Windows – Default TTLs in Windows DNS

domain-name-systemwindows

We are trying to set the TTLs for a select set of servers to a low value (1 minute). That's the easy part, and has already been done manually. However, I'm concerned about what will happen if the record becomes stale/scavenged for whatever reason, or the server updates it and resets the TTL back to the default, so I want to make this more permanent. I have a few questions…

How does the Minimum Default TTL value under the SOA function in Windows? In another post, it's mentioned that the canonical behavior of this value has changed. Does this also apply in Windows?

My Minimum Default TTL value is set to 10 minutes currently, but all of the A records that were registered by clients are set with a TTL of 20 minutes. How is the TTL set per record under Windows? Does the client request a value, or is this determined by the DNS server? In either case, how is it changed?

Best Answer

It appears that the Minimum Default TTL in the SOA is how long failed DNS queries are cached, as Celada stated.

The 20 minute TTL on each record is independent of that, and is set by the client when dynamically updating its own record (the default is 20 minutes).

The default of 20 minutes can be changed by setting a DWORD named DefaultRegistrationTTL in HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters (the value should be in seconds. A reboot is not necessary for it to go into effect, but you'll need to run ipconfig /registerdns after the change if you want the new TTL updated immediately.

Related Solutions

How to modify TTL of a DNS record in windows 2003

If you have Active Directory enabled DNS, are you sure you're querying the same DNS server as you're writing the change to? If not, make sure you allow time for replication.

If it's not AD-enabled, are you closing the DNS console before querying? I'm pretty sure I read something about changes not being committed until you close it - sounds nuts, doesn't it, but I've never had non-integrated DNS so I've never been able or needed to test this.

EDIT

Is this what you're using? It says this "When the DNS_QUERY_STANDARD option is set, DNS uses the resolver cache, queries first with UDP, then retries with TCP if the response is truncated, and requests that the server to perform recursive resolution on behalf of the client to resolve the query."

If you've looked up the record before making the change, it'll be in your local DNS cache. If you're using this option, the function will check your cache and won't go to the server if it finds the record in there.

ipconfig /flushdns

should clear your cache.

ipconfig /displaydns

will show you all cached records.

If this doesn't solve it, it gets more complicated as DNS servers can cache records as well, depending on their configuration.

If you've made the change and the (original) TTL period has expired (by which time it should be out of all of the caches) and you're still not seeing it in DNSQuery, I'd talk to your DNS Admins.

Linux – Why does bind allow TTL to be set record by records if different TTLs are not allowed within the same record set

The file format is specified in RFC1034 and parts of RFC1035. It is very old (1987), and not specifically defined for BIND or in light of current features. There is no great wisdom to be had here; it's like that by convention.

The format is also designed to be used for things like caches, I believe, though in practice this usage must be terribly rare. In a record cache, TTLs differ often and the cache contains records from many different domains.

Best Answer

Related Solutions

How to modify TTL of a DNS record in windows 2003

Linux – Why does bind allow TTL to be set record by records if different TTLs are not allowed within the same record set

Related Topic