How To Clear DNS Cache on Linux

The Domain Name System (DNS) cache plays a vital role in speeding up your browsing experience by storing recently resolved domain names and their corresponding IP addresses. However, there are times when clearing this cache becomes necessary, especially when you encounter network connectivity issues or when DNS records have been updated. This comprehensive guide will walk you through various methods to flush DNS cache on Linux systems, regardless of which DNS resolver you’re using.

Understanding DNS Cache in Linux

DNS caching serves as a temporary database that stores information about your recent DNS lookups. When you visit a website, your system queries a DNS server to translate the domain name (like example.com) into an IP address. This translation is then stored in the DNS cache to speed up future visits to the same website.

Linux systems handle DNS caching differently from Windows and macOS. Rather than having a centralized caching mechanism, Linux distributions employ various DNS resolver services that may maintain their own caches. These services include systemd-resolved, dnsmasq, NSCD, and BIND.

The benefits of DNS caching include:

• Faster browsing experiences as repeated DNS lookups are avoided
• Reduced network traffic and bandwidth usage
• Decreased load on DNS servers
• Improved overall system performance

However, outdated or corrupted DNS cache can lead to several issues:

• Websites being inaccessible due to outdated DNS records
• Loading incorrect or outdated website versions
• Security vulnerabilities if malicious DNS entries are cached
• Connectivity problems after network configuration changes

Identifying Your Linux DNS Resolver

Before clearing your DNS cache, you need to identify which DNS resolver your Linux system is using. Different distributions use different resolvers by default, and knowing which one you’re using will determine the method you’ll need to follow.

To identify your DNS resolver, use the following commands:

Check your DNS configuration file:

cat /etc/resolv.conf

This will show you the nameservers your system is configured to use. Look for lines that start with “nameserver” followed by an IP address.

To check if systemd-resolved is active on your system:

systemctl status systemd-resolved

For dnsmasq:

systemctl status dnsmasq

For NSCD (Name Service Cache Daemon):

systemctl status nscd

The output of these commands will indicate whether the respective service is running. If the service is active, you’ll see “active (running)” in the output.

Prerequisites Before Clearing DNS Cache

Before proceeding with clearing your DNS cache, ensure you have:

1. Root or sudo privileges: Most DNS services require administrative access to flush their caches. If you don’t have such privileges, you’ll need to contact your system administrator.
2. Terminal access: You’ll need to run commands in a terminal. Open the terminal by pressing Ctrl+Alt+T on most Linux distributions or search for “Terminal” in your application menu.
3. Backup important configurations: If you’re planning to modify configuration files, it’s always a good practice to create backups first.
4. Understand potential impacts: Clearing the DNS cache means your system will need to perform fresh DNS lookups for websites you visit, which might temporarily slow down your browsing experience.

Clearing DNS cache is necessary when:

• You’ve recently updated DNS records and need to see the changes immediately
• You’re experiencing website connectivity issues
• You suspect DNS poisoning or other security concerns
• After changing network configurations or DNS servers

Method 1: Using systemd-resolved

Many modern Linux distributions including Ubuntu 18.04+, Fedora, and CentOS 8+ use systemd-resolved as their default DNS resolver. Here’s how to flush its DNS cache:

Step 1: Verify that systemd-resolved is running:

systemctl status systemd-resolved

You should see output indicating that the service is active and running.

Step 2: Flush the DNS cache using the resolvectl command:

sudo resolvectl flush-caches

On older systems or different versions, you might need to use:

sudo systemd-resolve --flush-caches

Step 3: Verify that the cache was successfully cleared:

sudo resolvectl statistics

Look for the “Cache entries” or “Current Cache Size” values in the output. After flushing, these values should be zero or significantly lower than before.

Example output after clearing the cache:

DNSSEC supported by current servers: no
Transactions
Current Transactions: 0
  Total Transactions: 127
Cache
  Current Cache Size: 0
          Cache Hits: 76
        Cache Misses: 51

If you encounter any issues, such as “command not found,” ensure your system is actually using systemd-resolved and that the resolvectl command is available. On some distributions, you might need to install additional packages.

Method 2: Using Signal Commands

For systems that use systemd-resolved but where the resolvectl command isn’t working properly, you can use signal commands as an alternative method.

Step 1: Send the USR2 signal to systemd-resolved to flush the cache:

sudo killall -USR2 systemd-resolved

This sends a signal to the systemd-resolved process instructing it to flush its DNS cache.

Step 2: Verify that the cache was cleared by checking the systemd-resolved journal:

sudo journalctl -r -u systemd-resolved

Look for entries related to cache flushing in the logs. You should see a message indicating that the cache was cleared.

Step 3: Optionally, you can send the USR1 signal to see statistics:

sudo killall -USR1 systemd-resolved

The advantage of this method is that it doesn’t require specific commands like resolvectl but relies on standard Linux signals. It’s particularly useful in environments where command availability might be restricted or when the standard commands aren’t working as expected.

Method 3: Managing DNS with dnsmasq

Dnsmasq is a lightweight DNS caching server commonly used in many Linux distributions, especially those designed for routers, embedded systems, and older desktop distributions.

Step 1: Check if dnsmasq is running on your system:

systemctl status dnsmasq

Step 2: If dnsmasq is active, clear its cache by restarting the service:

sudo systemctl restart dnsmasq

Alternatively, you can send the HUP signal to dnsmasq to clear its cache without fully restarting:

sudo killall -HUP dnsmasq

Step 3: Verify that the cache was cleared by checking syslog:

sudo grep dnsmasq /var/log/syslog

or

sudo journalctl -u dnsmasq

You should see entries indicating that dnsmasq was restarted or received the HUP signal.

For different Linux distributions, the command paths or service names might vary slightly:

• On Debian/Ubuntu: sudo service dnsmasq restart
• On older RedHat/CentOS systems: sudo service dnsmasq restart
• On systems using systemd: sudo systemctl restart dnsmasq

Dnsmasq is particularly common in network gateway devices running Linux and in lightweight distributions. Its configuration can be found in /etc/dnsmasq.conf if you need to make more advanced adjustments to its caching behavior.

Method 4: Using nscd for DNS Cache Management

The Name Service Cache Daemon (nscd) is commonly used in Red Hat, CentOS, and some other enterprise Linux distributions. It caches name service lookups, including DNS queries.

Step 1: Check if nscd is running on your system:

systemctl status nscd

Step 2: If nscd is active, clear its DNS cache by restarting the service:

sudo systemctl restart nscd

Alternatively, you can clear just the hosts cache (which contains DNS entries) without restarting the entire service:

sudo nscd -i hosts

Step 3: Verify that the cache was cleared:

sudo nscd -g

This command displays the current statistics of nscd caches. After clearing, the hosts cache hit rate should be reset or significantly lower.

NSCD configuration can be customized in /etc/nscd.conf. By modifying this file, you can adjust cache sizes, TTL values, and other caching parameters. For example, to disable DNS caching entirely while keeping other name service caching enabled, you can set:

enable-cache            hosts           no

Common issues with nscd include permission problems and conflicts with other caching services. If you’re using both nscd and another DNS caching service (like systemd-resolved), they might interfere with each other. In such cases, it’s recommended to use only one DNS caching service.

Method 5: BIND DNS Server Cache Management

BIND (Berkeley Internet Name Domain) is the most widely used DNS server software on the internet. While it’s less common on desktop Linux systems, it’s often used on servers and can include a DNS cache that needs to be flushed occasionally.

Step 1: Check if BIND is running on your system:

systemctl status named

or

systemctl status bind9

Step 2: If BIND is active, clear its cache using the rndc command:

sudo rndc flush

To clear all cache:

sudo rndc flushall

To clear cache for a specific domain:

sudo rndc flushname example.com

Step 3: Verify that the cache was cleared by checking the BIND logs:

sudo journalctl -u named

or

sudo grep named /var/log/syslog

Look for entries indicating that the cache was flushed.

BIND is most commonly encountered in server environments or when your Linux system is configured as a DNS server for a network. If you’re using BIND simply as a resolver, its cache can still affect your DNS lookups, so knowing how to clear it is valuable for troubleshooting.

Distribution-Specific Instructions

Different Linux distributions use different DNS resolvers by default. Here’s how to clear DNS cache on some popular distributions:

Ubuntu/Debian-based Systems

Modern Ubuntu systems (18.04 and newer) use systemd-resolved:

sudo resolvectl flush-caches

For older Ubuntu/Debian systems using dnsmasq:

sudo systemctl restart dnsmasq

For even older systems using nscd:

sudo /etc/init.d/nscd restart

RedHat/CentOS/Fedora Systems

Modern Fedora and RHEL 8+ systems use systemd-resolved:

sudo resolvectl flush-caches

CentOS 7 and RHEL 7 often use nscd:

sudo systemctl restart nscd

or

sudo nscd -i hosts

Arch Linux and Derivatives

Arch Linux typically uses systemd-resolved:

sudo resolvectl flush-caches

SUSE/openSUSE

OpenSUSE uses various resolvers. Check which one is active and use the appropriate method:

For systemd-resolved:

sudo resolvectl flush-caches

For dnsmasq:

sudo systemctl restart dnsmasq

When adapting these methods to other distributions, first identify the DNS resolver using the commands in the “Identifying Your Linux DNS Resolver” section, then apply the appropriate clearing method.

Automating DNS Cache Clearing

For scenarios where regular DNS cache clearing is needed, automating the process can save time and ensure consistency. Here’s how to create a simple bash script that works across different distributions:

Step 1: Create a new script file:

sudo nano /usr/local/bin/clear-dns-cache.sh

Step 2: Add the following content to the script:

#!/bin/bash
# Script to clear DNS cache on Linux
# Detects and uses the appropriate method based on the system configuration

# Check for root privileges
if [ "$(id -u)" -ne 0 ]; then
    echo "This script must be run as root. Try using sudo."
    exit 1
fi

# Try systemd-resolved
if systemctl is-active systemd-resolved >/dev/null 2>&1; then
    echo "Clearing systemd-resolved DNS cache..."
    resolvectl flush-caches 2>/dev/null || systemd-resolve --flush-caches 2>/dev/null
    echo "Cache cleared. Current statistics:"
    resolvectl statistics 2>/dev/null || systemd-resolve --statistics 2>/dev/null
    exit 0
fi

# Try dnsmasq
if systemctl is-active dnsmasq >/dev/null 2>&1; then
    echo "Clearing dnsmasq DNS cache..."
    systemctl restart dnsmasq
    echo "Dnsmasq restarted and cache cleared."
    exit 0
fi

# Try nscd
if systemctl is-active nscd >/dev/null 2>&1; then
    echo "Clearing nscd DNS cache..."
    nscd -i hosts 2>/dev/null || systemctl restart nscd
    echo "NSCD hosts cache cleared."
    exit 0
fi

# Try BIND
if systemctl is-active named >/dev/null 2>&1 || systemctl is-active bind9 >/dev/null 2>&1; then
    echo "Clearing BIND DNS cache..."
    rndc flush
    echo "BIND cache cleared."
    exit 0
fi

echo "No supported DNS caching service found running on this system."
exit 1

Step 3: Make the script executable:

sudo chmod +x /usr/local/bin/clear-dns-cache.sh

Step 4: To run the script:

sudo /usr/local/bin/clear-dns-cache.sh

Step 5: To schedule automatic clearing with cron:

sudo crontab -e

Add a line to run the script daily at midnight:

0 0 * * * /usr/local/bin/clear-dns-cache.sh

Security considerations for automated scripts:

• Ensure the script file has appropriate permissions (readable and executable only by root)
• Be cautious about frequency; too frequent clearing can reduce browsing performance
• Consider logging the script’s actions for future reference
• Avoid hardcoding sensitive information in the script

Troubleshooting Common DNS Issues

When clearing the DNS cache doesn’t resolve your network issues, consider these common problems and solutions:

Command Not Found Errors

Problem: Commands like resolvectl or systemd-resolve are not found.
Solution: Verify your distribution and install necessary packages:

sudo apt update && sudo apt install systemd-resolved  # For Debian/Ubuntu
sudo dnf install systemd-resolved  # For Fedora/RHEL

Permission Denied Issues

Problem: Getting “permission denied” errors when running commands.
Solution: Ensure you’re using sudo or have root privileges:

sudo resolvectl flush-caches

No Apparent Effect After Clearing Cache

Problem: Websites still load incorrect or outdated content after clearing DNS cache.
Solution:

• Check browser cache (which is separate from DNS cache)
• Try using different DNS diagnostic tools:

dig example.com
nslookup example.com
host example.com

• Consider changing your DNS servers temporarily:

sudo nano /etc/resolv.conf

Add lines like:

nameserver 8.8.8.8
nameserver 8.8.4.4

Cannot Determine Active DNS Resolver

Problem: Unable to identify which DNS resolver is running.
Solution:

ps aux | grep -E 'dnsmasq|systemd-resolve|named|nscd'

This will show running processes related to DNS resolution.

Advanced DNS Cache Management

For users who need more control over DNS caching behavior, consider these advanced techniques:

Modifying TTL Settings

Time-to-Live (TTL) values determine how long DNS records stay in cache. To modify default TTL for systemd-resolved:

sudo nano /etc/systemd/resolved.conf

Add or modify:

[Resolve]
Cache=yes
CacheFromLocalhost=no
DNSStubListener=yes
DNSSEC=allow-downgrade
FallbackDNS=8.8.8.8 8.8.4.4

Working with Custom DNS Resolvers

If you’re using custom DNS resolvers for privacy or performance, ensure cached records don’t interfere:

sudo nano /etc/NetworkManager/conf.d/dns.conf

Add:

[main]
dns=none

Then create:

sudo nano /etc/resolv.conf

Add your preferred DNS servers:

nameserver 1.1.1.1
nameserver 1.0.0.1

Make the file immutable to prevent automatic overwriting:

sudo chattr +i /etc/resolv.conf

Performance Tuning

For systems with high DNS query loads, consider these performance optimizations:

• Increase cache size for dnsmasq:

sudo nano /etc/dnsmasq.conf

Add:

cache-size=1000

• Use a local DNS cache with forwarding:

sudo apt install unbound
sudo systemctl enable --now unbound

Configure unbound for local caching with forwarding to external DNS servers for enhanced performance and privacy.

Comparing Browser vs. System DNS Caching

It’s important to understand the difference between browser DNS caching and system DNS caching:

Browser DNS Cache

• Specific to each web browser (Chrome, Firefox, etc.)
• Cleared through browser settings or private browsing
• Often shorter cache times than system DNS
• Controls only that browser’s DNS lookups

To clear browser DNS cache:

• Chrome: Navigate to chrome://net-internals/#dns and click “Clear host cache”
• Firefox: Enter about:config, set network.dnsCacheExpiration to 0
• Safari: No direct method; clearing all browser data is required

System DNS Cache

• Affects all applications on the system
• Cleared using the methods described in this article
• Typically has longer cache times
• Controls DNS lookups for all network operations

Understanding this relationship is crucial because clearing system DNS cache won’t affect browser cache and vice versa. For complete DNS refresh, both need to be cleared.