Quick Definition: DNS caching improves speed and efficiency when retrieving content from previously visited websites. DNS caches, the DNS records obtained from previous DNS queries, can be stored in a browser, an operating system, and other DNS servers to reduce the time it takes to perform DNS resolutions.
Have you ever noticed websites loading a little slower when you visit them for the first time? After you visit the site once, it loads faster for a while. This is because of something called DNS caching.
Imagine you're visiting a restaurant for the first time. You know where it is, but not the exact address. You know the blue restaurant in the plaza on the left is similar to knowing a website’s URL (say, CBTNuggets.com), but you might need to enter the address into your GPS to get there the first time. Once you’ve visited the restaurant, you’re likely to remember how to get there next time without step-by-step directions.
That is the concept of DNS caching in a nutshell. Once you’ve visited a site, your computer remembers the IP address and can send you to the website faster—at least until the cache is cleared.
DNS Cache Hierarchy
When your computer resolves DNS, it stores the results for later use. There are different levels of how and where those results are stored, and you may have various levels of control. The one you may be most familiar with is browser caching.
Your browser caches results to avoid constantly redownloading web pages that change infrequently. For example, your favorite email login page probably doesn’t change often since it likely only consists of a couple of buttons and input fields for your email and password.
Your operating system will also cache DNS results for later use, comparing them with the DNS resolution of a nearby DNS server to save you the hassle of performing a full DNS query.
DNS caches can also store results in other DNS servers. These are the servers your computer’s DNS query uses to obtain the full IP address from your destination’s authoritative server. These servers will cache DNS information for the duration of the DNS TTL, or time to live, which the authoritative DNS server sets.
TTL (Time to Live) and DNS Caching
Referring to our example of needing directions to a restaurant for the first visit, would you still need directions to that restaurant if you hadn’t been there in a few months? How about a few years? What if the restaurant moved locations? DNS TTL (time to live) tells DNS resolvers how often to confirm their cached DNS records to ensure they have the most up-to-date results.
The people responsible for maintaining the authoritative DNS servers set the TTL based on what makes sense for the site. A longer TTL often means faster accessibility for users, and a lower TTL means more accurate results since full DNS resolution occurs more frequently.
Benefits of DNS Caching
DNS caching has several benefits, including a more seamless user experience. Using a DNS cache means your browser can access sites faster using fewer resources. Caching also reduces stress on DNS resolvers and authoritative DNS servers. It also allows users to navigate to the desired website during potential DNS outages.
Thinking back to the restaurant example, you could visit if your GPS wasn’t working but already knew how to get there from memory. However, if you don’t remember the route, you might not be able to find it without step-by-step directions.
DNS caching offers the same benefit. By remembering the IP address, your device can still navigate to the site without the help of DNS resolution.
Types of DNS Caching
There are several different types of DNS caching, including client-side caching, which stores DNS results locally in your browser and operating system; resolver caching, which stores the results of previous DNS queries in other DNS servers; and authoritative server caching, which stores DNS information right at the source.
Client-side caching, your browser and operating system, offers the fastest access to a cached site. However, since it is furthest from the authoritative DNS server, it is also the most likely form of DNS cache to be inaccurate and outdated.
DNS resolver caching lands in the middle for both accessibility and accuracy. It’s a bit slower since your device has to reach out to the resolver for DNS results, and it won’t be as accurate as the authoritative server controlling the DNS results.
The benefit of resolver caching is that it updates periodically when the DNS TTL expires and requires renewal, which means the results have typically been updated when your device sends a request for DNS resolution.
Finally, there is authoritative server caching. This is the most accurate and updated form of DNS caching since it is the source. However, it will also take the longest since your DNS query has to get to the authoritative server before returning to your device.
DNS Cache Flush: When and How
Occasionally, you might experience issues navigating to a site like CBTNuggets.com due to DNS issues. For example, if a site changes its IP address but your DNS cache hasn’t updated through a resolver or the TTL hasn’t expired and triggered a new DNS query, your computer will likely try to navigate to the now inaccurate cached IP address. If so, you’ll need to flush or forget your DNS cache. There are a couple of ways you can do this.
If you’re flushing your browser’s DNS cache, you’ll likely need to navigate to the section of your browser window that handles your browsing history. There should be an option to clear your browsing history, which usually provides a few options, like clearing your cookies, browsing history, and cache.
Feel free to clear as much as you’d like, but make sure you’ve selected the option that most closely resembles something like “clear cache.” Full instructions can vary depending on your current browser.
You may also want to clear your operating system’s cache. If you’re on a Windows device, you should be able to accomplish this by opening a command prompt in the PowerShell window and entering the ipconfig /flushdns command. If you’re on a Mac, you should be able to use the following command in the Terminal app: sudo killall -HUP mDNSResponder. You should see a confirmation message upon success.
Troubleshooting DNS Cache
If flushing your cache doesn’t resolve your DNS issues, there are a few additional troubleshooting steps. First, check your network connectivity to ensure you're connected to the Internet. Try navigating to another website to confirm whether you’re connected.
If you are connected and can access other sites, try pinging your destination directly. Using the command line or PowerShell on a Windows device or the Terminal app on a Mac, type ping CBTNuggets.com, replacing CBTNuggets.com with the site you’re trying to reach.
If you get a response, further troubleshooting is warranted. If you do not receive a response, this indicates there’s a problem with the authoritative server, meaning there’s not much you can do from your end.
Finally, try using the dig command. The dig command is a way to force a new DNS query, which provides you with more up-to-date information and may help diagnose any problems.
Combining the dig command with the trace command provides even more details about the path your device took to get to the authoritative server, which may help highlight any faults in the network along that path. The dig and trace commands look like this:
dig CBTNuggets.com +trace
If these troubleshooting steps don’t work, it may be time to escalate your troubleshooting to someone with additional networking and DNS or your ISP (Internet Service Provider) knowledge.
Best Practices and Security Considerations for DNS Caching Management
There are a few ways you, as a network administrator or network engineer, can optimize everyone’s experience with DNS caching.
TTL values set at the authoritative server should be configured in a way that makes sense for your site. If the site will change frequently, a lower TTL is better to ensure your site’s visitors access the most updated and accurate IP address. Be sure not to set your TTL too high even if you’re not undergoing frequent changes, as there may be updates that don’t get pushed to all users if they are still using an unexpired TTL.
You'll also want to consider security when dealing with DNS caching. One risk of DNS cache poisoning occurs when a malicious user intentionally sends fake DNS information to a DNS resolver, which you are provided due to your DNS query.
One way to prevent this is by using DNSSEC, Domain Name System Security Extensions. DNSSEC is covered in other CBT Nuggets training modules. Still, it is essentially a signature verification method that helps your computer verify the results of a DNS query from the authoritative server, not some malicious user.
Conclusion
DNS caching provides a faster and more user-friendly experience when browsing the Internet. Rather than submitting a full DNS query each time you want to visit a website, DNS records can be cached by a user’s browser and operating system and within DNS resolvers sitting between the user and the authoritative server.
This greatly reduces the strain on network resources and web page retrieval speed. DNS caching can sometimes lead to issues, but troubleshooting is relatively easy.
Want to learn more about DNS and DNS caching? Consider our Implement Domain Name System (DNS) Training!
