We are trying to set the TTLs for a select set of servers to a low value (1 minute). That's the easy part, and has already been done manually. However, I'm concerned about what will happen if the record becomes stale/scavenged for whatever reason, or the server updates it and resets the TTL back to the default, so I want to make this more permanent. I have a few questions...
How does the Minimum Default TTL value under the SOA function in Windows? In another post, it's mentioned that the canonical behavior of this value has changed. Does this also apply in Windows?
My Minimum Default TTL value is set to 10 minutes currently, but all of the A records that were registered by clients are set with a TTL of 20 minutes. How is the TTL set per record under Windows? Does the client request a value, or is this determined by the DNS server? In either case, how is it changed?
It appears that the Minimum Default TTL in the SOA is how long failed DNS queries are cached, as Celada stated.
The 20 minute TTL on each record is independent of that, and is set by the client when dynamically updating its own record (the default is 20 minutes).
The default of 20 minutes can be changed by setting a DWORD named
DefaultRegistrationTTLinHKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters(the value should be in seconds. A reboot is not necessary for it to go into effect, but you'll need to runipconfig /registerdnsafter the change if you want the new TTL updated immediately.Speaking strictly from Windows-based DNS, "minimum default TTL" shown on SOA GUI is the default TTL for all records that don't specify their own TTL during creation, which is the case for vast majority of Windows machine records. The registry that Bigbio2002 mentioned is set on client side, which very few, if ever, company would bother to touch.
This parameter is very likely also used as TTL of negative cache - I am yet to find an official document, but it's just logical - negative result cannot have its own TTL, it has to use the default TTL from zone