3

In Windows, is there an API to retrieve the content of the DNS cache. A college of mine asked me this very question but so far I've looked in on MSDN and searched the web but I couldn't find any information on this. His current solution for this is to parse the output of ipconfig /displaydns but I'm sure there is a better way to do it. How does ipconfig reads what's in the cache anyway?

Improve this question

1 Answer 1

Reset to default
11

The DnsQuery function, called with the DNS_QUERY_NO_WIRE_QUERY query option, allows you to look up a specific entry in the cache. This may be sufficient, depending on what exactly you're trying to do. There doesn't appear to be any documented way of enumerating the entries.

Looking at ipconfig.exe it seems it uses several undocumented functions, in particular DnsGetCacheDataTable. A Google Search on this function name produced this code which seems to work, except that one line needs to be corrected; change the typedef to:

typedef int(WINAPI *DNS_GET_CACHE_DATA_TABLE)(PDNSCACHEENTRY);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you very much, this is much appreciated. Just a quick question, what did you use to look at what ipconfig is calling? Just curious to know how this is done cause I tried to do the very same thing on ipconfig using windbg but failed.
I took the easy way out: I looked at the strings appearing in the executable, using strings.exe from MS. Most of the time, you can see any DLL functions called from an executable this way. It's then just a matter of educated guessing which ones might be relevant.
you can also use depends.exe to see what functions an exe imports and uses from other dlls

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.