Hello, I would like to be able to monitor the operation of the Windows local DNS cache. So when a DNS request comes I can see (a) that the local DNS cache tried to service it, and (b) whether there was a 'hit' with the local cache returning the IP address, or whether the request had to be passed on outside the local PC. Is there a way to monitor/tail the status/operation of a local windows DNS cache? (interested in the answers for Window 7 as well as XP if you know) thanks

I would have to say the best tool, not for only just DNS insight, but a lot more; NetworkMiner. It's free. http://networkminer.sourceforge.net/ John Wiley

I don't know that there is an actual 3rd party tool that you can install to monitor the effectiveness of the local DNS cache. I do know that studies have been done regarding caching. One way to measure the effectiveness is to capture DNS requests coming in and out of the server, then comparing how many requests come in from resolvers (clients) and how many requests go out to other DNS servers (root hints, forwarders). You can then figure out the percentage of requests that were resolved by the local DNS cache. This would obviously entail quite a bit of work and is not something you would have in place long term. While this is not what you are probably looking for, it you were to do such as study, you can get a pretty good idea of how well your DNS servers is peforming based on its cached. The more time you allow for your capture, the more you will average out the results. Visit: anITKB.com, an IT Knowledge Base.

One way to measure the effectiveness is to capture DNS requests coming in and out of the server, then comparing how many requests come in from resolvers (clients) and how many requests go out to other DNS servers (root hints, forwarders). The only issue here is as the browsers themselves seem to hold only IP addresses for a period of time (i.e. they don't do a DNS lookup for each request) that I would not be able to tell how many DNS requests from the browser were actually making it to the local windows dns cache....

I would have to say the best tool, not for only just DNS insight, but a lot more; NetworkMiner. It's free. Hi John - but how would it be any better than Wireshark? Noting the issue with wireshark is it doesn't pick up the internal DNS calls from the browser to the local DNS cache (as far as I can tell).

You are correct callagga. Windows does have a local DNS cache and it will check its local DNS cache prior to sending a query to a DNS server. I dont beleive you will be able to get "actuals" without going through alot of data collection and anaylsis. Have you considered simply researching this topic and seeing if there are others that have performed this analysis and published documents on the subject? Take look: DNS Performance and the Effectiveness of Caching http://lmgtfy.com/?q=DNS+Performance+and+the+Effectiveness+of+CachingVisit: anITKB.com, an IT Knowledge Base.

*Hi guys, I'm having posting problems and sorry if your alerts are on and you got 2 previous posts. One of those days :) * Hi there callagga, I guess what draws me to this software is the way it goes about “sniffing”. It collects data in a way along the lines of forensics, as they point out in their small amount of documentation I must say. It divides the data collection into 11 categories: Hosts, frames, files, images, credentials, sessions, DNS, parameters ,keyword ,cleartext and anomalies. They are all inter-related and the data is easier to sift through and a lot of data collection processing is done for you. I love the integration with PCAP, for offline viewing and sorting. The last item that I like is the system (OS) fingerprinting. It executes all these features and never puts a drop of data onto the line. The DNS data collection involves a lot of details such as: Frames, times, clients, server and server ports, IP’s TTL’s, transaction ID’s, type(like nslookup),queries and answers. John Wiley

Have you considered simply researching this topic and seeing if there are others that have performed this analysis and published documents on the subject? Yep - have been googling for the answer but not found it yet :( I'm not really interested the benefits of dns caching, rather I'm after a way of monitor the operation of the Windows local DNS cache itself or not (e.g. is there a way to enable a trace or logfile on this aspect of windows to enable something like this for example). But I'll keep googling.

Hi, DNS cache is used to minimize DNS-requests to an external DNS server as well as to minimize DNS resolution time. There is not a program to monitor the operation of windows DNS cache in windows 7. But you can see the content of the DNS cache by typing ipconfig /displaydns in a command prompt. And you can find many 3^rd party software to monitor DNS traffic. You can refer to the following link: DNS (Domain Name System): frequently asked questions Besides, Microsoft has a software to check the network traffic, if you are interested in it, please refer this links: Microsoft Network Monitor 3.4 Frequently Asked Questions About Network Monitor Hope it helps. Regards, Alex zhaozx