User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » Enlarging the DNS Cache Page [1]  
lewisje
All American
9196 Posts
user info
edit post

For the past couple years or so I've been making use of an enormous HOSTS file as part of a layered strategy of passive security: https://code.google.com/p/jansal/wiki/HostsFile

Currently (after using CIP to weed out the dead hostnames), my list has 27450 names, mostly major ad-servers and domains carrying malicious payloads (starting off with "invalid" so that any reverse lookup for the black-hole IP address 0.0.0.0 would return an obvious name instead of something crazy like "0-0-0.info"); I noticed, however, that when I flush the DNS cache and then let it re-populate itself from the HOSTS file, the cache only has about 1500 hostnames in it.

I've been fiddling around with the settings mentioned here to try to enlarge the cache: http://technet.microsoft.com/en-us/library/bb726981.aspx#EBAA

However, even when choosing the largest valid settings for "CacheHashTableBucketSize" (0x32, or 50) and "CacheHashTableSize" (0xFFFFFFFB, or the largest prime number expressible as a 32-bit unsigned integer), I still get a 1500-entry DNS cache. Now I realize that typical tweaking guides recommend 1 and 384 (0x1 and 0x180) for those quantities, but the latter one isn't even legal...I wonder whether there's something else I don't know about in HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters (setting "MaxCacheSize" to 0xFFFFFFFF did nothing) or in HKCU\Software\Policies\Windows\Windows NT\DNSClient (I read some of the old Win2K/XP settings have migrated here for Vista/7).

It would be awesome IMO if I could have even a humongous HOSTS file loaded entirely into the DNS cache, but even something on the order of 65535 (0xFFFF) would be nice...

2/14/2012 5:44:27 PM

Noen
All American
31346 Posts
user info
edit post

why are you trying to do this? If the DNS isn't cached, it'll do a hostname lookup starting with your hosts file... so whats the point in loading the giant list into memory?

2/14/2012 6:42:08 PM

lewisje
All American
9196 Posts
user info
edit post

I wasn't aware of this; I had thought that the HOSTS file would be directly consulted only if the DNS Client service were disabled, but otherwise the cache would be pre-populated with the contents of the HOSTS file and then the cache would be the go-to place, with HOSTS only monitored for changes so it can be re-loaded into the DNS cache.

BTW I noticed something...the default CacheHashTableBucketSize is 10 (0xa), and by default only the first 9 hostnames on each line are even noticed...so I wonder, now that I've changed it to 50 (0x32), I wonder whether I could put 49 hostnames on each line and thereby make the HOSTS file that much more efficiently parsed (it definitely slows down browsing when each hostname is on its own line at 690KB, while 9 names on a line at 499KB is doable).

[Edited on February 14, 2012 at 7:21 PM. Reason : answer...no, 9 per line is still the limit

[Edited on February 14, 2012 at 7:24 PM. Reason : also it turns out my DNS cache did get bumped...from 1500 to 1920 hostnames

2/14/2012 7:01:51 PM

llama
All American
841 Posts
user info
edit post

Why not just use a proxy like squid to do all of this for you instead of mucking around on individual systems? This is a complete hack if I ever saw one

2/14/2012 10:26:20 PM

lewisje
All American
9196 Posts
user info
edit post

These individual systems aren't connected together by anything robust enough to support Squid (basically a cheap router that can't even support a decent build of DD-WRT to slap pixelserv on); however, on my own home computer I do have a dnsmasq/HOSTS/pixelserv/DD-WRT setup, so I don't even use my computer's own HOSTS file...

2/14/2012 10:43:03 PM

 Message Boards » Tech Talk » Enlarging the DNS Cache Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.