?

Log in

No account? Create an account
As your lawyer, I advise you to turn off DNS negative caching in XP. - Adventures in Engineering — LiveJournal
The wanderings of a modern ronin.

Ben Cantrick
  Date: 2008-08-04 17:12
  Subject:   As your lawyer, I advise you to turn off DNS negative caching in XP.
Public
  Music:12 Stones - Broken

I was having huge trouble resolving DNS in XP. It seemed to get even worse when I installed SP2. I believe the problem was negative caching. Somehow my first DNS request would fail, and that failure would be cached, convincing my machine that there was no DNS entry for something that there obviously was. (Examples include wired.com, flickr.com, and even google.com a few times.)

If you want to you can turn off the DNSCache service completely, by doing Start/Control Panel/Performance And Maintenance/Administrative Tools/Services. Then find "DNS Client" and right-click it, and click "Properties". Change "Startup type:" from "Automatic" to "Disabled".

I didn't want to disable caching completely, however. I do believe that short term caching (positive only) on the client side is reasonable. So I followed the directions here instead:

http://www.updatexp.com/dns-windows-xp.html

This walks you through how to turn off negative DNS caching entirely. Also you can set up a DNS positive caching timeout shorter than the default 86400 secs (one day). I set mine to 3600 seconds (one hour), which feels about right.
Post A Comment | 2 Comments | | Link






  User: (Anonymous)
  Date: 2008-08-05 02:54 (UTC)
  Subject:   speaking on DNS...
http://www.linuxhaxor.net/2008/08/04/don%E2%80%99t-be-a-victim-of-dns-security-holes/

-l
Reply | Thread | Link



Ben Cantrick
  User: mackys
  Date: 2008-08-05 04:40 (UTC)
  Subject:   Re: speaking on DNS...
Our network here is already using the OpenDNS servers mentioned in the article. I'm pre-emptively safe from this kind of attack.
Reply | Parent | Thread | Link



browse
May 2015