What is a DNS Cache and How Does It Work?

What is a DNS Cache?

A DNS cache is maintained by your computer’s operating system and acts as a temporary database. In this database your computer stores a list of all the websites you have visited or tried to visit recently along with details of other internet domains that you have searched. When you try to load a website, the first thing your computer will do is search the DNS cache to see if you have been to that website before then the computer just loads it up, having saved time by not having to search the entire Internet to find the website.

How does a computer find a website?

Domain Name System (DNS), Internet functions because of DNS, which is a database that lists all the public websites with their corresponding IP addresses. This means that we, as users, do not have to remember or keep our list, of IP addresses. The IP address is the only way in which our computers, via network equipment, can access and communicate with, public websites.

So, what happens when you ask your web browser to access a particular website? Firstly, the web browser in your computer connects to your router and asks it to find the IP address of the website. There is a DNS server address contained within your router and it will then ask the DNS server for the IP address of the website being requested.

Once the DNS server has found the IP address of the website, it knows which website it has to connect to, and the browser can load it up for you. Every time you request a website this process is followed. A website hostname has to be converted into an IP address for your browser to be able to connect with it. There is a multitude of public DNS servers that your router can use to speed up the process of finding an IP address, it does make sense for your computer to have its record of websites you visit frequently.

This is a DNS cache and your browser in effect searches this personal cache before sending a request out to the wider internet. If the website you want is one you have been to before, your browser will load it up, and so save time. There are DNS caches at each level of the process of finding an IP address. We have already seen that there is one on your computer.

Your router maintains one, as does the DNS server it will contact. It might be necessary for the DNS server to contact another IP address before reaching a root DNS server. The DNS caches at each of these stages are there simply to speed up the process of accessing the website you requested.

How does a DNS cache work?

As we have seen, when a browser receives a request to connect to a particular website, and before it passes that request on to the internet, it will search its local DNS cache. This cache is just a database, containing the IP addresses of all the domain names of websites you have visited. Being able to access an IP address without going through the internet speeds up the whole process. You can view the contents of the local DNS cache.

From Windows, enter the command ipconfig/displaydns and each record in the database will be accessible. The record of anyone's website will contain several items of information, including the domain name and the IP address. The IP address, which comprises a series of numbers in the group, divided by a dot, will be listed as an “A” record.

This feature is a useful one, as there might be occasions when you need to know the IP address of a particular domain name. One instance is when you are carrying out admin work on your computer.

What is meant by DNS Cache Poisoning?

DNS cache can become poisoned or polluted as a result of an invasion by a computer virus or viruses. Usually, the virus deposits an unwanted and unauthorized domain name and IP address into the cache. This can mean the user being redirected to phantom websites or malicious sites. If the virus has changed the IP address of a website it is unlikely you would be aware of it. Hence the importance of being able to access your local DNS cache and its contents.

There are other ways in which a cache might become poisoned. These include hacking and other attacks on your network. Occasionally, there might be a technical problem or a mistake made while carrying out admin work on your computer that causes the cache to be corrupted.

The result of the poisoning or polluting of your DNS cache is that your computer is open to a variety of attacks, including phishing and whaling. There is, fortunately, a solution to the problem of a poisoned DNS cache – flushing.

DNS Flushing – what it means and how to carry it out.

Flushing your DNS cache clears its contents. This deletes every entry and means your computer will have to replace them as and when you try to access websites. It does, however, clear all the invalid entries too.

Flushing your DNS:

• Windows - Go to Command Prompt and enter ipconfig/flushdns. You will know that it has worked because the message "Windows IP configuration successfully flushed the DNS Resolver Cache” or “Successfully flushed the DNS Resolver Cache”.
• Mac - The users can do the same through a Command Terminal using dscacheutil-flushcache. There will, however, be no message to show you have succeeded.
• Linux - Enter the command /etc/rc.d/init.d/nscd restart. A router will have a DNS cache too. Yours can also be infected by a computer virus, so it is a good idea to carry out a router reboot. Doing this will delete all the DNS data stored in the router’s temporary memory.