Daily Cup of Tech

The DNS cache on your local computer is a list of the most recently accessed DNS entries. If you suspect that some one has just breached your corporate Internet policy by accessing inappropriate web content and they have run a cleaning program that wipes out the Internet cache, you may be able to get a list of the websites from the DNS cache.

Simply type from a command prompt:

ipconfig /displaydns

to display the contents of the DNS cache.

You can then look through to see if there are any domains that should not be there.

Similar Posts:

• Troubleshooting DNS
• Get Command Prompt On Remote System
• The Truth About History Erasers
• Access Locked Resources - Be The Machine
• HowTo Defragment a Drive From The Command Prompt

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/2008/08/18/catch-internet-policy-breakers-with-dns-cache/trackback/

 

8 Responses to “Catch Internet Policy Breakers with DNS Cache”

1. USBman Says:
   August 18th, 2008 at 3:40 pm

   Of course, if you were on the other end of the equation, and wanted to avoid this, you could simply run the following from a command prompt (as administrator, if using Vista):

   ipconfig /flushdns

2. Brian Gaut Says:
   August 18th, 2008 at 4:01 pm

   Just a tip for the other side of the spectrum… if you are looking to hide all traces, you should be able to clean that DNS cache by typing
   ipconfig /flushdns

   ….last time i checked at least
   cheers!

3. Tim Fehlman Says:
   August 18th, 2008 at 4:07 pm

   Definitely, this will remove the entries but how many average users know to do this?

   Well, I guess there are a few more now!

   Tim

4. Aaron Says:
   August 18th, 2008 at 6:23 pm

   I hope NO other users where I work know how to flush it. The DNS that it.

   But seriously, this is great to know. I love having the edge on the morons at work. This is perfect. Keep up the great posts!!

5. David Says:
   August 18th, 2008 at 11:18 pm

   Just curious, but if I’m routing my connections through an SSH Tunnel to my ISP’s proxy at home (so that I don’t need to keep running an proxy server at home), would the DNS cache still have my stuff there?

   Here’s how I ssh: ssh -p 443 -L 8080:singnet.com:8080 root@xxx.xxx

6. Rarst Says:
   August 19th, 2008 at 5:25 am

   Heh, clever trick. Not that I see much users cleaning their mess after they are done.

7. Tim Fehlman Says:
   August 19th, 2008 at 8:08 am

   @David,

   It all depend on where your DNS resolution is taking place, on your local DNS or your remote DNS.

   Tim

8. zagibu Says:
   August 26th, 2008 at 4:34 am

   With the ssh command as it is displayed above, and no other configuration, your DNS cache would still be local.

Leave a Reply