DNS Caching Mechanism

As we known that DNS (Domain Name System) is an essential component of the functionality of the Internet. It translates easily human-friendly names to unique IP addresses needed for the purpose of locating computer services and network devices worldwide.

The DNS is an essential component of the functionality of the Internet today, distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain.

Authoritative name servers are assigned to be responsible for their supported domains, and may delegate authority over subdomains to other name servers. This mechanism provides distributed and fault tolerant service and was designed to avoid the need for a single central database.

To drill down through DNS caching mechanism, see more in sections below :

Internet Apps <–(1)–> Windows (DNS Client service) <–(2)–> Caching DNS Servers <–(3)–> Root Domains/Top-Level Domains/Authoritative DNS Server

(3) None of request/response if DNS records is stored in Caching DNS Servers and Time-to-live (TTL) values is not zero
(2) None of request/response if  DNS records is stored in DNS Client service (Windows) and TTL values is not zero
(1) Usually occurs every request when you have access internet by domain names

Windows Client

Most of the internet activities are involved on the DNS processes.
Windows client computer (since Windows 2000) have Dnscache (client-side DNS caching feature) to optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS client service is turned off, the windows can still resolve DNS names by using the network’s DNS servers.

The resolver cache can also support negative caching of unresolved or non-valid DNS names.
These entries are added by the DNS Client service when it receives a negative answer from a DNS server for a queried name.

You can use the ipconfig tool to see and flush the DNS resolver caches which includes entries preloaded from the local hosts file and any recently DNS queried names..

  • To view the DNS resolver cache, type ipconfig /displaydns at a command prompt
  • To flush the cache manually, type ipconfig /flushdns at a command prompt.

Caching DNS Server

Sometime call Forwarding DNS Server that forward DNS queries for external DNS names to DNS servers outside internal network, usually this forwarding DNS was used as a company’s DNS Servers and forward queries to ISP’s DNS or Public DNS servers e.g. Google Public DNS and

ISP must has its own DNS servers that stored a lot of domains records from Authoritative DNS Servers to save network traffics and increases response times.

The practice Caching DNS settings used the original DNS TTL value from Authoritative Srever for its TTL values but some ISPs override TTL values by settings their TTL values like 3600(1 hrs), 7200 (2hrs) or 86400(1 days). Due to performance reasons or anything else, this values should be lower for fast update when ip address has changed.

Authoritative DNS Server

DNS uses a hierarchy to manage its distributed database system. The DNS hierarchy, also called the domain name space which has a single domain at the top of the structure called the root domain. A period or dot (.) is the assignation for the root domain. Below the root domain are the top-level domains that distinguish the DNS hierarchy into segments and organize domain name space geographically like by Country.

Domains under the top-level domains represent individual organizations, entities or company. These domains can be further divided into sub-domains to ease administration of an organization’s host servers. At this level each of the organizations/company have their own Authorization Servers that keep the zone files that stored domain records such as A, MX, NS, TXT, CNAME, AAAA (for ipv6), etc.

Flow from some of above, Caching DNS Servers <–(3)–> Root Domains/Top-Level Domains/Authoritative DNS Server
Mechanism between (3) is a part of DNS protocol, a detailed specification of the data structures and data communication exchanges used in DNS. When Caching DNS Servers want to known which ip address of this domain www.mr2t.com ? the steps is described as following :

  • Caching DNS ask Root Domains “which is ip of www.mr2t.com ?” , Root Domains tell you should ask Top-Level Domains .com later
  • Caching DNS ask Top-Level Domains .com, Top-Level Domains tell you should ask rob.ns.cloudflare.com or mary.ns.cloudflare.com (current Name Servers of mr2t.com)
  • Caching DNS choose rob.ns.cloudflare.com and ask, rob.ns.cloudflare.com tell all informations of www (A records)
  • Caching DNS stored  www.mr2t.com in caches and response this information to behind downstream later.

DNS Client Debug Tools


on a windows, nslookup to print more output as following options

nslookup -qa=A -debug <<domain>> [Caching DNS Server|Authoritative DNS Server of domain]

nslookup: see TTL values from Caching DNS Server

[code]nslookup -qa=A -debug www.mr2t.com[/code]

nslookup: see TTL values from Authoritative DNS Server

[code]nslookup -qa=A -debug www.mr2t.com rob.ns.cloudflare.com[/code]

nslookup www.mr2t.com rob.ns.cloudflare.com

300 (5 mins) is TTL values from Authoritative DNS Server (rob.ns.cloudflare.com)


on a linux or windows (by download dig.exe) to reduce output as following options

dig +noauthority +noquestion +nostats +noadditional <<domain>> @[Caching DNS Server|Authoritative DNS Server of domain]

dig: see TTL values from Caching DNS Server

dig: see TTL values from Authoritative DNS Server

dig +noauthority +noquestion +nostats +noadditional mr2t.com @rob.ns.cloudflare.com

300 is TTL values from Authoritative DNS Server (rob.ns.cloudflare.com)


Recent Find out DNS TTL Values Search Terms:

  • - nslookup see ttl (1)
  • - nslookup external query cache ttl (1)
Find out DNS TTL Values