A hostname is a label assigned to a device (a host) on a network. It distinguishes one device from another on a specific network or over the internet. The hostname for a computer on a home network may be something like new laptop, Guest-Desktop, or FamilyPC.
Hostnames are also used by DNS servers so you can access a website by a common, easy-to-remember name. This way, you don’t have to remember a string of numbers (an IP address) to open a website.
A computer’s hostname may instead be referred to as a computer name, sitename, or nodename. You may also see hostname spelled as host name.
A DNS cache (sometimes called a DNS resolver cache) is a temporary database, maintained by a computer’s operating system, that contains records of all the recent visits and attempted visits to websites and other internet domains.
In other words, a DNS cache is just a memory of recent DNS lookups that your computer can quickly refer to when it’s trying to figure out how to load a website.
The information in this article applies to home users who haven’t changed their DNS settings.
The Purpose of a DNS Cache
The internet relies on the Domain Name System to maintain an index of all public websites and their corresponding IP addresses. You can think of it as a phone book.
With a phone book, we don’t have to memorize everyone’s phone number, which is the only way phones can communicate: with a number. In the same way, DNS is used so we can avoid having to memorize every website’s IP address, which is the only way network equipment can communicate with websites.
You type in a URL like lifewire.com and your web browser asks your router for the IP address. The router has a DNS server address stored, so it asks the DNS server for the IP address of that hostname. The DNS server finds the IP address that belongs to lifewire.com and then is able to understand what website you’re asking for, after which your browser can then load the appropriate page.
This happens for every website you want to visit. Every time you visit a website by its hostname, the web browser initiates a request out to the internet, but this request cannot be completed until the site’s name is “converted” into an IP address.
The problem is that even though there are tons of public DNS servers your network can use to try to speed up the conversion/resolution process, it’s still quicker to have a local copy of the “phone book,” which is where DNS caches come into play.
The DNS cache attempts to speed up the process even more by handling the name resolution of recently visited addresses before the request is sent out to the internet
There are actually DNS caches at every hierarchy of the “lookup” process that ultimately gets your computer to load the website. The computer reaches your router, which contacts your ISP, which might hit another ISP before ending up at what’s called the “root DNS servers.” Each of those points in the process has a DNS cache for the same reason, which is to speed up the name resolution process.
How a DNS Cache Works
Before a browser issues its requests to the outside network, the computer intercepts each one and looks up the domain name in the DNS cache database. The database contains a list of all recently accessed domain names and the addresses that DNS calculated for them the first time a request was made.
The contents of a local DNS cache can be viewed on Windows using the command ipconfig /displaydns, with results similar to this:
docs.google.com ------------------------------------- Record Name . . . . . : docs.google.com Record Type . . . . . : 1 Time To Live . . . . : 21 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 18.104.22.168
In DNS, the “A” record is the portion of the DNS entry that contains the IP address for the given host name. The DNS cache stores this address, the requested website name, and several other parameters from the host DNS entry.
What Is DNS Cache Poisoning?
A DNS cache becomes poisoned or polluted when unauthorized domain names or IP addresses are inserted into it.
Occasionally a cache may become corrupted because of technical glitches or administrative accidents, but DNS cache poisoning is typically associated with computer viruses or other network attacks that insert invalid DNS entries into the cache.
Poisoning causes client requests to be redirected to the wrong destinations, usually malicious websites or pages full of advertisements.
For example, if the docs.google.com record from above had a different “A” record, then when you entered docs.google.com in your web browser, you’d be taken somewhere else.
This poses a massive problem for popular websites. If an attacker redirects your request for Gmail.com, for example, to a website that looks like Gmail but isn’t, you might end up suffering from a phishing attack like whaling.
DNS Flushing: What It Does and How to Do It
When troubleshooting cache poisoning or other internet connectivity problems, a computer administrator may wish to flush (i.e. clear, reset, or erase) a DNS cache.
Since clearing the DNS cache removes all the entries, it deletes any invalid records too and forces your computer to repopulate those addresses the next time you try accessing those websites. These new addresses are taken from the DNS server your network is set up to use.
So, to use the example above, if the Gmail.com record was poisoned and redirecting you to a strange website, flushing the DNS is a good first step to getting the regular Gmail.com back again.
In Microsoft Windows, you can flush the local DNS cache using the ipconfig /flushdns command in a Command Prompt. You know it works when you see the Windows IP configuration successfully flushed the DNS Resolver Cacheor Successfully flushed the DNS Resolver Cachemessage.How to Flush and Clear Windows DNS Cache
Through a command terminal, macOS users should use dscacheutil -flushcache but know that there is not a “successful” message after it runs, so you’re not told if it worked. In some cases, Mac users will also have to kill the DNS responder (sudo killall -HUP mDNSResponder.) Linux users should enter the /etc/rc.d/init.d/nscd restart command. The exact command will vary based on your Linux distribution, though.
A router can have a DNS cache as well, which is why rebooting a router is often a troubleshooting step. For the same reason you might flush the DNS cache on your computer, you can reboot your router to clear the DNS entries stored in its temporary memory.
A list of additional free DNS servers can be found in the table near the bottom of the page.
What Are DNS Servers?
DNS servers translate the friendly domain name you enter into a browser (like lifewire.com) into the public IP address that’s needed for your device to actually communicate with that site.
Your ISP automatically assigns DNS servers when your smartphone or router connects to the internet but you don’t have to use those. There are lots of reasons you might want to try alternative ones (we get into many of them in Why Use Different DNS Servers? a bit further down the page) but privacy and speed are two big wins you could see from switching.
Primary DNS servers are sometimes called preferred DNS servers and secondary DNS servers sometimes alternate DNS servers. Primary and secondary DNS servers can be “mixed and matched” from different providers to protect you if the primary provider has problems.
Best Free & Public DNS Servers (Valid March 2021)
Below are more details on the best free DNS servers you can use instead of the ones assigned.
If you’re not sure, use the IPv4 DNS servers listed for a provider. These are the IP addresses that include periods. IPv6 IP addresses use colons.
GOOGLE: 22.214.171.124 & 126.96.36.199
Google Public DNS promises three core benefits: a faster browsing experience, improved security, and accurate results without redirects.
Primary DNS: 188.8.131.52
Secondary DNS: 184.108.40.206
Google also offers IPv6 versions:
Primary DNS: 2001:4860:4860::8888
Secondary DNS: 2001:4860:4860::8844
Google can achieve fast speeds with its public DNS servers because they’re hosted in data centers all around the world, meaning that when you attempt to access a web page using the IP addresses above, you’re directed to a server that’s nearest to you.
QUAD9: 220.127.116.11 & 18.104.22.168
Quad9 has free public DNS servers that protect your computer and other devices from cyber threats by immediately and automatically blocking access to unsafe websites, without storing your personal data.
Primary DNS: 22.214.171.124
Secondary DNS: 126.96.36.199
There are also Quad 9 IPv6 DNS servers:
Primary DNS: 2620:fe::fe
Secondary DNS: 2620:fe::9
Quad9 does not filter content—only domains that are phishing or contain malware will be blocked. Quad9 also has an unsecured IPv4 public DNS at 188.8.131.52 (2620:fe::10 for IPv6).
OPENDNS: 184.108.40.206 & 220.127.116.11
OpenDNS claims 100% reliability and up-time and is used by 90 million users around the world. The offer two sets of free public DNS servers, one of which is just for parental controls with dozens of filtering options.
Primary DNS: 18.104.22.168
Secondary DNS: 22.214.171.124
IPv6 addresses are also available:
Primary DNS: 2620:119:35::35
Secondary DNS: 2620:119:53::53
The servers above are for OpenDNS Home, which you can make a user account for to set up custom settings. The company also offers DNS servers that block adult content, called OpenDNS FamilyShield: 126.96.36.199 and 188.8.131.52 (shown here). A premium DNS offering is available, too, called OpenDNS VIP.
CLOUDFLARE: 184.108.40.206 & 220.127.116.11
Cloudflare built 18.104.22.168 to be the “fastest DNS service in the world” and will never log your IP address, never sell your data, and never use your data to target ads.
CleanBrowsing has three free public DNS server options: a security filter, adult filter, and family filter. These are the DNS servers for the security filter, the most basic of the three that updates hourly to block malware and phishing sites:
Primary DNS: 22.214.171.124
Secondary DNS: 126.96.36.199
IPv6 is also supported:
Primary DNS: 2a0d:2a00:1::2
Secondary DNS: 2a0d:2a00:2::2
The CleanBrowsing adult filter (188.8.131.52) prevents access to adult domains, and the family filter (184.108.40.206) blocks proxies, VPNs, and mixed adult content. More features can be had at a price: CleanBrowsing Plans.
ALTERNATE DNS: 220.127.116.11 & 18.104.22.168
Alternate DNS is a free public DNS service that blocks ads before they reach your network.
AdGuard DNS has two sets of DNS servers, both of which block ads in games, videos, apps, and web pages. The basic set of DNS servers are called the “Default” servers, and block not only ads but also malware and phishing websites:
Primary DNS: 22.214.171.124
Secondary DNS: 126.96.36.199
IPv6 is supported, too:
Primary DNS: 2a10:50c0::ad1:ff
Secondary DNS: 2a10:50c0::ad2:ff
There are also “Family protection” servers (188.8.131.52 and 2a10:50c0::bad1:ff) that block adult content plus everything included in the “Default” servers. Non-filtering servers are available if you’re not interested in blocking anything: 184.108.40.206 and 2a10:50c0::1:ff.
Why Use Different DNS Servers?
One reason you might want to change the DNS servers assigned by your ISP is if you suspect there’s a problem with the ones you’re using now. An easy way to test for a DNS server issue is by typing a website’s IP address into the browser. If you can reach the website with the IP address, but not the name, then the DNS server is likely having issues.
Another reason to change DNS servers is if you’re looking for better performing service. Many people complain that their ISP-maintained DNS servers are sluggish and contribute to a slower overall browsing experience.
Yet another common reason to use DNS servers from a third party is to prevent logging of your web activity and to circumvent the blocking of certain websites.
Know, however, that not all DNS servers avoid traffic logging. If that’s what you’re interested in, make sure you read through the FAQs on the DNS provider’s site to make sure it’s going to do (or not do) what you’re after.
If, on the other hand, you want to use the DNS servers that your specific ISP, like Verizon, AT&T, Comcast/XFINITY, etc., has determined is best, then don’t manually set DNS server addresses at all—just let them auto assign.
Finally, in case there was any confusion, free DNS servers do not give you free internet access. You still need an ISP to connect to for access—DNS servers just translate between IP addresses and domain names so that you can access websites with a human-readable name instead of a difficult-to-remember IP address.
Additional DNS Servers
Here are several more public DNS servers. Let us know if we’re missing any major providers.
OpenNIC has several DNS servers. Visit its website and select one that’s geographically nearby for the optimal performance.