A DNS cache, which is also known as a DNS resolver cache, is a temporary website database that is maintained by a computer or mobile device’s operating system. DNS stands for Domain Name System, which is an ordered naming system for computers or services connected to the Internet or a private network.

DNS caching keeps records of all recent website and internet domain visits. The DNS cache is accessed by your mobile phone, device or computer when it is attempting to load a website. When attempting to flush or clear the DNS cache in order to resolve an internet connectivity issue, users will often ask what it is.

When a computer or mobile device’s operating system checks a DNS server, the response can be positive, meaning a match was found, or negative, meaning no match was found. The computer operating system stores results in a local DNS cache so local users don’t have to repeatedly search the DNS server for the same website address. The DNS resolver always checks a local cache before checking the DNS server. DNS caches store search results for a period of time that is established by the configuration of each domain-name record.

DNS caching helps improve the productivity of the DNS by minimizing DNS traffic on the Internet, and by lessening load times on authoritative name-servers, especially root name-servers. Since DNS caches resolve queries more quickly, they enhance the performance of end-user applications that depend on the DNS. DNS caches are found in the user’s computer as well as in company and ISP servers.

What Is the purpose of a DNS cache

The internet depends upon the DNS to retain an index of all public websites and their related IP addresses. It is similar to a phone book in that it removes the necessity to memorize every phone number. Similarly, the DNS is employed so a computer or mobile device doesn’t need to remember every website’s IP address, which is how network equipment communicates with websites. Therefore, when you ask a web browser to load a website, it checks with the DNS cache to see if you have visited the site before.

When you type in a URL or web address the browser will first contact a DNS cache and ask for an IP address. If that fails, it will ask the router instead. The router, which has a DNS server address stored, will ask the DNS server for the IP address of that hostname. The DNS server locates the IP address belonging to the website address in order to understand which website you are searching for, and then the browser will load the corresponding page.

The process takes place every time you attempt to visit a website. Each time a user accesses a website through its hostname, the web browser will send a request to the internet, yet this request cannot be finalized until the website name is “converted” into an IP address.

Although there are numerous public DNS servers that the network can access to attempt to accelerate the conversion/resolution process, it is faster to keep a local copy of the website addresses, which is how DNS caches serve their purpose. DNS caches try to accelerate the process by managing the name resolution of website addresses that have been visited recently before sending a request to the internet.

How a DNS cache works

Before a web browser sends a request to the outside network, the computer will intercept each request and search for the domain name in the DNS cache database. The database holds a list of all recently visited domain names and the addresses that the DNS server found when a request was first made.

On Windows, the contents of a local DNS cache can be seen by using the command ipconfig /displaydns. If you’re looking up maps.google.com, the results will look like this:

Record Name . . . . . : maps.google.com
Record Type . . . . . : 1
Time To Live . . . . : 20
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 174.218.6.184

In DNS, the “A” record is the part of the DNS entry that includes the IP address for the set hostname. The DNS cache stores this address and the requested website name, as well as other parameters from the host DNS entry.

A DNS cache can be corrupted when unapproved domain names or IP addresses are inserted into it. Sometimes a cache can be corrupted as a result of technical anomalies or administrative mishaps, but DNS cache poisoning is usually related to computer viruses or other network attacks that introduce invalid DNS entries into the cache. DNS cache poisoning can result in user requests being redirected to incorrect destinations, generally malicious websites or advertising pages.

As an example, if the maps.google.com record from above had a different “A” record, then when maps.google.com was entered into a web browser, the user would be taken elsewhere. This is a significant problem for popular websites, since if an attacker redirects a request for google.com, for example, to a page that appears to be Google but isn’t, your computer could be the victim of a phishing attack like whaling, a cyber attack that targets high-level company employees to steal sensitive company information.

The attacker’s objective is to manipulate the attack victim into approving wire transfers to the attacker.