Article Summary: This article provides information on the similarities and differences between the DNS resolver cache, present on all Windows machines, and the DNS server cache, present only on a DNS server.
The Resolver Cache
Every Windows machine has a DNS resolver cache built in. The function of this cache is to store the results of previous DNS queries for a length of time in order to expedite future queries for the same data. For example, if the machine needs to resolve dc01.mydomain.local to an IP address, it will query its DNS server, get a response (if all goes well), and store that response in its resolver cache. If it needs to resolve that same fully qualified domain name again, it can retrieve the data from the resolver cache rather than querying the DNS server again.
Retrieving data from the resolver cache is a much faster process than querying a DNS server and waiting for a response, especially if the DNS server can't answer the query and has to query other servers. Data in the cache is only valid for a certain time, though. This is important, since DNS records can and do change. If the IP address of a host record changes, for example, any machine with the old record in its cache will not be able to reach the associated host by name until the cached record expires.
It is possible to view the contents of the resolver cache with the ipconfig /displaydns command, though the output may be lengthy:
As you can see, each record in the cache is displayed with its Time To Live (TTL) value, which is the amount of time in seconds until that record expires and is purged from the cache. The TTL value for records in the resolver cache of a Windows machine is either 24 hours or the TTL value assigned to the record itself on its authoritative DNS server, whichever is less. The resolver cache also stores negative responses (responses indicating a certain record does not exist), but these are only stored for five minutes by default.
You may sometimes find it necessary to purge all data from a machine's resolver cache. This is a common task when troubleshooting name-resolution issues and is accomplished with the ipconfig /flushdns command:
A Note About the hosts File
The hosts file, located in the C:\Windows\System32\drivers\etc folder, provides a way to prepopulate a machine's resolver cache with persistent data. Any entries added to the hosts file will immediately appear in that machine's resolver cache. You can verify this by clearing the cache with ipconfig /flushdns, adding an entry to the hosts file, saving the file, and running the ipconfig /displaydns command. Entries in the hosts file will persist when the resolver cache is cleared.
The Server Cache
A Windows DNS server maintains a resolver cache like any other machine, but it also maintains a separate server cache. As it does on other machines, the resolver cache stores responses to queries that originated on the server itself, while the server cache stores responses to queries issued to the server by other machines on the network. (Note, however, that if a DNS server is configured to use itself for DNS, which is the recommended configuration on the first DC in a domain, the response to a query that originates from that server will be stored in both caches.) Unlike the resolver cache, the server cache does not store negative responses.
Data in the server cache is handled just like data in the resolver cache - individual records are purged from the server cache as their TTL values expire - but the server cache is only used for queries originating from other machines. A DNS server will not check its own server cache when it issues a query itself unless it is configured to use itself for DNS. Likewise, a DNS server will never check (or modify) the data in its resolver cache in response to a query from another machine.
Data in the DNS server cache can be viewed in the DNS Manager console by selecting the server in the left pane and choosing Advanced from the View menu. A folder named Cached Lookups will then appear in the left pane of the console. The data in the cache is arranged hierarchically, starting with the DNS root zone and continuing through top-level domains, second-level domains, and so on, down to the cached records themselves, as shown below:
It is possible to delete individual records from the server cache using the DNS Manager console, just as one would delete records from a zone: by right-clicking the records and selecting Delete. It is also possible to purge all records from the server cache by right-clicking the server (or the Cached Lookups folder) in the left pane of the console and selecting Clear Cache. Finally, the server cache may also be cleared with the dnscmd /clearcache command. The ipconfig /flushdns command has no effect on the server cache, just as clearing the server cache by one of the methods mentioned has no effect on the resolver cache.
Article ID: SLN266111
Last Date Modified: 09/08/2014 03:28 PM