Last update: 08.12.2019
How many phone numbers of your family and friends do you know by heart? It’s OK, all of us need some contact list to link those digits with a name to enable those late-night drunk-calls to your ex. The same goes will all the websites that you visit. All of them have a unique IP address that you’d need to keep somewhere to access.
For that reason, the Domain Name System, or DNS in short, has been created. It stands in as the Internet’s phone book with all the numbers that you need to dial to reach your website. Each time you accesses a website through its hostname, the web browser will send a request to the internet, yet it cannot be finalized until the website name is “converted” into an IP address.
How a DNS cache works
Before a web browser sends a request to load a website, your device will intercept this request and search for the domain name in your device’s DNS cache database. The database holds a list of all recently visited domain names and their addresses.
On Windows, you can see the local DNS cache by using the command ipconfig /displaydns. For example, if you look up maps.google.com, the result should be as follows:
Record Name . . . . . : maps.google.com
Record Type . . . . . : 1
Time To Live . . . . : 20
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 126.96.36.199
The “A” record is the part of the DNS entry that includes the IP address for the website. Your DNS cache stores this address and the requested website name, as well as other parameters from the host DNS entry.
What is the purpose of a DNS cache
Your device stores search results in a local DNS cache, so you don’t have to search the DNS server for the same website address repeatedly. DNS cache acts like your contact book with your favorite websites that you visit regularly.
Therefore, to load a website faster, the DNS resolver checks your local cache first before digging into the big phone book. If that fails, it’ll ask the router which also often has a DNS entry for your desired website.
DNS caching minimizes the DNS traffic and enhances the performance of your apps that depend on it. DNS caches are found not only in your device or router but your Internet Service Provider (ISP) servers as well.
DNS cache poisoning
A DNS cache can become corrupted when unapproved domain names or IP addresses are inserted into it.
Sometimes a cache can become corrupted as a result of technical anomalies or administrative mishaps, but the so-called DNS cache poisoning is usually related to computer viruses or other network attacks that introduce invalid DNS entries into the cache. It can also result in user requests being redirected to incorrect destinations, generally malicious websites, or advertising pages.
As an example, if the maps.google.com DNS entry had a different “A” record, then entering maps.google.com into a web browser would take the user elsewhere. This is a significant problem for popular websites since if an attacker redirects a request for google.com to a page that mimics Google, your device could become a victim of a phishing attack.
How to prevent DNS poisoning in 2019
The danger of DNS poisoning is how quickly it can spread from one DNS server to another. If your ISP servers start getting poisoned DNS entries, they get cached and automatically offered to the users. This can be stopped only by cleaning all DNS servers so that no source can start spreading the venom again.
While the most significant part of preventing DNS poisoning falls upon the shoulders of ISPs and system administrators, users also can help themselves. One piece of advice is to look at the website company’s name in the address bar. If you don’t see a green icon that symbolizes a secure HTTPS connection, chances are you’re visiting a hacked copy of the website.
On the other hand, not all websites implement SSL/TLS certificates, so this is not a foolproof method by any means. Fortunately, there’s another method of combating DNS poisoning and that is using a VPN.
A quality VPN offers DNS leak protection, which prevents your device from loading a fake website in case of DNS poisoning. What is more, a VPN encrypts your data, so your data stays safe from such attacks even when you’re using public wifi.
When and how you should clear your DNS cache
Clearing your DNS cache may be the best option in case of DNS poisoning or other connectivity issues. Basically, it means deleting all your locally stored DNS servers and starting from scratch. This way the new ones will replace the poisoned and other way faulty entries.
These new DNS addresses will be taken from the DNS server that your network uses. So if you see a strange version of maps.google.com that asks you to log in with your Gmail, better flush the whole thing down the drain.
To clear or flush your DNS cache in Windows, you need to follow these steps:
- Click Start, search for Command Prompt and launch it
- In the Command Prompt, enter ipconfig /flushdns and hit Enter
- You should see a message “Successfully flushed the DNS Resolver Cache“
One thing to not forget is your router – it probably also stores a DNS cache that might be poisoned. Rebooting the router would be the best way to flush its DNS cache and open a new page in your browsing history.