In any internet enabled network, name resolution and in particular DNS requests represent a significant amount of traffic.    One of the important ways that DNS reduce this traffic is by caching or saving all the responses that they receive.  This is an important function which ensures the resolution process is more efficient than if the same requests were repeated over and over again.

This behaviour also reduces the number of hits that other DNS servers take responding to queries.  It is likely that the majority of DNS requests are repeated frequently, hostname to IP resolution requests (and vice versa) are extremely common and so it makes sense to reduce these.  The performance gains from caching responses do come with other risks specifically attacks based on cache poisoning so it’s important to make sure that the cache responses are both authentic and valid.

If a request for a web page is made repeatedly then the resolution process will differ slightly after the initial request.   The host will still issue the request to resolve the hostnames address however the DNS server will firstly check it’s cache before trying to resolve the address.   If the requested record exists in the cache then the IP address is returned to the requestor.

Of course, there are other factors you need to consider in order to configure this behaviour and one of the biggest one is the length of time each record is cached for.    On most DNS servers this will vary and it is possible that each cached record has a different life span.  Each DNS record has a a DNS time-to-live (TTL) value which controls how long this record should be cached.  This is a different value than the IP header TTL value so the two should not be confused because they are entirely different functions.

It’s important that these TTL values are respected because they will be configured depending on how often the value is likely to be accurate.  For example on huge websites with a large infrastructure server addresses may be rotated often.  You might have an IP address when connecting through to the BBC iPlayer in Ireland however if these addresses are rotated then the address cannot be cached indefinitely.  Other addresses rarely change and so will often be set with longer DNS TTL cache settings.

Caching is important for a network to reduce latency and minimise duplicate requests however security is a big concern.  The Cache poisoning attacks mentioned below can effectively target highly secure and important servers purely because the DNS resolution is often outside the scope of the administrators control.

John Williams