| « Exact phrases are evil | USB Vacuum Cleaner » |
The DNS Client service riddle
09/02/05
The DNS Client service riddle
If you believe Microsoft's description for the DNS Client service, it's needed to resolve and cache DNS names. They emphasize that if the service is stopped, the computer will not be able to resolve DNS names and locate Active Directory domain controllers. Well, I can't say anything about the Active Directory domain controllers, but as far as the DNS resolutions go, this descriptions appears to be plain wrong.
I first found out about this a while after installing a Windows XP machine, with SP1, if I recall that correctly (it doesn't matter). I have my own DNS server running on a Linux machine, using PowerDNS and working as a "resolution proxy". The same server machine also has a web proxy, a Socks proxy and a mail server setup, which I use from the client. Therefore, browsing the web, reading my email, using Messenger and so forth, I never noticed anything out of the ordinary, because all these services never required my client machine to do any DNS lookups itself.
The problems started when I tried to access news servers from the client machine. No proxy was used for that, so the client needed to resolve DNS names itself, and this behaved highly unreliably. One time it would work, the next time not. Then maybe it would work for quite a while, allowing me to read a newsgroup. Then, when I wanted to post, it wasn't working once again.
With a network analyzer and the log file of my own DNS server, I was able to find out what the Windows machine was doing: it was actually contacting the DNS server only every 15th time or so (not really a reproducible value). In that single instance, everything would work as expected. The client was reliably misbehaving in this way when I repeatedly executed nslookup and ping commands from the command line. After a long while of fiddling around, I found out about the DNS Client service. After an even longer time, I found that once I switched off that service, everything was completely normal, with the client contacting the DNS server for every single lookup.
So, does that service resolve DNS names? Well, sometimes. Does it cache DNS name resolutions? No, I've never seen that.
I decided to blog about this because I wasn't able to find any comprehensive information on this topic on the net. I did actually find a page at The Elder Geek where the service is described to behave in a similar way to what I've seen, so I know I'm not the only one.
To this day I have no idea why that service is misbehaving for me. After I had initially thought it had something to do with my particular setup, I've since had reports from three different friends who have seen the same problem in their network setups, which are all distinctly different from mine. In each of these cases I was able to help them by suggesting they switch off the DNS Client service. The reason remains a riddle, though...
10 comments
Yeah I have no idea waht the service does either. I've stopped it and I appear to be resolving names fine. Recently I've been having odd issues with XP not resolving addresses, the DNs servers work fine as I can try it on another PC on the LAN and it's ok. seems to happen at random... Will see how i go with the DNS client stopped I think. Odd.
I have two machines on a network here, and having run a fairly detailed network traffic analysis I found similar to you, no actual DNS requests were reaching my gateway more often than not. One machine gave more trouble than the other, but given time both suffered the issue. Initially I issued 'net stop "DNS Client"' followed by 'net start "DNS Client' and things would work fine again for quite a while. It was a few days before I realised it would work perfectly the moment the service was stopped.
Since almost everyone these days has their internet connection provided by a DSL router, which acts as an internet gateway and handles DNS itself, I guess our best bet is simply to stop and permanently disable the DNS service, set your DNS addresses on all client machines to the IP of the router/gateway and forget about it. The number of services you can actually remove with no ill effect is enormous. Far more than you actually need running. On XP anyway...
<i>Praise Microsoft! For their immense bloatware has made memory cheaper than it ever would have been under Risc OS. ;)</i>
"So, does that service resolve DNS names? Well, sometimes. Does it cache DNS name resolutions? No, I've never seen that."
the DNS Client resolves names "...sometimes..." but you've never seen it cache a resolution?
I wonder what sort of misunderstanding you see in these sentences. Yes, what I meant back then (and I haven't looked into it again in a huge long time, so I have no idea how true this is today) is that while you can sometimes see the DNS Client do resolving work for you, it never seems to do any caching. Rereading my above description, it seems that the service prevents certain resolution requests from going through (which is of course the behavior of a cache), but unfortunately this doesn't happen (exclusively?) in cases where the resolution is already known (so perhaps I should say it does behave like a cache, albeit a broken one?).
Oliver
I performed some tests myself and was able to see the dnscache (DNS Client) service cache individual lookups and prevent repeated external DNS lookups for the same name resoution.
The dnscache service isn't all that special. From my estimation (aside of the auto-registration) it simply tries to lesson the network traffic and speed up resolution by caching and responding to repeated DNS queries that have previously been cached.
In my tests I ran Wireshark and watched for DNS queries with the dnscache service enabled and disabled. As expected when the dnscache was enabled Wireshark displayed only an initial dns lookup entry and then subsequent requests did not generate any entries.
When the dnscache service was disabled, as expected, every lookup would produce an entry in Wireshark...
Back to your statement:
"So, does that service resolve DNS names? Well, sometimes. Does it cache DNS name resolutions? No, I've never seen that."
Does that service resolve names? Not exactly. It doesn't resolve names, rather it caches the response (both positive and negative) from the targeted DNS server.
Does it cache DNS name resolutions? Yes, that's the primary purpose of this service and looking at the dns cache (ipconfig /displaydns) clearly shows what has been inserted into cache after the initial lookup has been performed.
In addition, the command "IPConfig /registerdns" does not use the dnscache service, nor does the DNS Locator Service that is used by Active Directory aware applications that are looking for the closest directory resource (ala SRV record search).
I appreciate your comments as a different point of view/experience. As I said, I haven't looked into this issue for a long time, and of course it's always possible that the precise behavior depends on Windows/SP/Whatever versions. But the (lack of?) behavior that I've been seeing is documented not only by other commenters on this post, but also elsewhere all over the internet. I have solved connection problems for friends and family countless times with the simple recommendation of switching off the DNS Client.
Unfortunately I have no motivation to hunt this issue down again now, in order to have a really good discussion with you about it :-) So all the above are the only 2p I'm going to give on this, and my observation stands: the DNS Client service on Windows is not required for DNS lookups (since they obviously work just fine without the service) and experience shows that the service is often source of connection trouble.
Comment feed for this post
