Flush DNS

How to Flush DNS?

When surfing the Internet, a problem that can arise for consumers is getting a number of DNS errors or 404 errors in the web browser despite a working Internet connection. If this is the case, then learning how to flush DNS for your computer’s operating system (OS) is key to restoring the proper quality of service for your computer’s web browsing capability. The act of flushing the DNS removes the local resolution for the website name saved or cached on your computer which can result in a slower initial revisit to the webpage; however, it will eliminate browsing errors encountered from the entry being corrupted.

What is DNS?

The Domain Name System (DNS) is a database system which translates the plain language web address or URL into an IP address. The system was created since it’s easier to remember a domainname such as www.google.com than 213.165.70.39. Typically, every local computer network will have at least one server that handles DNS requests or queries (called a name server) which performs a caching or quick-lookup function to minimize the time it takes to resolve domain look-ups. If the local name server doesn’t have a domain name stored, it will request the identity from the next name server it knows about and so forth.

History of DNS

Before DNS was invented in 1982, the idea of using a name vice a computer host’s numerical address on the network dates to the ARPANET. Prior to 1982, every computer on the network would have a HOSTS.TXT file that would be retrieved from a computer at SRI. The field would map the names to numerical addresses. The hosts file is still in use on modern operating systems to map 127.0.0.1 to the “localhost.” The rapid growth of computer networks; however, made the hand edited hosts file almost unusable. As a result, Paul Mockapetris invented the Domain Name System in 1983 and wrote the first implementation. The original implementation was subsequently published as an IETF standard and has been superseded since that time. The first Unix implementation of DNS was completed in 1984 by Douglas Terry, David Riggle, Mark Painter, and Songnian Zhou referred to as BIND (Berkeley Internet Name Domain) server. BIND would later be ported to Windows NT in the early 1990s.

DNS Cache Poisoning

Similar to other fundamental Internet constructs, the Domain Name System was not originally designed to be secure. DNS cache poisoning is the term used to describe a data integrity or security compromise in DNS. The vulnerability occurs when data gets introduced to DNS cache that did not come from or originate with an authoritative DNS source. This can occur from a malicious attack or from a bad or misconfiguration of DNS cache. Once a DNS server has received the non-authenticated information and caches or saves to the database, it is then considered poisoned when the bad information starts to be supplied to client machines of the server. At the minimum, a poisoned server will send end-users to incorrect websites. During malicious attacks, they may be directed to malicious web pages designed to infect the client computer or pretend to be legitimate websites designed to steal user’s information and/or money.

Preventing DNS Cache Poisoning

Many of the traditional DNS cache poisoning attacks are prevented by making DNS servers trust the information passed to them by other DNS servers less. This is accomplished by ignoring DNS records that are returned to the requesting server not related to the query. The most current version of BIND addresses poisoning attacks in this manner. Additionally, implementing source port randomization for DNS requests (makes requests harder to spoof) along with using cryptographically-secure random numbers to select the source port and nonce significantly reduce the probability of DNS attacks. Secure DNS or DNSSEC is the current initiative being slowly deployed to fully solve the DNS cache poisoning issue by using electronic signatures and public key certificates to validate the authenticity of data.

Common Problems with DNS

There are wide arrays of DNS issues that can arise at the network administrator or power user level. For the end-user; however, the majority of DNS problems arise from either bad configuration entries or the local computer’s DNS storage requiring flushing. Independent of the type of operating system, many home computer users will input the DNS Server for their respective Internet Service Provider (ISP) incorrectly resulting in a failed Internet connection. Each ISP will have a slightly different configuration process; however, the IP address of the DNS server for your home network to use will be provided on registration for service. Many times the ISP will use the address for their actual DNS server, where others it will be the same as the Gateway IP for the service (also the IP address of the router).

How to Flush DNS in Windows Using the Command Prompt

Step 1 – Close all open web browsers and applications on your computer.

Step 2 – Open the Windows command prompt by selecting the “Start” menu and entering “cmd” in the 

search text field box followed by clicking the “enter” key.

Step 3 – At the command prompt, enter “ipconfig /flushdns” followed by pressing the “enter” key. After a moment, Windows will display a message similar to: “Successfully flushed the DNS ResolverCache.” Once the message is displayed, the DNS will be flushed removing all incorrect entries.

Step 4 – View the DNS resolver cache by entering, “ipconfig /displaydns” at the command prompt followed by clicking the “Enter” key.

How to Turn Off DNS Caching in Windows

If clearing DNS cache does not solve frequent DNS errors on the computer running Microsoft Windows, client-side DNS caching can be disabled. When DNS caching on the client disabled, your computer will still be “usable,” but just not as efficient or “fast” as it is with the service turned on and working properly.

Step 1 – Open the Windows command prompt by selecting the “Start” menu button and entering “cmd” in the search text field followed by pressing the “enter” key on your computer.

Step 2 –  Enter “net stop dnscache” or “sc servername stop dnscache” at the command prompt followed by pressing the “enter” key on your computer. DNS caching will be disabled until the next time the computer is restarted or rebooted. In order to make the change permanent, the DNS Client Service will need to be changed to disabled using the Microsoft Service Controller or

Services tool.

Steps to Stop DNS Client Services in Windows Using the Services Tool

Step 1 – Open the Windows command prompt. Then, input services.msc at the command prompt and press the enter key.

Step 2 – Locate the “DNS Client” application and double click the program icon.

Step 3 – Select the “Stop” menu button. Conversely, the application can be restarted in the same location of the services user interface.

Changing DNS Cache Settings in Windows

An alternative method that can be used to modify Windows DNS caching on the client-side is to change two of the registry entries in the registry associated with the service.

Step 1 – Select the “Start” menu button and enter “regedit” in the search text field followed by pressing the “enter” key.

Step 2 – Click the “Edit” and “Find”  and enter “DNSCache” or use the menu on the left hand side of the editor to locate: HKEY_LOCAL_MACHINESYSTEM -> CurrentControlSet -> Services -> Dnscache -> Parameters.

Step 3 – The MaxCacheTTL is the maximum amount of time that Windows will cache a DNS lookup. The default value at the time of this writing is 86,400 seconds. You can change this entry to 1 to force windows to clear the cache every second. This can result in a negative performance drop on your computer.

Step 4 – Another registry key setting that can be changed is MaxNegativeCacheTTL which is the maximum amount of time that a failed DNS result will be cached. This is normally set to 900 seconds, but if you change it to 0, Windows will not store failed look-ups.

*Note, the path to the DNS cache registry key will be slightly different based on the version of Windows installed on your computer. Modifying the registry should be done with caution and not by those who lack significant computer experience.