Daily Cup of Tech

The DNS cache on your local computer is a list of the most recently accessed DNS entries. If you suspect that some one has just breached your corporate Internet policy by accessing inappropriate web content and they have run a cleaning program that wipes out the Internet cache, you may be able to get a list of the websites from the DNS cache.

Simply type from a command prompt:

ipconfig /displaydns

to display the contents of the DNS cache.

You can then look through to see if there are any domains that should not be there.

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/2008/08/18/catch-internet-policy-breakers-with-dns-cache/trackback/

 

8 Responses to “Catch Internet Policy Breakers with DNS Cache”

1. USBman Says:
   August 18th, 2008 at 3:40 pm

   Of course, if you were on the other end of the equation, and wanted to avoid this, you could simply run the following from a command prompt (as administrator, if using Vista):

   ipconfig /flushdns

2. Brian Gaut Says:
   August 18th, 2008 at 4:01 pm

   Just a tip for the other side of the spectrum… if you are looking to hide all traces, you should be able to clean that DNS cache by typing
   ipconfig /flushdns

   ….last time i checked at least
   cheers!

3. Tim Fehlman Says:
   August 18th, 2008 at 4:07 pm

   Definitely, this will remove the entries but how many average users know to do this?

   Well, I guess there are a few more now!

   Tim

4. Aaron Says:
   August 18th, 2008 at 6:23 pm

   I hope NO other users where I work know how to flush it. The DNS that it.

   But seriously, this is great to know. I love having the edge on the morons at work. This is perfect. Keep up the great posts!!

5. David Says:
   August 18th, 2008 at 11:18 pm

   Just curious, but if I’m routing my connections through an SSH Tunnel to my ISP’s proxy at home (so that I don’t need to keep running an proxy server at home), would the DNS cache still have my stuff there?

   Here’s how I ssh: ssh -p 443 -L 8080:singnet.com:8080 root@xxx.xxx

6. Rarst Says:
   August 19th, 2008 at 5:25 am

   Heh, clever trick. Not that I see much users cleaning their mess after they are done.

7. Tim Fehlman Says:
   August 19th, 2008 at 8:08 am

   @David,

   It all depend on where your DNS resolution is taking place, on your local DNS or your remote DNS.

   Tim

8. zagibu Says:
   August 26th, 2008 at 4:34 am

   With the ssh command as it is displayed above, and no other configuration, your DNS cache would still be local.

Leave a Reply