What is a DNS cache? DNS caching explained
A DNS cache helps you browse the internet faster and more efficiently. Whenever you enter a domain name, your domain name system (DNS) helps your browser find the website’s IP addresses. Then, it stores that information in a DNS cache. Although a DNS cache is highly useful, it can pose security risks if not regularly flushed.
Table of Contents
Table of Contents
What is a DNS cache?
A DNS cache, also known as a DNS resolver cache, is the temporary storage system for the results of previous DNS queries. Domain names are designed for human readability, but computers communicate differently, so the DNS bridges that communication gap.
Whenever you type a new website into your browser, your DNS first checks if the corresponding IP address for that domain is already cached. If it’s cached, no new query is generated, and the browser uses the cached IP address to load the website. However, if the domain is not cached, a new DNS query is generated. This query moves through the resolver, root server, and top-level domain servers until the correct IP address is found. Once the query matches the domain name with its corresponding IP address, you will be directed to the proper website.
Once a query is successfully resolved, your DNS saves it in the cache, allowing quicker access to that website without repeating the full lookup process.
How does DNS caching work?
DNS caching works by storing resolved DNS queries, allowing you to quickly access known websites without searching for the IP address.
The DNS resolver cache keeps information about the DNS records of domain names that you have already visited. These DNS record types include the A (IPv4 address), AAAA (IPv6 address/Quad A), CNAME (canonical name), SRV (service location), and TXT (text).
Whenever you input a website domain name, the DNS will check the DNS resolver cache to see if you’ve already saved the IP address. If DNS finds the IP address in the cache, you will be quickly redirected. If not, the DNS resolver will initiate the DNS lookup process. Once the DNS finds the IP address, it will forward it to your device and save the resolved query to the cache.
DNS cache records are temporary. DNS entries are kept in the cache for a specified time, known as “time to live” (TTL), typically measured in seconds. After the TTL value is reached, your device will automatically delete the record, requiring a new DNS lookup the next time you visit the domain name.
DNS caching plays a critical role in optimizing your internet browsing experience, and its various benefits include:
- Faster DNS resolution. By allowing DNS servers to solve queries directly from the cache instead of having to ask authoritative servers, DNS caching allows for faster response and load times.
- Reduced network traffic: DNS caching reduces the amount of DNS server queries, improving network efficiency.
Where is the DNS cache stored?
The DNS cache is stored locally on your device, browser, or server. This feature allows quick access to DNS records. However, there is no specific cache file. DNS cache is held in system memory and managed by system services like svchost.exe on Windows.
How to view the DNS cache
The exact method for how to view your DNS cache depends on your device and operating system.
On Windows
To view your DNS cache on Windows, follow these instructions:
- Press Windows + R to open the “Command prompt” application.
- Type cmd and press “Ok.”
- Enter the command: “ipconfig/displaydns.”
- You can now view the DNS records currently stored on your device.
On macOS
Accessing the DNS cache history on macOS requires a few extra steps:
- Open the “Terminal” application.
- Type the command: “sudo killall -INFO mDNSResponder.”
- Enter your password when prompted.
- Return to the “Console” application to view the DNS records.
- Check your macOS device’s “Console” application to view the system logs.
On Linux
Linux does not store DNS records on the operating software, but certain software options may allow you to view local DNS caching.
For name service caching daemon (NSCD) users:
- Run the command: “sudo strings/var/cache/nscd/hosts.”
- View the DNS cache history.
For systemd users:
- Open the “Terminal.”
- Type “sudo killall -USR1 systemd-resolved” to access the log message.
- To convert the log message to an easy-to-read .txt file, type the command: “sudo journalctl -u system-resolved > ~dns-cache.txt.”
- Wait while the file exports.
- Type the command “less ~/dns-cache.txt.”
- View the .txt file with your DNS cache history.
What is DNS cache flushing?
DNS cache flushing is the process of manually clearing your DNS cache. Although your DNS resolver cache automatically deletes records when their TTL expires, you can manually flush them anytime.
By purging the local cache, you require your computer to generate new DNS queries for each domain name. Your operating system and browser have separate DNS caches, so you should flush both.
The steps to flush your DNS cache can vary depending on your exact operating system. Take a look at our guide to learn how to clear DNS cache.
Why is it important to flush your DNS cache?
It is important to flush your DNS cache to solve connectivity issues, protect your privacy, and maintain DNS security.
Consider flushing your DNS cache to:
- Troubleshoot connectivity issues. The internet is ever-evolving, and sometimes the information stored in your cache is out-of-date. When a website changes its host or IP address, you may get a “404 Not Found” error message. Flushing out your cache forces your DNS server to request new, updated information.
- Solve website loading issues. If a website is not displaying correctly or showing outdated information, it may be related to DNS server issues. When DNS records are changed, DNS propagation can take up to 48 hours. Flush the DNS cache to give your DNS the chance to get the new information from an authoritative server.
- Protect against DNS spoofing. DNS spoofing, also known as DNS cache poisoning, is a cyberattack where bad actors change the information in your cached DNS records. Then, when you enter a legitimate domain name in the search bar, the spoofed DNS record redirects you to a malicious website to steal sensitive data or download malware to your device. Flush the DNS cache to remove spoofed DNS entries.
- Delete expired records. Although relatively rare, sometimes a glitch can keep records in your DNS cache beyond the TTL value. These expired records can interfere with your browsing experience and are prime candidates for DNS poisoning.
In addition to a regular DNS flush, you can consider using a virtual private network (VPN). A VPN is software that encrypts your data for improved security and privacy. VPNs also often operate their own DNS servers, protecting you from DNS poisoning and keeping all information up-to-date.