DNS Cache: Optimization and Performance
Master DNS caching to accelerate resolutions and reduce server load.
DNS caching is one of the most fundamental mechanisms of the Internet, yet it remains misunderstood by many administrators. Every domain name query triggers a complex hierarchy traversal to find the corresponding IP address. Without caching, every website visit would spawn dozens of requests to root and authoritative servers, creating unbearable latency and monumental load on global DNS infrastructure.
DNS caching operates at multiple levels: browser, operating system, local router, and ISP resolver. Each level retains previous responses for a duration defined by the TTL (Time To Live). This hierarchical caching drastically reduces response times - a cached resolution takes just milliseconds instead of 100-200ms for a full resolution.
Understanding DNS caching is essential for effective monitoring. An unpropagated DNS change, misconfigured TTL, or corrupted cache can explain why some users see an old IP while others access the new one. MoniTao monitors your records from multiple geographic locations to detect these cache inconsistencies.
Understanding DNS Cache
DNS cache temporarily stores resolutions to avoid repeating the same queries:
- Browser cache: Your browser maintains its own DNS cache (about 60 seconds by default on Chrome). This is the first level checked before any resolution.
- System cache: The operating system (Windows DNS Client, systemd-resolved on Linux) maintains a local cache shared by all applications.
- Router cache: Routers and home gateways often cache resolutions for all devices on the local network.
- Resolver cache: ISP or public DNS resolvers (8.8.8.8, 1.1.1.1) maintain massive caches serving millions of users.
Cache Impact on Performance
DNS caching has a major impact on user experience and stability:
- Latency reduction: A cached resolution takes 1-5ms versus 50-200ms for a full resolution. On modern web pages with dozens of domains, caching saves seconds.
- Load reduction: Authoritative DNS servers receive far fewer queries thanks to caching. A 1-hour TTL means a user hits the authoritative server at most once per hour.
- Resilience: If the authoritative server goes down, caches continue serving the previous response until TTL expiration. A longer TTL offers more protection.
- Change propagation: Caching explains why DNS changes are not instant. All caches must expire before 100% of users see the new IP.
Cache Configuration and Optimization
Follow these steps to optimize your DNS caching strategy:
- Analyze your needs: A site with a stable IP can have a 24-48h TTL. A service requiring quick failovers should stay at 300-600 seconds.
- Configure appropriate TTL: Adjust your record TTLs based on the desired balance between performance (long TTL) and flexibility (short TTL).
- Plan migrations: Before an IP change, reduce TTL to 5 minutes 24-48h in advance. After migration, gradually increase it.
- Monitor for anomalies: Use MoniTao to verify your records are consistent from different regions and detect corrupted caches.
Cache Management Commands
Here are commands to inspect and flush DNS cache:
; Flush DNS cache on Windows
ipconfig /flushdns
; Flush DNS cache on macOS
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
; Flush DNS cache on Linux (systemd-resolved)
sudo systemd-resolve --flush-caches
resolvectl statistics ; view stats
; Flush Chrome cache (in address bar)
chrome://net-internals/#dns -> Clear host cache
; Check remaining TTL with dig
dig example.com +noall +answer
; The displayed TTL = time remaining before cache expiration
; View local resolver cache
resolvectl query example.comAfter flushing the cache, the next DNS query will perform a full resolution. Useful for forcing a DNS change to take effect or debugging resolution issues.
DNS Caching Best Practices
Optimize your caching strategy:
- TTL matched to content: Static records (MX, NS): 24-86400s. Services with failover: 300-600s. During migration: 60-300s.
- Anticipate changes: Lower TTL before any major change. Wait at least 2x the old TTL before modifying the IP.
- Avoid extreme TTLs: TTL < 60s overloads authoritative servers. TTL > 1 week prevents quick fixes. Stay between 5 minutes and 24 hours.
- Test from multiple points: Cache varies by resolver. A user with their ISP's cache may see a different IP than you. Test with MoniTao.
DNS Cache Checklist
- TTL consciously set on each record
- Appropriate performance/flexibility balance
- TTL reduction procedure before changes
- Monitoring from multiple locations
- Documentation of standard TTLs in your zone
- Propagation tests after critical changes
FAQ - DNS Cache
How long does DNS cache last?
The cache respects the TTL defined in the record, from a few seconds to several days. Each cache level (browser, OS, resolver) may have its own limits.
Why do some users see the old IP?
Their local cache or ISP resolver hasn't expired yet. Wait for the full TTL or ask them to flush their DNS cache.
How can I force a cache refresh?
You can only force your own local cache. User caches and ISP resolver caches will naturally expire according to TTL.
Is a short TTL always better?
No. Short TTLs increase server load, average latency, and reduce resilience if the authoritative server goes down.
Can the cache be poisoned?
Yes, this is a known attack (DNS cache poisoning). DNSSEC and modern resolvers with port randomization protect against this.
Does MoniTao handle cache issues?
MoniTao monitors from multiple locations with different caches, allowing you to detect when certain regions see stale data.
Master Your Caching Strategy
DNS caching is a double-edged sword: it drastically improves performance but slows down change propagation. A good TTL strategy balances these two aspects according to your needs.
Don't let caching surprise you during a critical migration. Plan your TTL changes in advance and use MoniTao to verify that your modifications have propagated across the globe.
Useful Links
Ready to Sleep Soundly?
Start free, no credit card required.