Understanding DNS Cache

Most managed services providers (MSPs) will have heard of the Domain Name System (DNS), the distributed network of servers that acts as a directory, cataloging domain names and their corresponding Internet Protocol (IP) addresses. Relatedly, a DNS cache is local storage that contains the records of a computer’s query history, including recent website visits.

As a whole, the DNS translates domain names, a verbal nomenclature humans can more easily understand and recall, to the numerical naming and transmission method required by computers. In turn, the operating system (OS) uses caching to store DNS resource records, which avoids redundancy when attempting to access a web page and therefore decreases DNS lookup latency. If a machine has recently visited the page it wants to access, the cache can supply the IP address of its web server, completing the website request before the lookup has to query the DNS server.

Ultimately, the DNS enables human users to keep track of more web pages and to access them as required, and DNS caching expedites the DNS lookup process to more quickly resolve a domain name to an IP address when the OS has visited a web page before.

How does DNS caching affect the network? 

While it’s fairly straightforward to answer the question “What is a DNS cache?” the way it affects network operations is a slightly more complicated topic—and in fact, DNS caching can actually be a security concern for MSPs.

As explained above, the DNS cache exists to streamline the DNS lookup process that resolves a domain name to an IP address—thus, it serves an invaluable acceleration purpose. But DNS caching can compromise webpage access and network security if not properly managed. For this reason, MSPs must understand how caching can put them at risk and must know how to view and clear DNS cache contents.

First, cleaning the DNS cache regularly is important to ensure consistent access to web pages. If a web page has changed the location of its web server in the time since its IP address was cached, a web browser might return an HTML 404 error—although the site is still online, the cache is feeding the browser an inaccurate IP address. This blocks the user’s access to an active page.

Second, a clear DNS cache protects overall network security, from wiping personal web usage data to preventing DNS poisoning. Many operating systems (like MacOS and Windows) and almost all web browsers automatically create a DNS cache. Although this function seeks to serve the user by maintaining DNS lookup efficiency, it means that, in effect, a user’s computer and web browser have a comprehensive collection of their web activity whether they realize it or not. Wiping DNS resource records prevents malicious agents from acquiring and abusing this personal information.

DNS poisoning, or DNS spoofing, refers to the cybersecurity threat in which hackers corrupt DNS resource records. By changing the IP addresses associated with particular domain names, hackers can hijack a web session and send computers requesting a particular site to the wrong web server—a form of phishing. These alternate pages may expose users to advertisements, prompt them to install malware, or succeed at stealing private data (like Social Security numbers or financial information) if they pass as the correct website and convince users to enter sensitive data. Routinely clearing DNS caches both narrows the window of opportunity for DNS poisoning and wipes any corrupted records.

How do i check my DNS cache? 

Every operating system will require users to follow a different sequence of steps in order to view the contents of the DNS cache, although, generally speaking, the process is fairly similar across mainstream developers. Users will generally need administrative access. Depending on your operating system, you can view DNS contents by following these instructions:

  • Windows: Open your command prompt and enter the command “ipconfig /displaydns.” You should then be able to see the records.
  • Mac: Open the Terminal app, enter the command “sudo discoveryutil udnscachestats,” and input your password. This will display the Unicast DNS cache. When you have finished scrolling through these results, close the Terminal, reopen it, enter the command “sudo discoveryutil mdnscachestats,” input your password, and scroll through the Multicast DNS cache results.
  • Linux: Linux doesn’t create a DNS cache automatically, but many commonly used applications provide this service. If your OS uses the name service caching daemon (NSCD), open the command terminal and enter either “service nscd status” or “sudo service nscd status.”

How do I clear the DNS cache? 

While viewing the DNS cache is useful for monitoring DNS contents or retrieving specific IP addresses, clearing the DNS cache is a critical operation for maintaining network security and updating DNS resource records.

The DNS cache does some of this work on its own—each DNS resource record has a designated Time to Live (TTL). After the TTL has expired—meaning after the record has existed for its allotted time span—it is no longer valid. The next time the OS requests its address the cache will have to query the DNS server, automatically updating the cache.

In many cases, system administrators are unaware of the TTL of their DNS records, and often the validity period of DNS entries is too long to ensure optimal web page access reliability and security. To clean out a customer’s cache—a process commonly referred to as flushing the cache—follow these steps, depending on the OS:

  • Windows: Again, the Windows DNS flushing process is fairly simple. Enter “ipconfig /flushdns” in the command prompt. You will see the message, “Windows IP configuration successfully flushed the DNS Resolver Cache.” You can view the DNS cache to see the results (a wiped cache).
  • Mac: For MacOS 10.10.4 and later versions, open the terminal and run the command “sudo killall -HUP mDNSResponder.” The OS will not generate a success message, so it’s best to check for yourself that the flush was fully executed by viewing the DNS cache.
  • Linux: To clear the cache of a Linux OS running NSCD, simply restart the application with the command “sudo /etc/init.d/nscd restart.”

A DNS cache is only one component of DNS services, but it serves an integral purpose in facilitating fast, reliable web searches. Understanding how the cache can affect DNS lookup operations allows MSPs to troubleshoot common problems on customers’ networks, prevent phishing, and purge a record of user search history that hackers could otherwise exploit.

 

Check out our blog for other common questions and concerns with DNS and other systems issues.  

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site