The DNS is a great technology that allows us to use the internet the way we know currently. It resolves domain names to their IP addresses, and we get our answers almost instantly. But the DNS resolution is a complicated process that could involve many DNS servers placed far away from each other, and it takes time. There is a way to reduce the DNS queries and save time – DNS cache.
What is DNS cache?
The DNS cache (also known as DNS resolver cache) is a temporary DNS storage on a device (your computer, smartphone, server, etc.) that contains DNS records of already visited domain names (A records for IPv4 addresses, AAAA records for IPv6, etc.). It keeps those records, depending on their time-to-live (TTL).
Each time you visit a website, its addresses will be saved inside this temporary database of records to facilitate a later revisit.
Basically, the DNS cache is how your device is trying to save effort and time and skip a long DNS lookup by answering a DNS query with a DNS record that is already inside the temporary DNS cache.
Why do we need a DNS cache?
We need DNS cache to get a faster response for DNS query for domain names that we have already visited recently in the past.
Both the device, that the user is using (his or her computer) and the multiple DNS resolvers, that the request reaches, have DNS cache and they can resolve the domain if it is still in their cache memory. If not, the DNS query will need to follow the long way to the root server who will direct to the TLD servers and then they will direct to the authoritative name server for the domain name to finally get the answer.
How does it work?
Each time a user performs a DNS lookup, its device will first check inside the internal DNS cache that is part of the OS. There is a table of DNS records inside the DNS cache, their values, and the time they could be kept (TTL). The TTL value is set by the DNS administrator of each domain name, and it is the time limit that each DNS record has. After the time runs out, a new query is required.
If the DNS query can be resolved from the DNS cache, the user will get their answer, and they can visit the site they desired.
If no, the query will travel to a recursive DNS server. There are many DNS recursive servers out there. Like for example, there are inside your Internet Service Provider. They also have a cache that works in the same way. If the answer can be found there, the user will get it and resolve the domain.
If no, the query will travel to an authoritative nameserver to get the answer.
When it gets the answer, the DNS record or records will be saved in each of the DNS caches of the recursive DNS servers on the way and inside the user’s device, too, for the period that the TTL value indicates.
Next time a new query starts for the same domain name, your device will repeat the process. If not so much time has passed, there is a high chance that the DNS record your device needs is still inside this temporary memory, and the query gets answered instantly.
How do I check my DNS cache?
You can see the DNS cache of your device with a very easy command on Windows, a bit harder on macOS and Linux.
- Open the Command Prompt application by pressing windows+R.
- Write cmd and press Ok.
- Inside it, write the following command “ipconfig /displaydns”, and you will see all the DNS records of the sites you have visited.
- You will need to open the Console application.
- There you will enter the following “any:mdnsresponder”.
- Now go and open the Terminal application and enter the following command “sudo killall -INFO mDNSResponder”. You will be asked your password. After that, you will need to get back to the Console application, and you will see the list of DNS records.
There was no OS-level DNS caching, so it is a bit harder to display it. Depending on the software you are using, you might find a way to see it. For example, if you are using NSCD (Name Service Caching Daemon), you can see the ASCII strings from the binary cache file. It is located in /var/cache/nscd/hosts, so you can run “strings /var/cache/nscd/hosts” to display it.
If you are using Ubuntu 20.10, Fedora 33, or later, Systemd is responsible for the DNS.
- First, open the Terminal and write this command “sudo killall -USR1 systemd-resoved”.
- Then run another command to export the log message to a basic .txt file with this command “sudo journalctl -u systemd-resolved > ~/dns-cache.txt”.
- Wait until the file is created and then open it with “less ~/dns-cache.txt.
Flush (clear) DNS cache
You can flush the DNS cache and that way to delete all of the DNS records from the local cache in your OS or web browser. Both can have different caches, so you will need to delete them both.
Deleting the DNS cache might resolve problems with the domain resolution of a site or any other problem related to the outdated DNS records still in your cache.
Cleaning it will also hide the list of the visited sites on a DNS level. That way, you can hide sites that you don’t want to show you visited.
It can also be useful if you have any suspicion of DNS poisoning. In case somebody manipulated a DNS record in your DNS cache, deleting it will eliminate the potentially dangerous records.
The negative part of clearing the DNS cache is that you will need to obtain the IP addresses of all websites that you need again. No site you recently visited will be saved after the DNS flush, and the first DNS resolution for each site will take longer.
Let’s explore how to flush the DNS on different OSes and browsers. Remember, you will need to clean it both on OS level and browser level.
The process of flushing the DNS in Windows is straightforward.
- Open the Command Prompt application and type the following command: “ipconfig /flushdns”.
- Upon successful clearance, you will see a confirmation message: “Windows IP Configuration. Successfully flushed the DNS Resolver Cache “.
- On macOS, to delete the DNS cache, you will need first to open the Terminal application.
- Then you will need to enter this command “sudo killall -HUP mDNSResponder”, press Enter and write your password. You will also need to clear the DNS cache of the browser you are using. Check Safari if it is your choice.
There is no DNS caching by default on all of the Linux distros.
If you are on the latest Ubuntu 20.04 LTS or later, you can open the Terminal application and execute the following command “sudo systemd-resolve –flush-caches”. You will need sudo privileges to do it.
NCSD. If you are using NCSD, you will need to perform this command inside the Terminal “sudo /etc/init.d/nscd restart”. You will need to confirm your password for the command.
DNSMASQ. The command for dnsmasq DNS cache is “sudo /etc/init.d/dnsmasq restart”, followed by password typing. It will restart the service.
BIND. In the case of BIND, you will need a few commands: “sudo /etc/init.d/named restart”, then “sudo rndc restart”, and finally “rndc exec”. With that, you have to finish the DNS flushing.
You need to put the following in the address bar “chrome://net-internals/#dns”. Then click on Clear host cache. IF you are using Edge, change chrome to edge from the previous text, and if you are using Opera change it to opera.
- Find the icon with 3 lines located on the top right corner and open Firefox’s menu.
- Then search for Options (preferences).
- Inside it, you will see Privacy & Security. Click on it.
- Go to History and click on Clear History by selecting Everything.
- Finally, Clear Now.
- First, Open the Safari browser.
- There navigate to Preferences > Advanced.
- Click on “Show develop menu in menu bar”.
- Then go to the menu bar, Develop > Empty Caches. The shortcut is ⌥⌘E. You will need to restart the browser in the end.
DNS spoofing (DNS cache poisoning)
DNS spoofing is a malicious attack that aims to edit or replace DNS records inside the DNS cache of the targeted device (server or personal computer). The new or modified DNS records have changed data like the IP address, and they will resolve the domains to the new IP addresses. That way, the attackers can direct the traffic to a fake site, where they can steal the users’ personal data. Everything happens in the background, so if the fake site where the user is redirected really looks like the original, it is easy to cheat the user and get the result.
The DNS spoofing can happen with a spam message that has an executable code that can perform the injection.
Another way is the man-in-the-middle attack, where the bad actor is in the middle between the user and a DNS resolver. It passes modified information, pretending to be sending normal packets of data. The user gets DNS records from the attacker.
A user can evade such an attack by using a VPN for encrypted communication, not clicking on suspicious messages, and open infected attachments.
The DNS cache is a useful method of saving resources, both on your local system and on multiple servers. It is a fast method of DNS resolution that saves time for everybody. Yes, it is a target for DNS poisoning attacks, but there are various methods to protect the DNS cache.