Back to all articles

DNS Cache Explained: How DNS Caching Works and Why It Matters

January 31, 2026
By DNS Expert
DNS CachePerformanceTroubleshooting

What is DNS Cache?

DNS cache is a temporary storage mechanism that keeps recent DNS query results on your computer, router, or DNS server. When you visit a website, the DNS resolution result (domain name to IP address mapping) is stored locally so future visits to the same site are faster.

Instead of performing a full DNS lookup every time, your device can quickly retrieve the IP address from its cache - similar to how a browser saves your favorite websites' addresses for quick access.

Why DNS Caching Exists

DNS caching serves several critical purposes:

1. Performance Improvement

  • Reduced Latency: Cached results return in microseconds instead of milliseconds
  • Faster Page Loads: Websites load quicker when DNS lookups are instant
  • Better User Experience: Smoother browsing without resolution delays

2. Reduced Network Load

  • Fewer DNS Queries: Less traffic to DNS servers
  • Bandwidth Savings: Reduces data transmission
  • Server Load Reduction: DNS servers handle fewer repetitive queries

3. Improved Reliability

  • Offline Access: Cached records work even if DNS servers are temporarily unavailable
  • Redundancy: Multiple cache layers provide fallback options
  • Resilience: Systems continue working during DNS server issues

How DNS Caching Works

DNS caching operates at multiple levels, forming a hierarchy:

Level 1: Browser Cache

Your web browser maintains its own DNS cache:

  • Duration: Typically 60 seconds to 30 minutes
  • Scope: Only affects that specific browser
  • Control: Each browser manages its own cache independently

Example browsers:

  • Chrome: chrome://net-internals/#dns
  • Firefox: Stores cache internally
  • Safari: Uses system cache

Level 2: Operating System Cache

Your OS (Windows, macOS, Linux) caches DNS results:

  • Duration: Based on TTL values from DNS records
  • Scope: Affects all applications on your device
  • Location:
    • Windows: DNS Client service
    • macOS: mDNSResponder
    • Linux: systemd-resolved or nscd

Level 3: Router Cache

Your home or office router may cache DNS queries:

  • Duration: Varies by router configuration
  • Scope: Affects all devices on the network
  • Benefit: Reduces repeated queries from multiple devices

Level 4: ISP DNS Resolver Cache

Your Internet Service Provider's DNS servers cache results:

  • Duration: Hours to days depending on TTL
  • Scope: Affects all ISP customers
  • Scale: Handles thousands of users

Level 5: Public DNS Resolver Cache

Services like Google DNS (8.8.8.8) and Cloudflare (1.1.1.1) maintain massive caches:

  • Duration: Strictly follows TTL values
  • Scope: Global user base
  • Infrastructure: Distributed worldwide with anycast

TTL: Time To Live

TTL (Time To Live) is a critical value in DNS caching. It specifies how long a DNS record should be cached before requesting fresh data.

Understanding TTL Values

example.com.  3600  IN  A  93.184.216.34
              ^TTL (in seconds)

Common TTL Periods:

| TTL Value | Duration | Use Case | |-----------|----------|----------| | 60 | 1 minute | Pre-change preparation | | 300 | 5 minutes | Frequent updates expected | | 1800 | 30 minutes | Moderate change frequency | | 3600 | 1 hour | Standard for most domains | | 86400 | 24 hours | Stable, rarely-changing domains |

TTL Strategy

Before DNS Changes:

  1. Lower TTL to 300 seconds (24-48 hours before change)
  2. Wait for old TTL to expire globally
  3. Make DNS changes
  4. Verify propagation
  5. Raise TTL back to normal (3600 or higher)

Benefits:

  • Faster propagation of changes
  • Reduced downtime during migrations
  • Better control over DNS updates

When to Clear DNS Cache

Common Scenarios

  1. Website Not Loading

    • Old cached IP pointing to wrong server
    • DNS changes not reflecting

  2. After DNS Changes

    • Moved to new hosting provider
    • Changed IP addresses
    • Updated DNS records

  3. Security Concerns

    • Potential DNS poisoning
    • Suspicious redirects
    • Malware DNS hijacking

  4. Development and Testing

    • Testing new configurations
    • Verifying DNS propagation
    • Troubleshooting connectivity

  5. Error Messages

    • "DNS_PROBE_FINISHED_NXDOMAIN"
    • "Server IP address could not be found"
    • "ERR_NAME_NOT_RESOLVED"

How to Clear DNS Cache

Windows

Command Prompt (Administrator):

ipconfig /flushdns

Expected output:

Successfully flushed the DNS Resolver Cache.

View cache before clearing:

ipconfig /displaydns

macOS

Terminal:

# macOS 10.15+ (Catalina and later)
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

# Verify
sudo killall -INFO mDNSResponder

Alternative for older macOS versions:

# macOS 10.14 (Mojave)
sudo killall -HUP mDNSResponder

# macOS 10.10-10.13
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

Linux

systemd-based systems (Ubuntu 18.04+, Fedora, etc.):

sudo systemd-resolve --flush-caches

Verify:

sudo systemd-resolve --statistics

nscd (older systems):

sudo /etc/init.d/nscd restart

dnsmasq:

sudo /etc/init.d/dnsmasq restart

Google Chrome Browser

  1. Open Chrome
  2. Navigate to: chrome://net-internals/#dns
  3. Click "Clear host cache"

Alternative method:

chrome://net-internals/#sockets

Click "Flush socket pools"

Firefox Browser

Firefox uses the OS DNS cache, but you can force refresh:

  1. Type about:config in address bar
  2. Search for network.dnsCacheExpiration
  3. Temporarily set to 0
  4. Restart browser
  5. Reset to default (60)

Router Cache

  1. Access router admin panel (usually 192.168.1.1 or 192.168.0.1)
  2. Find DNS or WAN settings
  3. Reboot router, or look for "Clear DNS cache" option

Alternative: Simply reboot the router:

# Unplug router power for 10 seconds, then plug back in

DNS Cache Poisoning

DNS cache poisoning (also called DNS spoofing) is a security attack where false DNS data is inserted into a cache, redirecting users to malicious websites.

How It Works

  1. Attacker sends fake DNS responses to a resolver
  2. Resolver caches the malicious IP address
  3. Users requesting that domain get the fake IP
  4. Traffic is redirected to attacker's server

Protection Measures

  1. Use DNSSEC - Cryptographically validates DNS responses
  2. Use Trusted DNS Servers - Google, Cloudflare, Quad9
  3. Enable DNS-over-HTTPS (DoH) - Encrypts DNS queries
  4. Keep Systems Updated - Patch DNS resolver vulnerabilities
  5. Monitor DNS Changes - Watch for unexpected modifications
  6. Regular Cache Clearing - Removes potentially poisoned entries

Signs of DNS Poisoning

  • Unexpected redirects to strange websites
  • SSL/TLS certificate errors
  • Websites look different than normal
  • Antivirus warnings
  • Unable to access certain sites

DNS Cache Best Practices

For Users

  1. Clear cache when troubleshooting connectivity issues
  2. Use reputable public DNS services (Google, Cloudflare, Quad9)
  3. Enable DNSSEC validation in your resolver
  4. Monitor for suspicious behavior like unexpected redirects
  5. Keep software updated to prevent vulnerabilities

For Website Owners

  1. Set appropriate TTL values:

    • High TTL (86400) for stable sites
    • Low TTL (300) before making changes

  2. Plan DNS changes carefully:

    • Lower TTL 24-48 hours before changes
    • Make changes during low-traffic periods
    • Monitor propagation globally

  3. Use multiple nameservers for redundancy

  4. Implement DNSSEC for security

  5. Test changes thoroughly before going live

For Network Administrators

  1. Configure proper caching policies on DNS servers
  2. Monitor cache hit rates for optimization
  3. Implement cache poisoning protections
  4. Set up logging for security auditing
  5. Regularly update DNS server software

Measuring DNS Cache Performance

Cache Hit Ratio

The percentage of DNS queries answered from cache:

Cache Hit Ratio = (Cache Hits / Total Queries) × 100

Good ratios:

  • 80-90%: Excellent
  • 70-80%: Good
  • Below 70%: May need tuning

Tools to Check DNS Cache

Windows:

ipconfig /displaydns | find /c "Record Name"

Linux (systemd):

sudo systemd-resolve --statistics

Check DNS query time:

dig example.com | grep "Query time"

Negative Caching

DNS also caches negative responses (NXDOMAIN - domain doesn't exist):

  • Prevents repeated queries for non-existent domains
  • Shorter TTL than positive responses (typically 300-3600 seconds)
  • Controlled by SOA record's minimum TTL field

Example: If you mistype a URL, the error is cached briefly to avoid hammering DNS servers.

Conclusion

DNS caching is essential for modern internet performance, but understanding when and how to clear it is crucial for troubleshooting and security. Key takeaways:

  • DNS cache exists at multiple levels: browser, OS, router, ISP, and public resolvers
  • TTL controls cache duration: Set appropriately based on your needs
  • Clear cache when troubleshooting: Most connectivity issues benefit from fresh DNS lookups
  • Security matters: Be aware of cache poisoning and use DNSSEC
  • Plan ahead: Lower TTL before making DNS changes

Whether you're a casual user fixing connectivity issues or a professional managing DNS infrastructure, mastering DNS cache management is an essential skill.

Related Articles: