Thursday, June 2, 2016

Some Domains Not Resolving Until DNS Service Is Restarted On Windows Domain

I ran across an issue lately where it seems like sites like and a few others would just stop resolving on our local domain. Other sites would work just fine but only these few sites came up with a page could not be displayed-type error in the browsers on the network here.

The fix, though temporary, was to just restart the DNS service on our DC. I would typically have to do this once or twice per month so I knew something wasn't kosher.

After researching several things including the pros and cons of using root hints vs forwarders I came across an article on Microsoft's support page with a problem that matches mine almost exactly. I thought I would go ahead and write up a post about this so I don't forget in the future, and perhaps someone else will find this useful.

To resolve the issue and continue using root hints, change the MaxCacheTTL registry value to 2 days or greater.

Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or another method. These problems might require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

1.    Start Registry Editor (regedit.exe).

2.    Locate the following registry key:

3.    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

4.    On the Edit menu, click New, click DWORD (32-bit) Value, and then add the following value:
  • Value: MaxCacheTTL
  • Data Type: DWORD
  • Data value: 0x2A300 (172800 seconds in decimal, or 2 days)

5.    Click OK.

6.    Quit Registry Editor.

7.    Restart the DNS Server service.