We’ve been chasing an issue lately and learned a few things, so we thought we’d document them for posterity.
When you use the Windows ping command line utility, you give it an IP address or host name, it resolves the host name if needed, pings the address, and gives you the results. Simple, right?
There are also a few options, one of which is -4, which tells ping to use resolve a host name to an IPv4 address if possible. In the example below, a ‘bare’ ping comes up with an IPv6 address, and ping -4 gives us an IPv4 address. Nice!
But that’s not the entire story. It turns out one other difference between ping and ping -4 is the -4 version will use the local Windows DNS cache. This is the cache you flush when you run ipconfig /flushdns
It turns out you can look at what is inside that cache with ipconfig /displaydns
This cache is where trouble can lurk. Sometimes this cache will record a DNS lookup error, so it’s possible the cache will say a host can’t be found for a while (the Time To Live entry determines how long). This means ping myhost might work fine, while ping -4 myhost will indicate the host can’t be found.
The Ping Monitor in PA Server Monitor uses the Windows API WSAStringToAddress to resolve addresses, which works like ping -4, meaning it uses the internal Windows DNS cache. So if you want to test that a name resolves with DNS, it is best to use the DNS Monitor instead of the Ping monitor.
UPDATE: We have the smartest customers 🙂 David from Québec found a registry setting that lets you control how long the DNS cache will hold on to positive and negative responses. By default a positive response is held for a day, and a negative response is held for 15 minutes – a long time to be told a device is down when it’s not really.
To change this, go to:
Create new DWORDs named MaxCacheTtl (positive cache time in seconds) and MaxNegativeCacheTtl and set them to your liking. We’re leaning towards 60 seconds on positive and 15 seconds on negative.
This is currently documented at: