What Is DNS Caching?

In the Domain Name System (DNS), caching is the process of temporarily storing DNS records within an operating system, browser, device, or network. DNS records translate human-readable domain names like example.com into the corresponding IP addresses like 2001:db8:3e8:2a3::b63, which can be understood by computers and devices. By storing DNS information locally, DNS caching enables domains to be translated or “resolved” faster, while reducing network traffic.

The Domain Name System (DNS) is designed to enable people to use easy-to-remember domain names as they navigate the web, rather than needing to remember specific IP addresses. For this reason, DNS is like GPS for the internet. When an end user types a domain name like example.com into a browser (or when a user clicks on a link, or a computer or web application needs to contact another device), the user’s device creates a DNS query designed to find the corresponding IP address from a system of DNS servers containing this information. Authoritative DNS servers keep the official DNS records. Recursive DNS servers speed responses by directing requests to the right authoritative server or by producing the required information from DNS records stored in their memory, or cache.

As a form of temporary storage, caching enables the DNS system to look up and retrieve DNS records more quickly and efficiently for a period of time. There are a limited number of authoritative DNS servers in the world. That means it can take a bit of time to retrieve DNS records from these servers. And with trillions of DNS requests each day, authoritative servers could become easily overloaded and cease to function. By caching the DNS records in a variety of locations for reuse on future requests, the DNS system makes it easier and faster to retrieve DNS information while minimizing network traffic and reducing the workload of authoritative servers.

There are several types of caching in the DNS system. Whenever a user or machine initiates a DNS request, the response may be stored in the temporary memory or cache of the user’s operating system and browser, or in any of the recursive servers involved in the search. Each DNS record has a time-to-live (TTL) value that determines how long records can be stored in a cache before being deleted, causing servers and operating systems to search for an updated record.

When a user or machine initiates a DNS query, the user’s device first checks the local cache in the operating system or browser to see if the record exists there. If not, it forwards the request to a recursive DNS server. The recursive server either resolves the request based on information stored in its own cache, or forwards it to other nameservers and ultimately to an authoritative DNS server. The response from the authoritative DNS server is stored in the cache of each resolver step and forwarded back to the user’s device, which loads the correct web page or connects to the correct device.

By storing DNS responses in the memory of operating systems, browsers, or servers, DNS caching provides several enormous benefits.

• Faster resolution. When a DNS response is cached, subsequent lookups for that same domain can be served directly from the cache, minimizing latency by eliminating the need to query additional nameservers or authoritative servers.
• Better online experiences. Faster response times from cache servers enable more efficient load times and high-performance experiences for users.
• Traffic optimization. Caching helps to reduce the number and volume of DNS queries that need to travel across the network, increasing network efficiency and easing the load on DNS servers.
• More bandwidth. By reducing DNS traffic on the network, caching helps to conserve bandwidth, reducing costs and reserving bandwidth for business-critical functions.
• Offline access. When DNS requests are cached in local memory, devices may still be able to access websites and online resources even when disconnected from the web.
• Optimal distribution. DNS caching can serve as a load balancer, helping to distribute DNS traffic across servers and infrastructure more evenly to improve the scalability and resilience of DNS infrastructure.

While DNS caching offers significant benefits, it may also expose the DNS system to risk. Threats that take advantage of DNS caching include:

• DNS cache poisoning. Also known as DNS spoofing, DNS cache poisoning is a malicious attack that replaces legitimate DNS records in a cache with false information, so that users and devices are directed to the wrong websites. Attackers use cache poisoning to dupe users into revealing sensitive information on websites or to distribute malware by inducing a user to click on a malicious link.
• Expired records. Attackers may also redirect users to a fraudulent website by exploiting DNS records that are expired or not updated. This can happen when a recursive resolver fails to refresh its cache or doesn’t honor the TTL values, which specify how long a DNS record should be cached.

To mitigate the impact of attacks on DNS caches and cached content, organizations may choose to work with an end-to-end DNS security provider that combines DNS filtering technology with a global presence, which can help to mitigate DNS-based DDoS attacks.

Cache flushing is the process of clearing a DNS cache of all stored data and DNS records, deleting both valid and invalid records. Cache flushing forces the computer or server to resolve future DNS requests by contacting recursive or authoritative servers.