A DNS cache is a temporary database, containing records of all the recent and attempted visits for requested domains names, each sequence of a DNS query from Browser to the recursive resolver looks like this.
What is DNS caching?
The purpose of caching is to temporarily stored data in a location that results in improvements in performance and reliability for data requests. DNS caching involves storing data closer to the requesting client so that the DNS query can be resolved earlier and additional queries further down the DNS lookup chain can be avoided, thereby improving load times and reducing bandwidth/CPU consumption. DNS data can be cached in a variety of locations, each of which will store DNS records for a set amount of time determined by a time-to-live (TTL).
Browser level DNS caching
Modern web browsers are designed by default to cache DNS records for a set amount of time. The purpose here is obvious; the closer the DNS caching occurs to the web browser, the fewer processing steps must be taken in order to check the cache and make the correct requests to an IP address. When a request is made for a DNS record, the browser cache is the first location checked for the requested record.
In Chrome, you can see the status of your DNS cache by going to
this also applies to Microsoft Edge since it rendering on chromium.
Mozilla Firefox lists entries in DNS cache with this URL
OS level DNS caching
The operating system level DNS resolver is the second and last local stop before a DNS query leaves your machine. The process inside your operating system that is designed to handle this query is commonly called a “stub resolver” or DNS client. When a stub resolver gets a request from an application, it first checks its own cache to see if it has the record. If it does not, it then sends a DNS query (with a recursive flag set), outside the local network to a DNS recursive resolver inside the Internet service provider (ISP).
When the recursive resolver inside the ISP receives a DNS query, like all previous steps, it will also check to see if the requested host-to-IP-address translation is already stored inside its local persistence layer.
How to check and query local DNS Cache
In some situations, the content of the DNS cache needs to be checked, such as when several instances of different level caching do not match, or to update the cache immediately if there are changes in the DNS.
When using Windows, the
ipconfig command can be used to view the DNS cache content, To do this, open a command prompt with press Win+Rcmd Enter to paste and run the following command.
C:\> ipconfig /displaydns
If you want to reset the DNS cache, for example because the cache is to be updated immediately, the flushdns option can be used.
C:\> ipconfig /flushdns
To retrieve the content of the DNS client cache can also get in the Windows PowerShell they give the Get-DnsClientCache cmdlet.
PS C:\> Get-DnsClientCache
The cmdlet is preferable, this output comes very nice and comfortable.
With Linux it is quite different, if using Linux Mint or another Ubuntu based OS, then
resolvectl can help to show the cache content.
$ resolvectl query 126.96.36.199
The resolve query output appears something like this.
188.8.131.52: apache2.a-enterprise.ch -- link: ens160
-- Information acquired via protocol DNS in 24.9ms.
-- Data is authenticated: no
DNS caching is not guaranteed to be present on every Linux system. In the traditional configuration (i.e. without systemd), apps would send DNS queries directly to the servers found in
/etc/resolv.conf, so there’s no „system“ DNS cache to be seen in the first place. Linux Distributions do often enable DNS caching by default, but the exact mechanism varies.
To show link and server status, try perform the status command.
$ resolvectl status
systemd-resolved as DNS cache
If you are using systemd-resolved as the DNS cache (which these days is indeed the closest thing to a „system DNS cache“), run systemctl kill -s USR1 systemd-resolved and it will dump all cache contents to the system journal (journalctl -b -u systemd-resolved) upon receiving the SIGUSR1.
Note. that the ‚systemd-resolved‚ tool is named
resolvectl query in recent versions, which additionally has the
--cache=no option to bypass caching done by systemd-resolved.
Testing this out, we can run journalctl for all DNS records in the cache, with launch the script will perform grep for IN records.
systemctl kill -s USR1 systemd-resolved
journalctl -b -u systemd-resolved -S "@$time" -o cat | grep " IN "
If there is a DNS caching on your Linux? you can verify this on your system with perform the ‚systemctl is-active‚ command.
$ systemctl is-active systemd-resolved
More usefull resolvectl query commands! this retrieve the MX record of the „icloud.com“ domain.
$ resolvectl -t MX query icloud.com
To retrieve any TXT record of a domain.
$ resolvectl --legend=no -t TXT query outlook.com
Because we usually want to query the SPF record these days.
$ resolvectl -t TXT query gmail.com | grep "spf1"
this query looks something like this.
gmail.com IN TXT "v=spf1 redirect=_spf.google.com" - link: ens160
Resolve an SRV service type using resolvectl service option.
$ resolvectl service _xmpp-server._tcp gmail.com
To retrieve SRV entries of a domain, i.e. preferred for SCP by Outlook Anywhere.
$ resolvectl service _autodiscover._tcp hosttech.net
If you want to flush all local DNS caches, i.e. the cache is to be updated immediately, then the flush-caches option can be appended.
$ resolvectl flush-caches
Further help is given with hitting –help.
$ resolvectl --help
resolvectl [OPTIONS...] COMMAND ...
Send control commands to the network name resolution manager, or
resolve domain names, IPv4 and IPv6 addresses, DNS records, and services.
query HOSTNAME|ADDRESS... Resolve domain names, IPv4 and IPv6 addresses
service [[NAME] TYPE] DOMAIN Resolve service (SRV)
openpgp EMAIL@DOMAIN... Query OpenPGP public key
tlsa DOMAIN[:PORT]... Query TLS public key
status [LINK...] Show link and server status
statistics Show resolver statistics
reset-statistics Reset resolver statistics
flush-caches Flush all local DNS caches
reset-server-features Forget learnt DNS server feature levels
dns [LINK [SERVER...]] Get/set per-interface DNS server address
domain [LINK [DOMAIN...]] Get/set per-interface search domain
default-route [LINK [BOOL]] Get/set per-interface default route flag
llmnr [LINK [MODE]] Get/set per-interface LLMNR mode
mdns [LINK [MODE]] Get/set per-interface MulticastDNS mode
dnsovertls [LINK [MODE]] Get/set per-interface DNS-over-TLS mode
dnssec [LINK [MODE]] Get/set per-interface DNSSEC mode
nta [LINK [DOMAIN...]] Get/set per-interface DNSSEC NTA
revert LINK Revert per-interface configuration
-h --help Show this help
--version Show package version
--no-pager Do not pipe output into a pager
-4 Resolve IPv4 addresses
-6 Resolve IPv6 addresses
-i --interface=INTERFACE Look on interface
-p --protocol=PROTO|help Look via protocol
-t --type=TYPE|help Query RR with DNS type
-c --class=CLASS|help Query RR with DNS class
--service-address=BOOL Resolve address for services (default: yes)
--service-txt=BOOL Resolve TXT records for services (default: yes)
--cname=BOOL Follow CNAME redirects (default: yes)
--search=BOOL Use search domains for single-label names
--raw[=payload|packet] Dump the answer as binary data
--legend=BOOL Print headers and additional info (default: yes)
See the resolvectl(1) man page for details.