When you work on the Internet, you leave a lot of footprints. Common knowledge, yes, but it is surprising how many otherwise savvy users ignore it.   We all know cookies, and that website operators, especially Google, track our movements around cyberspace, ostensibly to improve performance, but more likely to collect information that can be sold to advertisers later.

Many people use browsers like Firefox that don’t keep browsing records, and many use browser add-ons and other technical tricks like anonymous proxies to block trackers and to delete tracking history and cookies at the end of a browsing session.

That’s all since the Internet and browsers came to rule cyberspace completely. Before Netscape and the Microsoft equivalent, operating systems like DoS, Windows and Open systems kept records of network behaviour. They still do. For instance, the operating system keeps records of all sites visited, and routing tables often keep details of how to reach them.  

That still happens today, so deleting browser history and cookies aren’t quite enough to prevent an investigator from looking at your desktop and seeing where you have been.

As w will see, network performance can also be affected if the records are incorrect, so Network IT Support needs to be aware.

What is the DNS cache?

Because humans are better at remembering acme.com than 158.36.45.782, DNS is a means of converting between natural names and their numerical equivalent used by computer systems. There are many DNS (or “name”) servers around the Internet that regularly update each other when changes are made to the correspondence between names and numbers, or new entries are added and old ones removed.

Simple text files hold the name and an IP address, and a DNS lookup by either the name or IP address will return the other parameter. Other data is held, for example, if it is an IPv4 or IPv6 address and the validity of the entry, the Time to Live “TTL.”.

One of the most frustrating events is to have the message “DNS Server not found” appear in the browser window. This can happen because a name server is down or a link is broken, or the server has excessive traffic.

Windows, MacOs and Open systems get around that by keeping a record of successful DNS retrievals in a local cache or caches.  Often the TTL tells the browser when it is time to update the cache record.  DNS caches can be created by the OS, and by the browsers themselves.

Why do Network IT Support need to be aware of the DNS Cache

Faulty, missing, or Incorrect entries in a DNS cache can cause a number of things of interest to Network IT Support, including:

1. Poor Browser performance, including incorrect “not found” messages, outdated website versions, and general poor Internet performance;
2. Visting the incorrect website;
3. Missing or incorrect corporate websites; and
4. A malware attack, such as spoofing.

These can be caused by incorrect DNS cache entries, for example, an incorrect or old IP address could direct a user to the wrong site.

Clearing the DNS cache should resolve most of these issues. When to do it isn’t written in stone, unless of course there is an urgent problem that needs to be fixed.  Do it immediately if you suspect a spoofing attempt.

Other issues that clearing a DNS cache could help include:

1. Hiding search behaviour. The DNS cache holds records of all the sites visited, and as such is a target for data collectors.
2. Manipulation. We mentioned spoofing earlier, and In a spoofing attack, the real address for a site is replaced with one sending the user to the hacker’s site. Sometimes this is known as DNS poisoning and is a common way to try to collect log-in data.

How to Clear the Cache

Windows

In all versions of Windows 7 onwards, do the following:

1. Open a Powershell or cmd window;
2. Type “ipconfig /flushdns”
3. Go to your browser and flush the browser cache. How to do this varies depending on the browser.

Open Systems

Linux systems don’t have a cache by default. The exact procedure is similar but will vary depending on the distribution, and the caching system in operation.

1. For pdnsd – type “sudo pdnsd-ctl empty-cache”
2. For dnsmasq, dns-clean and ncsd, restart the service. Type the appropriate of:
   1. sudo /etc/init.d/dnsmasq restart
   2. sudo /etc/init.d/nscd restart
   3. sudo /etc/init.d/dns-clean restart

Remember that you will need administrator rights to run these commands.

All systems, corporate and domestic have one or more DNS caches. The contents can give you a Rolls-Royce journey over the Internet, can reveal your innermost search secrets, or reduce the service level you receive from your system.

In both cases, a regular flush of the DNS cache(s) will go a long way to reducing errors and improving systems performance.