nitty gritty ?? about dns cache on name servers and desktop mmccaws2 <mmccaws[ at ]comcast.net> 11/24/2008 8:11:42 PM Hi just finding some curious things that I'm trying to resolve the answer to. Here it goes. TTL for google is 5 mins I ping it then I show 'ipconfig /displaydns' it show that it has jus a couple hundred seconds left. Record Name . . . . . : google.com Record Type . . . . . : 1 Time To Live . . . . : 205 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 209.85.171.99 when i ping seattle.gov and I show ipconfig /displaydns seattle.gov ---------------------------------------- Record Name . . . . . : seattle.gov Record Type . . . . . : 1 Time To Live . . . . : 4066 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 156.74.250.21 The amount of time to live is much less than 7200 seconds. Now I had flushed dns on my desktop when I started these queries, so all this info is new. Seattle.gov is not my parent domain so it would have no reason to be in my cache due to my desktop settings. So the question is -- Since the value is not 7200 seconds minus some short duration by the delay of ping and typing the next command, is the 4066 reflecting the name server's time left on it's cache???? or how does that work? the soa says ttl is 2 hours. The captured response using Wireshark says the ttl is 1 hour. I get the impression that the servers my laptop is querying may have a maximum cache limit of 1 hour. Otherwise if the value is less than 1 hour it goes by the value. Is this posssible for Windows 2003 server DNS cache. What is the default cache value? thanks Mike

Re: nitty gritty ?? about dns cache on name servers and desktop "Ace Fekay [Microsoft Certified Trainer]" <firstnamelastname[ at ]hotmail.com> 11/25/2008 12:27:47 AM In news:b1991036-a4d3-4e80-b089-cfdacf3bdf89[ at ]l39g2000yqn.googlegroups.com, mmccaws2 <mmccaws[ at ]comcast.net> requesting assistance, typed the following: [Quoted Text] > Hi > > just finding some curious things that I'm trying to resolve the answer > to. Here it goes. > > TTL for google is 5 mins > I ping it then > I show 'ipconfig /displaydns' > it show that it has jus a couple hundred seconds left. > > > Record Name . . . . . : google.com > Record Type . . . . . : 1 > Time To Live . . . . : 205 > Data Length . . . . . : 4 > Section . . . . . . . : Answer > A (Host) Record . . . : 209.85.171.99 > > when i ping seattle.gov > and I show ipconfig /displaydns > > seattle.gov > ---------------------------------------- > Record Name . . . . . : seattle.gov > Record Type . . . . . : 1 > Time To Live . . . . : 4066 > Data Length . . . . . : 4 > Section . . . . . . . : Answer > A (Host) Record . . . : 156.74.250.21 > > > The amount of time to live is much less than 7200 seconds. > > Now I had flushed dns on my desktop when I started these queries, so > all this info is new. Seattle.gov is not my parent domain so it would > have no reason to be in my cache due to my desktop settings. So the > question is -- Since the value is not 7200 seconds minus some short > duration by the delay of ping and typing the next command, is the 4066 > reflecting the name server's time left on it's cache???? or how does > that work? > > the soa says ttl is 2 hours. The captured response using Wireshark > says the ttl is 1 hour. I get the impression that the servers my > laptop is querying may have a maximum cache limit of 1 hour. > Otherwise if the value is less than 1 hour it goes by the value. Is > this posssible for Windows 2003 server DNS cache. What is the default > cache value? > > > thanks > Mike When you ping an FQDN, the local cache, as well as the DNS server that served you the result, will keep it in cache until it's TTL expires. The TTL is based on the record's TTL when it was created at the SOA, or the server that is responsible for that domain name. Matter of fact, if you arrow up each time you do an ipconfig /display dns, you can sea it counting down. If you are using your own DNS server that resolved the record using recursion, same with each time you look at it in your DNS server's cache (with advanced view enabled). Each time you close and re-open the record's properties, you can see it count down. This is default behavior and how it works. Otherwise, a record will live forever, not to say some DNS admins out there will not put in a 65,000 year TTL, which is ridiculous. Same reason why TCP/IP packets have TTLs. Otherwise the packet will float around on your network for infinity or at least until the routers are rebooted. -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT Microsoft Certified Trainer For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.