Have you been talking to strangers?

Want to know the machines to which your machine has been connecting?

Try looking in the client DNS cache:

Get-DnsClientCache

will show a wealth of useful data.  All in the form:

£> Get-DnsClientCache | where Entry -like ‘*www.intelliweather.net*’ | fl *
TTL                   : 39
Caption               :
Description           :
ElementName           :
InstanceID            :
Data                  : cache1.intelliweather.net
DataLength            : 8
Entry                 : www.intelliweather.net
Name                  : www.intelliweather.net
Section               : 1
Status                : 0
TimeToLive            : 39
Type                  : 5
PSComputerName        :
CimClass              : ROOT/StandardCimv2:MSFT_DNSClientCache
CimInstanceProperties : {Caption, Description, ElementName, InstanceID…}
CimSystemProperties   : Microsoft.Management.Infrastructure.CimSystemProperties

TTL                   : 39
Caption               :
Description           :
ElementName           :
InstanceID            :
Data                  : 38.114.169.29
DataLength            : 4
Entry                 : www.intelliweather.net
Name                  : cache1.intelliweather.net
Section               : 1
Status                : 0
TimeToLive            : 39
Type                  : 1
PSComputerName        :
CimClass              : ROOT/StandardCimv2:MSFT_DNSClientCache
CimInstanceProperties : {Caption, Description, ElementName, InstanceID…}
CimSystemProperties   : Microsoft.Management.Infrastructure.CimSystemProperties

What is interesting is the Time To Live settings on some of the records:

£> Get-DnsClientCache | sort TTL -Descending | group TTL -NoElement

Count Name
—– —-
7 74538
1 70203
1 64639
1 53300
1 53299
1 16441
2 9308
1 2579
1 2573
3 2475
6 2469
2 2327
2 1986
1 1890
1 1089
1 999
2 899
2 891
2 878
3 728
1 724
6 711
1 631
1 458
1 412
1 363
1 133
15 0

Some of those records will be around for a long time!