Share via

DNS Conditional Forwarder - Cache?

Lamby 31 Reputation points
2021-06-03T10:21:04.043+00:00

Hi all, I am looking for a definitive answer here as struggling to find anything official. I have an AD integrated DNS server infrastructure. I have a single DNS conditional forwarder setup to forward all DNS requests for a customer domain directly to that customers DNS server for resolution. While this all works as expected, the question I have is... do my DNS servers cache the requests I make over that forwarder? So for example, a client makes a DNS request to the AD DNS server to partner.com and the AD DNS server in turn sends it across to the partner servers via the conditional forwarder. Does that request get cached at either the AD DNS server, OR the windows client itself? Or does every single request to this partner domain go across the conditional forwarder regardless?

And how can I prove it one way or the other?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,133 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,039 questions
0 comments
Accepted answer
  1. Andriy Bilous 11,421 Reputation points MVP
    2021-06-03T13:35:27.547+00:00

    Hello @Lamby

    Windows DNS Client has DNS cache.
    The default TTL for positive responses is 86,400 seconds (1 day).
    The default TTL for negative responses is 5 seconds; prior to Windows 10, version 1703 the default was 900 seconds
    https://learn.microsoft.com/en-us/windows-server/networking/dns/troubleshoot/disable-dns-client-side-caching#using-the-registry-to-control-the-caching-time

    In Windows Server there is caching of the forward query. Caching is always in place for any forwarded query (conditional or forwarder)
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/forwarders-resolution-timeouts

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lamby 31 Reputation points
    2021-06-03T13:40:36.523+00:00

    I had a feeling this was the case. So one other related question... does it make any difference at all if you are resolving a CNAME to an A record or do they both cache on the windows client in the same manner?

  2. Lamby 31 Reputation points
    2021-06-03T14:48:22.26+00:00

    Yeah, I was aware of this part. My question is, we are seeing specific issues when resolving CNAMES on the customers DNS server. It takes a significant amount of time each time we query a CNAME over the conditional forwarder than it does an A record. So my thoughts were that perhaps it doesnt cache CNAME lookups and we have to go to the forwarder every time.

    0 comments
  3. Sunny Qi 11,046 Reputation points Microsoft Vendor
    2021-06-04T08:04:20.437+00:00

    Hi,

    Thanks for posting in Q&A platform.

    I performed some tests in my lab and found that when DNS client initiate a DNS request, when this DNS request was forwarded to conditional forwarder and responded successfully, it can be cached on client side and cannot be cached on both DNS servers. No matter what the DNS query is, this record can be cached on client side with specific TTL.

    If you want to perform a test, I would suggest you could run command "ping CNAME record on conditional forwarder" "ipconfig /displaydns" in a CMD window with Admin privilege from client side to check if the CNAME record was cached on client.

    Attaching my test results for your reference.

    Prerequisites:

    Domain lab.com DC: labdc1.lab.com
    IP address: 192.168.0.106

    Domain sunny.com DC: dc1.sunny.com
    IP address: 192.168.0.101

    Windows 10 client: labwin10.lab.com
    IP address: 192.168.0.115

    On DC of lab.com, I configured DC of sunny.com as conditional forwarder:
    102403-image.png

    CNAME record on conditional forwarder:
    102365-image.png

    Run command "ping testserver.sunny.com" from windows 10 client side and get the correct response as below:

    102399-capture3.jpg

    And then run command "ipconfig /displaydns" and found that this CNAME record was cached on win 10 client side:

    102340-capture4.jpg

    Hope my answer will help you.

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  4. Lamby 31 Reputation points
    2021-06-04T09:48:15.367+00:00

    Many thanks for the detail Sunny. I wish this thing would let me mark 2 things as the answer as you have both answered each of my two questions.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.