{"id":6620,"date":"2019-08-06T09:45:30","date_gmt":"2019-08-06T14:45:30","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=6620"},"modified":"2020-01-07T15:34:55","modified_gmt":"2020-01-07T21:34:55","slug":"ping-and-the-windows-dns-cache","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/ping-and-the-windows-dns-cache\/","title":{"rendered":"Ping and the Windows DNS Cache"},"content":{"rendered":"

We\u2019ve been chasing an issue lately and learned a few things, so we thought we\u2019d document them for posterity.<\/span><\/p>\n

\u00a0<\/p>\n

When you use the Windows ping command line utility, you give it an IP address or host name, it resolves the host name if needed, pings the address, and gives you the results. Simple, right?<\/span><\/p>\n

\u00a0<\/p>\n

There are also a few options, one of which is -4, which tells ping to use resolve a host name to an IPv4 address if possible.\u00a0 In the example below, a \u2018bare\u2019 ping comes up with an IPv6 address, and ping -4 gives us an IPv4 address.\u00a0 Nice!<\/span><\/p>\n

\u00a0<\/p>\n

\"\"<\/a><\/span><\/p>\n

\u00a0<\/p>\n

But that\u2019s not the entire story.\u00a0 It turns out one other difference between ping and ping -4 is the -4 version will use the local Windows DNS cache.\u00a0 This is the cache you flush when you run ipconfig \/flushdns<\/span><\/p>\n

\u00a0<\/p>\n

It turns out you can look at what is inside that cache with ipconfig \/displaydns<\/span><\/p>\n

\u00a0<\/p>\n

\"\"<\/a><\/span><\/p>\n

\u00a0<\/p>\n

This cache is where trouble can lurk.\u00a0 Sometimes this cache will record a DNS lookup error, so it\u2019s possible the cache will say a host can\u2019t be found for a while (the Time To Live entry determines how long).\u00a0 This means ping myhost might work fine, while ping -4 myhost will indicate the host can\u2019t be found.<\/strong><\/span><\/p>\n

\u00a0<\/p>\n

The Ping Monitor<\/a> in PA Server Monitor uses the Windows API WSAStringToAddress<\/a> to resolve addresses, which works like ping -4, meaning it uses the internal Windows DNS cache.\u00a0 So if you want to test that a name resolves with DNS, it is best to use the DNS Monitor<\/a> instead of the Ping monitor.<\/span><\/p>\n

UPDATE:<\/strong><\/span> We have the smartest customers \ud83d\ude42\u00a0 \u00a0 David from Qu\u00e9bec found a registry setting that lets you control how long the DNS cache will hold on to positive and negative responses.\u00a0 \u00a0By default a positive response is held for a day, and a negative response is held for 15 minutes \u2013 a long time to be told a device is down when it\u2019s not really.<\/span><\/p>\n

To change this, go to:<\/span><\/p>\n

\n

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Dnscache\\Parameters<\/strong><\/span><\/p>\n<\/blockquote>\n

Create new DWORDs named MaxCacheTtl<\/strong> (positive cache time in seconds) and MaxNegativeCacheTtl<\/strong>\u00a0and set them to your liking.\u00a0 \u00a0We\u2019re leaning towards 60 seconds on positive and 15 seconds on negative.<\/span><\/p>\n

This is currently documented at:<\/span><\/p>\n

https:\/\/docs.microsoft.com\/en-us\/windows-server\/networking\/dns\/troubleshoot\/disable-dns-client-side-caching<\/span><\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

We\u2019ve been chasing an issue lately and learned a few things, so we thought we\u2019d document them for posterity. \u00a0 When you use the Windows ping command line utility, you give it an IP address or host name, it resolves the host name if needed, pings the address, and gives you the results. Simple, right? […]<\/p>\n","protected":false},"author":3,"featured_media":6622,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,9,8],"tags":[],"class_list":["post-6620","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-to","category-technical","category-windows"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/6620","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=6620"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/6620\/revisions"}],"predecessor-version":[{"id":6860,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/6620\/revisions\/6860"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/6622"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=6620"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=6620"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=6620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}