Where does the DNS record go?

2

Although I was able to "ping by IP," I was unable to "ping by name" a freshly installed Windows 2008 R2 VM. I fixed the problem by temporarily activating "network discovery" rules on the W2k8 VM, which allowed the host to discover the name. Afterward, I turned network discovery rules back off again.

This activity is on my home "workgroup" network.

After the discovery rules were disabled the host continued to "know" the guest by its name, even though network discovery was turned off. I expected this, because I expected it would cache the name. My question is: where does it cache that information? What is the simplest way to read the full directory of machine-name entries that the host has cached?

How would I manually remove the entry if I wanted? How would I manually add an entry to that list if I wanted?

Brent Arias

Posted 2011-06-20T16:29:45.743

Reputation: 459

Answers

1

This is because without network discovery, your server cannot use broadcasts to resolve hosts.

In a Microsoft domain, they use a local DNS server, which all the local Microsoft Windows computers register their host name with with in DNS, so that is how they find each other.

If you are not running a Domain, or internal DNS server, you are turning off the only way they can find each other unless you add entries to the HOSTS file. The cache you are talking about is very volatile, and gets flushed often (almost certainly when turning network discovery on and off). If you want something permanent, short of running the DNS service on that server, use the HOSTS file located here: C:\Windows\System32\drivers\etc\HOSTS (it is read only, so uncheck it before you make changes).

KCotreau

Posted 2011-06-20T16:29:45.743

Reputation: 24 985

What is the name of that "volatile" cache? Where is it (physically) located on my machine? How can it be read / dumped to screen? How can it be manipulated? I know about and have used the hosts file, but it is the former item I'm quite curious about. – Brent Arias – 2011-06-20T20:25:08.203

@Brent Arias Is is just the DNS cache, and it is held in RAM memory...turn the computer off, and poof, gone. I don't think is has a special name, nor do I think you can manipulate very granularly. A common example is to delete it all with ipconfig /flushdns. Here are the other switches, for example, you can view them all, or add one, but not sure if you can delete one, or make it persistent: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ipconfig.mspx?mfr=true

– KCotreau – 2011-06-20T20:48:35.187

@Brent Arias I realize this may, or may not, have solved your issue, but hopefully, it still answered the question. – KCotreau – 2011-06-20T20:51:13.983

1

To clear the resolver caches, use:

  • ipconfig /flushdns for DNS

  • nbtstat -R for NetBIOS

  • unknown for LLMNR

user1686

Posted 2011-06-20T16:29:45.743

Reputation: 283 655

Asked: 2011-06-20T16:29:45.743

Viewed: 404 times

Active: 2011-06-21T20:17:52.547