[CentOS] Caching Nameserver -- Windows client DNS/resolver default issue?

Wed Aug 10 17:19:01 UTC 2005
Les Mikesell <lesmikesell at gmail.com>

On Wed, 2005-08-10 at 11:50, Bryan J. Smith wrote:

> Are you sure it's the server?
> 
> Most firewalls these days are BSD (including variants
> like VxWorks) and Linux network stacks and use BIND or
> another POSIX DNS service.
> 
> As I mentioned in a previous post:  
> http://lists.centos.org/pipermail/centos/2005-August/009553.html
>  
> 
> Windows NT5+ (2000+) client systems have a _flawed_,
> _default_ logic to "hold down" DNS resolution upon failure. 
> That means if a DNS resolution fails, Windows clients will
> _not_ requery the server _until_ that timeout passes.  There
> is a registry hack to change this as follows:  
> [ From http://www.winguides.com/registry/display.php/1203/ ]
> 
>   'To change the DNS cache timeout for negative responses
>    (where a lookup failed).
>    Windows 2000 - Create or modify the DWORD value called
>    "NegativeCacheTime".
>    Windows XP and .NET Server 2003 - Create or modify the
>    DWORD value called "MaxNegativeCacheTtl".
>    Set the value to equal the required timeout in seconds
>    the default is 300 (5 minutes).
>    Restart Windows for the changes to take effect.'
> 
> It's my #1 recommendation until you resolve the problem.
> UNIX clients/resolvers _never_ (AFAIK) cache a "failure,"
> only Windows -- which I think is flawed, but there is a
> reason for it (that has to do with legacy SMB file/print).
> 
> Regardless of what solution you come to on the server,
> consider doing the above.