When you visit a website or access another computer on the network, the Windows Operating System will use a DNS Server to translate the hostname into an IP address. Since you may be accessing that resource more than once, the hostname and IP address information is stored in your computer’s DNS Resolve Cache to speed up the process the next time you access that resource.

The amount of time that the hostname and IP address are stored in the cache on the local computer is dependent on two things. The first is the TTL or Time-To-Live value that was assigned to the record stored in the DNS authoritative zone, and the other is the default maximum value that your operating system is configured to cache the results.

Both of these numbers are compared and the smaller of the two is the one that is used to timestamp the record in your cache. For example, the default maximum time that Windows XP uses is 24 hours. Therefore if you were to resolve the hostname http://www.microsoft.com/ and that TTL is set to 5 minutes, then the information for that record will be stored for 5 minutes and then purged from the cache.

If the TTL for that record was 7 days, then XP would store it in your computer’s cache for 24 hours (unless you clear the cache manually, restart the Client DNS service, or restart the computer).

Windows will also store unsuccessful name resolution attempts in the cache. These negative entries are cached for 5 minutes. The problem is that if the website or the host you are trying to reach becomes available within those 5 minutes, you’ll have to wait until the negative entry is purged from the local cache.

Here is an example of the local DNS cache which displays positive and negative results. The command that was used to display this information is: ipconfig /displaydns.

We can tweak the registry to modify the maximum TTL and disable the Negative caching if necessary. Changes will not take effect until you restart the computer, or at least restart the DNS Client service.

Block Negative Entries

To force Windows XP not to cache negative entries we need to add a new DWORD to the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

DWORD: MaxNegativeCacheTtlValue: 0

This will now ensure NO negative entries are stored.

Maximum Cache TTL

To force Windows XP to keep positive entries in DNS Cache for a maximum of only 4 hours instead of the default 24 hours we need to apply the following change to the registry:

DWORD: MaxCacheTtlValue: 14400

Make sure you enter the 14400 (seconds) as Decimal Base and NOT Hexadecimal Base!

Now your registry key should look similar to this: