What is DNS Caching?
DNS caching stores resolved domain name query results for the specified TTL duration to avoid repeated queries to upstream authoritative servers.
DNS caching is a mechanism where DNS query results are stored locally or on an intermediate resolver for a limited period, defined by the time-to-live (TTL) value in the DNS resource record. This reduces the need to resolve the same domain name again from authoritative servers, cutting latency and network traffic.
When a DNS resolver receives a query response, it places that record into its cache along with the TTL received. For subsequent queries for the same domain within the TTL window, the resolver returns the cached answer without contacting upstream servers. The resolver discards the record when the TTL expires. Caches are used at every level: the operating system stub resolver, the local network resolver (often running on a router), the ISP's recursive resolver, and sometimes within browsers and applications.
DNS caching is critical to scaling the internet's naming system. Without it, every DNS request would travel the full hierarchy from stub resolver to root nameserver to TLD to authoritative server. Caching reduces that path to a single local lookup for most queries. However, it introduces possible staleness: if a domain changes its IP address, cached records remain until TTL expiry. Short TTLs (e.g., 60 seconds) minimize staleness but reduce caching benefits; long TTLs (e.g., 86400 seconds) maximize performance but slow propagation of changes. DNS cache poisoning is a known class of attack where an attacker causes a resolver to cache a forged record, redirecting traffic until the cache flushes.
Key facts
- Records are stored for the duration of the TTL returned in the DNS response.
- Cache exists on stub resolvers (OS), recursive resolvers (ISP, public DNS), and browsers.
- Stale caching can delay visibility of DNS updates (e.g., server migration).
- Cache poisoning attacks exploit weak validation in older resolver implementations.
- DNS flush commands (ipconfig/flushdns, systemd-resolve --flush-caches) clear the local cache.
How it works in practice
Related terms
References
More in DNS
A Record
A DNS resource record that maps a hostname to a 32-bit IPv4 address. It is the most fundamental record type for translating domain names to numeric addresses on the Internet.
AAAA Record
A DNS resource record that maps a hostname to a 128-bit IPv6 address, analogous to the A record for IPv4.
Authoritative DNS
An authoritative DNS server holds the definitive resource records for a specific domain and responds to queries with the final answer for that zone, not a cached copy.
CAA Record
A CAA (Certification Authority Authorization) DNS record lets domain owners specify which certificate authorities are permitted to issue SSL/TLS certificates for their domain.
CNAME Record
A DNS record that maps an alias hostname to the true or canonical hostname, allowing multiple names to resolve to the same IP address without duplicating A or AAAA records.
DNS
The Domain Name System (DNS) is a hierarchical, distributed naming system that translates human-readable domain names (like example.com) into IP addresses and other resource records used by internet protocols.
DNS Anycast
DNS Anycast uses one IP address served from multiple geographically distributed nameservers; queries are routed to the nearest or healthiest node, improving resilience and reducing latency.
DNS Hijacking
DNS hijacking is an attack or misconfiguration that returns forged DNS responses, causing users to connect to attacker-controlled hosts instead of the intended server.
DNSSEC
DNSSEC (DNS Security Extensions) add cryptographic digital signatures to DNS records, enabling resolvers to verify that responses have not been tampered with or spoofed.
DoH
DNS over HTTPS (DoH) encrypts DNS queries and responses inside HTTPS traffic, preventing on-path observers from seeing or tampering with DNS lookups.