Understanding the DNS cache in Linux is essential for troubleshooting network issues and optimizing system performance. When a user types a command to reach a website, the operating system does not immediately query the remote DNS servers. Instead, it checks a local repository of recent answers, which acts as a high-speed lookup table. This mechanism reduces latency, decreases bandwidth usage, and alleviates the load on global DNS infrastructure. Without this buffer, every single connection would require a full round trip to a nameserver, slowing down every application that accesses the network.
How DNS Resolution Works Without Cache
To appreciate the role of caching, it helps to understand the default resolution path. When an application needs to resolve a hostname, the system follows a specific hierarchy. First, it checks the local hosts file to see if a static mapping exists. If the entry is not found locally, the query is sent to the recursive DNS server specified in the /etc/resolv.conf file. This server then traverses the internet’s DNS hierarchy, querying root servers, TLD servers, and finally the authoritative nameserver for the specific domain. The final IP address is returned to the client and, ideally, stored for future use to avoid this lengthy journey on subsequent requests.
The Mechanism of Local DNS Caching
Linux does not run a full caching daemon by default in many minimalist distributions, relying instead on client-side caching handled by the GNU C Library (glibc). When glibc performs a resolution, it stores the positive response in a cache managed by the nscd (Name Service Cache Daemon) or, in modern systems, systemd-resolved. This cache is volatile and resides entirely in RAM, meaning the entries disappear upon reboot. The cache adheres to the Time To Live (TTL) values provided by the authoritative DNS server, ensuring that stale data is automatically discarded once the lease expires.
Interaction with systemd-resolved
Modern Ubuntu, Debian, and Fedora installations often utilize systemd-resolved as the local DNS backend. This component acts as a middleman between applications and upstream servers. It listens on localhost port 53, receives queries, and handles the caching logic. Users can inspect the cache contents using the resolvectl command, which provides detailed statistics about cache hits and misses. This transparency allows administrators to verify that the caching mechanism is functioning correctly and reducing lookup times effectively.
Managing and Troubleshooting the Cache
When network behavior becomes unpredictable, users often need to interact with the cache directly. Perhaps a website has changed IP addresses, but the local machine refuses to acknowledge the update due to a stale entry. In such scenarios, the cache must be flushed to ensure fresh queries are sent to the upstream servers. The method for doing this depends on the initialization system and the specific service managing the resolution layer.
Commands for Cache Management
These commands force the operating system to discard all previously stored entries. Following a flush, the next lookup for a given domain will be slower, as it requires a full resolution chain, but subsequent requests will benefit from the newly cached data.
