The Domain Name System (DNS) is a keystone for the Internet to work as well and easily as it does for users. But to be vital means, it’s always busy, hard demanded and sometimes, even stressed.
Balancing this and not risking the important mission DNS has, different mechanisms and technology have been developed to make some tasks easier. The objective is to reduce work for the system and devices and accelerate the answer to users’ requests.
And that is the case with DNS cache!
What does DNS cache mean?
The DNS cache or DNS resolver cache means the temporary cache memory that DNS recursive servers (resolvers) and devices like your computer or mobile have to save the DNS records from the domain names you have already requested.
Those DNS records are domain names’ and subdomains’ IP addresses (A for IPv4 addresses and AAAA for IPv6). Records related to their verification, authentication, mail servers, etc. They will remain in the DNS cache only the time that their TTL (time-to-live) establishes, not permanently.
Let’s say it is a mechanism to avoid the multiple repetitions of a DNS lookup to get the necessary IP address for loading its corresponding domain name every time the user requests it. Instead, they could be multiple DNS lookups to serve the same domain name.
Think about the time and effort that can be saved if that information remains handy for a while. The answer to the users’ requests can be executed faster and resources better optimized.
How does it work?
Simply, the operating system (OS) keeps a temporary database on the memory of the server or other devices.
Then, a user requests a domain name for the first time. The DNS resolution process gets triggered. The user’s browser sends the request. A resolver DNS server gets this to look for its corresponding IP address.
This search will start with the resolver asking the root server, which will point to the TLD server for the requested domain. The resolver will then ask that TLD server, which will answer, pointing the authoritative name server in charge of the requested domain. This last will be the provider of the IP address for the resolver. Then, finally, the resolver will answer the user’s request while sending its corresponding IP address for the domain to be served and visited by the user.
Together with more domain DNS records, this IP address will be saved on the database we mentioned (cache). Both in the resolver cache and in the device cache. The next time the user requests the same domain name, to load it will be faster and easier. A new DNS lookup won’t be needed. The information will be found directly in the DNS cache.
This will happen with every domain requested. And based on the TTL value established on each DNS record, they will be more or less time available directly on the cache. Once the TTL expires, a new lookup will occur if the domain is requested again, and its results will be kept in the cache.
What is DNS cache poisoning?
Unfortunately, cybercriminals already know very well how useful DNS cache is, and they have created a way to take advantage of its functionality.
DNS can be poisoned by inserting IP addresses or domain names into it for directing users to dangerous destinations, usually malicious websites.
The DNS cache can get corrupted due to technical issues or administrative errors, but sometimes its corruption means criminal activity in progress. You can clear the cache regularly to prevent this risk.