Use dig +trace To Understand DNS Cold Cache Lookup Time

Use dig +trace To Understand DNS Cold Cache Lookup Time

Once in awhile, your site visitors wait for a cold cache DNS lookup time. The more popular your site, the less likely this is, and visa versa.

It’s hard to notice, because it only happens on first load per visitor per shared DNS resolver. When you experience it on your own site, the common reaction is to hit refresh and see if it happens again. And it doesn’t, so you scratch it up to ‘whatever.’ But is an extra [up to 1] second of page load time really what you want for your first impression? This article is about squeezing in one more performance enhancement by reducing the likelihood of visitors needing to wait for a full cold start DNS lookup.

What you may not realize is that there is a long chain of events that must occur for your site visitors browser to resolve your IP address.

This may help. Here is a screenshot of “dig +trace“:


In this example, the Red Cross nameserver,, was only responsible for 12ms of this 1.0 second frozen cache DNS lookup. A frozen cache lookup is one that starts at the root name servers and works its way up the chain of authority from there. Let’s break it down.

  1. 123ms asking for the list of root nameservers
  2. 803ms asking the root nameservers who is authoritative for .org
  3. 126ms asking the .org nameservers who is authoritative for
  4. 12ms asking the nameservers for the A record

SUM: 1.064 seconds. That’s a long delay for a web page to load. Luckily, cold cache DNS lookups don’t occur for every site visitor.

The way DNS works, the browser making the request will ask its local resolver for the IP of the hostname, and then that local resolver will answer out of cache, if it has it. Internet Service Providers supply this local resolver service, and this shared model allows your neighbors to warm up the cache for you. We could classify the cache levels as follows:

  • hot – A record cached, can answer without further ado
  • warm – missing the A record, has the nameserver cached
  • luke-warm – missing A record, missing nameserver record, has the TLD nameserver cached
  • cold – missing A, missing nameserver, missing TLD nameserver
  • frozen – missing all of the above and missing list of root nameservers

What Can You Do About It?

To try to combat this problem with a cold or frozen cache, you can change the TTL on the A record for your domain to 1 week.

Now, certainly, first time visitors will still pay the DNS lookup time penalty, however, local resolvers will now cache the A record for your site for 1 week. Great, your site just got a performance enhancement! If you do this with your domain, keep in mind that you’ll want to plan ahead for any IP change.

One last thing about DNS local resolvers and their cache. TTLs are more of a suggestion. Some local resolvers will ignore your TTL and cache longer or shorter. So, setting a 1 week TTL may not be honored everywhere.

Written By at .

Leave a Reply

Your email address will not be published. Required fields are marked *