on two different subnets:
www.movie.edu. IN A 192.253.253.101 www.movie.edu. IN A 192.249.249.101
Let's say the resolver on terminator.movie.edu (192.249.249.3) sends a query and receives these records. It sorts the record with address 192.249.249.101 to the top of the list because terminator shares a network with that address.
Note that this behavior defeats the round-robin feature implemented by most name servers. Round robin refers to the name server behavior of rotating the order of multiple address records in successive responses to distribute the load among the servers (again taking advantage of the behavior of most applications to use the first address in the list returned by the resolver). With subnet prioritization enabled, the order of the records is subject to shuffling by the resolver. You can disable subnet prioritization with a Registry setting:
PrioritizeRecordData HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache\Parameters Data type: REG_DWORD Range: 0 - 1 Default value: 1 (Subnet prioritization enabled)