New
#11
We were also experiencing this issue; this was in a corporate domain environment though, using DNSSEC.
In our case, the Group Policy for Name Resolution, enabling DNSSEC validation, was missing a setting that was causing this high CPU thing to happen.
Once adjusted, the problem went away.
It seems that if you don't specify the DNS servers to use for DNSSEC, record validation is attempted with whatever DNS server your computer gets via DHCP.
So, while in the office, there was no problem, because client computers would receive the corporate DNS servers from DHCP, which had their DNS zones signed.
DNSSEC was working as expected.
However, when they would leave the corporate environment (and went home for example), now their DHCP would provide them with the DNS servers of their ISP, or whatever they had configured in their home routers.
DNSEC would then try to do its thing and wanted to validate records. "Hey 8.8.8.8, please validate your records before I use them" kind of thing. I don't have to tell you how impossible that would be, especially since the zones on the internet wouldn't be signed.
So, they would get high CPU usage as the DNS Client service tried to do some work.
Jump ahead, we add a setting to the Group Policy specifying which DNS servers to use for DNSSEC.
Now when the user goes home, DNSSEC says "Hey, I need to do my work for <specified dns server> and right now I'm getting 8.8.8.8. OK, don't attempt any validation for that, just let DNS do it's regular thing".
No more high CPU usage.
So, if I'm following, it appears to me that Microsoft, by some means (likely unintentionally, bug?), managed to enable DNSSEC by one of the updates, and that's now eating up CPU resources, so disabling DNSSEC should theoretically resolve the issue while avoiding disabling the service altogether...
I'm gonna try doing that and try to remember to report back with the results...
Finally! this worked for me! praise the lord! thanks a lot!
Run CMD as admin and copy/paste to disable it, then restart.
To enable it back again: Run CMD as admin and copy/paste, then restart.Code:reg add "HKLM\System\CurrentControlSet\Services\Dnscache" /v "Start" /t REG_DWORD /d "4" /f
Code:reg add "HKLM\System\CurrentControlSet\Services\Dnscache" /v "Start" /t REG_DWORD /d "2" /f