A DNS cache (sometimes called a DNS resolver cache) is a temporary database, maintained by a computer’s operating system, that contains records of all the recent visits and attempted visits to websites and other internet domains.
In other words, a DNS cache is just a memory of recent DNS lookups that your computer can quickly refer to when it’s trying to figure out how to load a website.
The information in this article applies to home users who haven’t changed their DNS settings.
The Purpose of a DNS Cache
The internet relies on the Domain Name System to maintain an index of all public websites and their corresponding IP addresses. You can think of it as a phone book.
With a phone book, we don’t have to memorize everyone’s phone number, which is the only way phones can communicate: with a number. In the same way, DNS is used so we can avoid having to memorize every website’s IP address, which is the only way network equipment can communicate with websites.
This is what happens behind the curtain when you ask your web browser to load a website.
You type in a URL like lifewire.com and your web browser asks your router for the IP address. The router has a DNS server address stored, so it asks the DNS server for the IP address of that hostname. The DNS server finds the IP address that belongs to lifewire.com and then is able to understand what website you’re asking for, after which your browser can then load the appropriate page.
This happens for every website you want to visit. Every time you visit a website by its hostname, the web browser initiates a request out to the internet, but this request cannot be completed until the site’s name is “converted” into an IP address.
The problem is that even though there are tons of public DNS servers your network can use to try to speed up the conversion/resolution process, it’s still quicker to have a local copy of the “phone book,” which is where DNS caches come into play.
The DNS cache attempts to speed up the process even more by handling the name resolution of recently visited addresses before the request is sent out to the internet
There are actually DNS caches at every hierarchy of the “lookup” process that ultimately gets your computer to load the website. The computer reaches your router, which contacts your ISP, which might hit another ISP before ending up at what’s called the “root DNS servers.” Each of those points in the process has a DNS cache for the same reason, which is to speed up the name resolution process.
How a DNS Cache Works
Before a browser issues its requests to the outside network, the computer intercepts each one and looks up the domain name in the DNS cache database. The database contains a list of all recently accessed domain names and the addresses that DNS calculated for them the first time a request was made.
The contents of a local DNS cache can be viewed on Windows using the command ipconfig /displaydns, with results similar to this:
Record Name . . . . . : docs.google.com
Record Type . . . . . : 1
Time To Live . . . . : 21
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 126.96.36.199
In DNS, the “A” record is the portion of the DNS entry that contains the IP address for the given host name. The DNS cache stores this address, the requested website name, and several other parameters from the host DNS entry.
What Is DNS Cache Poisoning?
A DNS cache becomes poisoned or polluted when unauthorized domain names or IP addresses are inserted into it.
Occasionally a cache may become corrupted because of technical glitches or administrative accidents, but DNS cache poisoning is typically associated with computer viruses or other network attacks that insert invalid DNS entries into the cache.
Poisoning causes client requests to be redirected to the wrong destinations, usually malicious websites or pages full of advertisements.
For example, if the docs.google.com record from above had a different “A” record, then when you entered docs.google.com in your web browser, you’d be taken somewhere else.
This poses a massive problem for popular websites. If an attacker redirects your request for Gmail.com, for example, to a website that looks like Gmail but isn’t, you might end up suffering from a phishing attack like whaling.
DNS Flushing: What It Does and How to Do It
When troubleshooting cache poisoning or other internet connectivity problems, a computer administrator may wish to flush (i.e. clear, reset, or erase) a DNS cache.
Since clearing the DNS cache removes all the entries, it deletes any invalid records too and forces your computer to repopulate those addresses the next time you try accessing those websites. These new addresses are taken from the DNS server your network is set up to use.
So, to use the example above, if the Gmail.com record was poisoned and redirecting you to a strange website, flushing the DNS is a good first step to getting the regular Gmail.com back again.
In Microsoft Windows, you can flush the local DNS cache using the ipconfig /flushdns command in a Command Prompt. You know it works when you see the Windows IP configuration successfully flushed the DNS Resolver Cacheor Successfully flushed the DNS Resolver Cachemessage.How to Flush and Clear Windows DNS Cache
Through a command terminal, macOS users should use dscacheutil -flushcache but know that there is not a “successful” message after it runs, so you’re not told if it worked. In some cases, Mac users will also have to kill the DNS responder (sudo killall -HUP mDNSResponder.) Linux users should enter the /etc/rc.d/init.d/nscd restart command. The exact command will vary based on your Linux distribution, though.
A router can have a DNS cache as well, which is why rebooting a router is often a troubleshooting step. For the same reason you might flush the DNS cache on your computer, you can reboot your router to clear the DNS entries stored in its temporary memory.