Running the Best Practices Analyzer for your SBS server is highly recommended. After addressing any critical errors, you may find yourself wanting to understand and clean up some of the warnings that may be identified by running BPA.
One such warning is this one:
The DNS parameter MaxCachetTL is not set
Source: 58
Issue: The DNS parameter MaxCacheTTL is not set
The reason for this warning is that there have been some identified cases where name resolution of some top level domains (such as .cn, .br, or co.uk) will fail. This failure happens if you are using root hints for name resolution in your DNS server. And, by default, both SBS 2008 and SBS 2011 come configured with root hints by default.
Note: this problem with certain top level domains does not occurs if you are using DNS Forwarders for Internet name resolution.
Microsoft has a KB article on this issue and its resolution (KB 968372).
Before proceeding, I am going to completely ignore the “which is better – root hints or DNS Forwarders” argument. Do your own Bing searches on that topic and happy reading for a few days! Here’s one such link: Which is best, root hints or DNS Forwarders – Please Vote!
Let’s address this issue with three questions and answers:
Question #1: What if I don’t know if I am using Root Hints or Forwarders?
- Open up DNS Manager, click on DNS in the left frame, right click on your server in the right frame, and click Properties.

- Click on the Forwarders tab. If there is nothing listed, then you are NOT using DNS forwarders

- Click on the Root Hints tab. If you are using Root Hints, then this should be populated with a list of IP addresses, like this:

Question #2: If I am using Forwarders, what do I need to do to make this warning message go away?
- With your BPA Reports page on display, click on the DNS parameter MaxCacheTTL warning to display details about the warning message

- Click on Exclude this Result

Question #3: If I am using root hints, what do I do to resolve this issue?
To resolve this issue, we will need to add a new registry key and set the MaxCacheTTL to 2 days.
- Start Registry Editor
- Drill down to HKLM –> System –> CurrentControlSet –> Services –> DNS –> Parameters

- Right click on Parameters, click New –> DWORD (32-bit)

- Enter MaxCacheTTL as the New Value, and press Enter

- Double click on the MaxCacheTTL key, and change the value to 0x2A300 (Hexadecimal) or 172800 (decimal), then click OK

- Exit the registry and restart the DNS Server service.

Rerun BPA and the MaxCacheTTL warning should be gone!