Your computer caches DNS records from websites you have visited, or servers that you have used in your network. This cache allows your computer to quickly connect to the website, without the need of looking up the IP Address every time. We can flush the cache with the command IPconfig /flushdsn, but did you know that you could also view the cache with the command IPConfig /DisplayDNS?
Besides the ipconfig displaydns command there is also a PowerShell cmdlet that you can use to view the DNS cache. This command will give a more readable result than the IPConfig version.
In this article, I will explain the ipconfig /displaydns command and show you the PowerShell option to view the local DNS cache.
Using the IPConfig /displaydns command
Let’s start with the IPConfig /DisplayDNS command. To view all cached DNS records, you can open a console, for example, PowerShell or Terminal, and type the following command:
ipconfig /displaynds
# (part of the) Result
www.google-analytics.com
----------------------------------------
Record Name . . . . . : www.google-analytics.com
Record Type . . . . . : 1
Time To Live . . . . : 9
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 142.250.178.14
This will give you a list of all DNS records that are cached on your computer. It will show the DNS name and the resource records of the DNS record. But what does it all mean?
| Record | Description |
|---|---|
| Record Name | The DNS record name |
| Record Type | DNS Record type, indicated by a number: 1 – A (address) records, normal IPv4 address record 2 – NS (Name Server) record 5 – CNAME (Alias for another DNS record) 12 – PTR (pointer to a hostname) 28 – AAA record (Used with IPv6) You can find an overview of all numbers here |
| Time To Live | Time in second after which the record is expired (and delete from the cache) |
| Data Length | Length in bytes of the record |
| Section | Indicated that the record contains the answer. Another option is Glue for example |
| A (Host) Record | Actual value of the record |
When running the command you might have noticed that not all records are listed or that records remain even after you have run the command ipconfig /flushdns. That not all records are listed has to do with the time-to-live. Records are removed from the cache when the TTL is expired.
The reason records are still listed after you have run the flushdns command comes due to the fact that entries from your host file won’t be removed. Also, keep in mind that applications running in the background might already have done a new DNS lookup after you have flushed the DNS records.
The IPConfig command is a bit limited in what we can do. For example, we can’t really search for a DNS entry with the command. You could do the following in the command prompt:
ipconfig /displaydns | find "bing.com"
# Result
www.bing.com
Record Name . . . . . : www.bing.com
But as you can see, it only returns the rows that contain the name. Not the complete DNS record with the IP Address.
Get-DnsClientCache
The PowerShell cmdlet to view the DNS records is a bit more powerful. To view all cached DNS records with PowerShell we can use the cmdlet Get-DnsClientCache. The advantage of this cmdlet is that you can easily search through the records, or export them to Excel with the Export-CSV cmdlet.
Get-DnsClientCache
To search for a record we have a couple of options. We can use the parameter name for example, which will only return the records where the entry matches the name. It will search on the exact name by default, but you can add a wildcard * to the string as well:
# Return all records that start with lazysrvlab03 Get-DnsClientCache -Name "lazysrvlab03*" # Or # Get all records that contai microsoftonline Get-DnsClientCache -Name "*lazysrvlab03*"
You can search on all the columns with the help of a parameter. So if you want to view all CNAME records, you could do:
Get-DnsClientCache -type cname
Wrapping Up
The command IPConfig Displaydns or Get-DnsClientCache can help you with troubleshooting DNS issues on a client. Make sure that you also read the article about flushing DNS records and DNS Scavenging.
If you have any questions or tips, just drop a comment below.
