Helping people with computers... one answer at a time.
DNS transforms domain names into IP addresses. Your PC caches or remembers much of the DNS information but sometimes, though, it needs to forget.
I suddenly started to encounter 'time-out' error messages with certain sites - yours being one of them! On looking further, I could not find any logic to the dozen or so sites I regularly visit being unavailable. I tried accessing these sites through an online proxy - the sites loaded. I re-booted and ran all the adware / spyware / virus programs - all to no avail. I managed to Google the problem and found some obscure forum with the response 'go to command line prompt and type "ipconfig /flushdns" ' which I duly did. Perfect - problem solved - but why did I need to do this, what is a DNS flush and how can I avoid this problem in the future?
•
Well, I can't really say why that fixed your problem, since a reboot is also another way of flushing your DNS. In fact, it's one of the many reasons that so many tech support folks insist you reboot as the first step when investigating just about anything.
But you seem to indicate that a reboot actually didn't help.
But, conceptually at least, it sometimes can help, and it's much faster than a reboot.
•
First, a quick review of what DNS is.
DNS is an acronym for the Domain Name System.
As you probably already know, every device on a network is identified by an IP (Internet Protocol) address. However, you and I rarely know or care what the IP addresses are; we use names like "ask-leo.com". DNS is what maps from names to IP addresses.
When your computer accesses a domain name for the first time, it performs what's called a DNS request which boils down to asking someone "hey, what's the IP address for 'ask-leo.com'?" That 'someone' is a DNS server whose job it is to answer exactly those kinds of questions: "Found it: 'ask-leo.com' is '72.3.133.152'".
Once your computer gets the answer it's allowed to remember it for a period of time. Typically, it's a day or two, but it actually varies based on the specific domain. For as long as your computer remembers that "ask-leo.com" is "72.3.133.152" it doesn't have to ask anyone. Once the time expires, it's required to ask again, just in case it's changed.
That 'memory' of all the DNS lookups your computer has performed is called the 'DNS cache'.
Sometimes, for various reasons, the cache becomes corrupt or out of date, or to use a technical term: "messed up". The symptoms vary, but the most common is that you can't get to some web sites in your browser.
That's when flushing the cache sometimes helps. It forces your computer to empty the cache and forget everything it knows about DNS entries that it's looked up previously. It then has to start asking the DNS server for new and up to date information as you reference domains by name thereafter.
In a Windows Command Prompt, that looks like this:
[C:\] ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
[C:\]
Now, as I said, rebooting your machine has the same effect. Your DNS cache is not preserved across a reboot.
•
Your computer's DNS cache is not the only cache.
If you look at your ip configuration in the Command Prompt, making sure to specify "ipconfig /all" to see all the configuration information, you'll find a line like this:
DNS Servers . . . . . . . . . . . : 192.168.1.1
The IP address for the DNS server may well be ... your router.
Many routers perform the DNS function for local networks. If they need to, they make the DNS request from your ISP's DNS servers on your behalf.
This allows for two things:
-
Your router can 'look up' machines on your local network that it already knows about since it also assigned them their IP addresses. Local machines are not known on the internet anyway, and thus would not show up in the internet's DNS servers.
-
Your router can cache DNS lookups. That means if you have more than one machine going to the same site, the first one might cause the router to have to look it up, but the second machine's request for the same domain would already be in the router's cache; the router wouldn't need to do anything more than simply return the answer.
And yes, this is another reason why rebooting your router is a frequent diagnostic step: your router's DNS cache can also sometimes become "messed up". In fact it happens more frequently than most people expect. And just like your PC, rebooting your router forces it to start over with an empty DNS cache.
•
DNS caching doesn't end there.
In fact, there's an entire hierarchy of DNS servers that work to spread the load of answering all these requests for domain-to-IP mapping being made every time someone tries to go somewhere on the internet. Your computer may ask your router's DNS, your router may ask your ISP's DNS and your ISP may ask their provider's DNS, all the way up to what are called the "root DNS servers":
The DNS hierarchy
Each of these servers will cache the answers for the DNS lookups performed so as to avoid having to repeatedly ask the next DNS server in the chain for the same information over and over again. (Note that in reality this is an over simplification. The root DNS servers will actually redirect lookup requests to other DNS servers based on the top level domain - ".com", ".org", and so on - and each of them may also then redirect to the "authoritative" DNS server for the particular domain being requested.)
All that to turn "ask-leo.com" into "72.3.133.152". 
•
As you can see, DNS is a critical component of how things are located on the internet. As a result, there are threats. Imagine what would happen if somehow someone was able to change the DNS information in a cache or on a server maliciously. You might ask for "ask-leo.com" and get some other random IP address that would direct your browser to a malicious web site. My site's not that high profile, but consider if someone were to do that for the entry for, say, "paypal.com".
This concept of "DNS poisoning" is actually not new, and so far the system has been fairly resilient. But even as I write this, a flaw has apparently been found in almost all DNS server software that could allow exactly such a malicious attack. The details have not been made public, but a fix has recently been pushed out to all DNS servers world-wide.
DNS is that critical.
Related:
-
Can I fake the DNS ip lookup to test my website? In case you need to test your website, there are ways that you can fake the DNS IP lookup to be able to do so. We'll take a look at how that's done.
-
My ISP's DNS servers are timing out frequently, what can I do? Slow Domain Name System (DNS) lookups can affect your apparent internet speed. Your ISP should provide fast DNS, but there are also alternatives.
-
How is my IP address assigned? Every device on an TCP/IP network must have a unique IP address. IP addresses are assigned, either automatically by DHCP, or by manual configuration.
Article C3450 - July 19, 2008
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Rebooting won't help if you are infected with some malware or virus. I currently have some form of the 'google redirect' virus which so far no one has been able to resolve (and I'm an IT guy and have been trying for more than a week now; calls to TrendMicro, web search, etc, all to no avail).
The 'temporary' fix is to flush my DNS cache after booting, which is a small annoyance compared to the rather huge annoyance of all my Google searches being redirected.
Posted by: jrj at September 29, 2011 9:19 AMVery nice article on DNS. Enjoyed how it goes beyond a simple "here is the command so get at it" style you get everyone else.
@ jrj
I had an extremely nasty version of the google redirect virus myself. I suggest doing a hard reset on your router and manually configure your computer's DNS to OpenDNS. That resolved my issue after about a month of redirects, drove me insane.
http://www.opendns.com/
Hope this helps
Posted by: JJ at November 4, 2011 12:00 PMJust wanted to say Thanks for your concise and easy-to-follow explanation of DNS. Cheers!
Posted by: Joel M. at March 3, 2012 12:44 PMfor everyone whose posting about a redirect virus, each computer has something called a hosts file (windows systems) and if you make any changes in this, you can cause redirection. Your hosts file is a file on your computer that contains dns records for certain ip addresses and is only used to override internet hostnames or specify the computer to contact a certain server when that url is entered.
i know that being annoyed with typing in my routers ip address everytime i wanted to access it, i put this little line into my hosts file:
192.168.0.1 dsl
so that everytime i want to access my router, all i have to type in is dsl instead of the whole ip address.
if you are getting redirected the whole time, go to your hosts file located: C:\Windows\System32\drivers\etc\hosts (you can copy that into your address bar in my computer)
and make sure you only have the following in it:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 localhost
if there is anything else in it (e.g a google url), you know that someone has accessed your hosts file and changed it. if this is the case, just copy the above back into your hosts file and it should fix the problem. (for your info: localhost refers to your computer and 127.0.0.1 is the ip for your computer so if you see any name referring to the ip 127.0.0.1, this means that instead of checking the web, it will check your computer for the files instead)
I hope this helps someone with any issues they may be having.
Posted by: ninjakitteh at March 14, 2012 4:40 PMThis is a nice article. i have one doubt though.
Posted by: babu at April 27, 2012 8:54 PMwhen i ping www.google.com i see the below one
Pinging www-infected.l.google.com [216.239.32.6] with 32 bytes of data:
when i ping www.microsoft.com it says host not found. but when opened in ie it still works
i have recently creatd a new domain www.unlocksoul.com i am trying to open the site but it doesnt open in my machine. it says file not found. but it opens up from my friends machine .
any idea how can i check the issue.