Introduction
Flushing the DNS cache on a Linux system is a simple yet essential maintenance task that can resolve connectivity problems, clear outdated records, and improve overall network performance. Whether you’re troubleshooting a website that won’t load, switching to a new DNS provider, or just ensuring that your system resolves domain names accurately, knowing how to flush DNS on Linux is a valuable skill for any user—from beginners to seasoned administrators Not complicated — just consistent..
In this guide we’ll explore the reasons you might need to clear the DNS cache, walk through the most common methods for different Linux distributions, explain the underlying mechanics of DNS caching, and answer frequently asked questions. By the end, you’ll be able to flush DNS confidently on any Linux machine you encounter Not complicated — just consistent..
Why Flush the DNS Cache?
1. Stale or Incorrect Records
When a domain’s IP address changes, the old entry may linger in the local cache. This can cause browsers or applications to continue contacting the previous server, resulting in errors such as “Server not found” or “Connection timed out.” Flushing forces the system to request fresh records from the authoritative DNS servers.
2. DNS‑related Application Issues
Some applications (e.g., web browsers, package managers, or VPN clients) rely heavily on DNS. A corrupted cache can cause them to fail to resolve hostnames, leading to crashes or prolonged loading times.
3. Security and Privacy
Malicious actors sometimes perform DNS spoofing attacks that inject false entries into a cache. Clearing the cache eliminates any potentially compromised records, reducing the attack surface Nothing fancy..
4. Testing DNS Changes
If you’re updating DNS records for a website or service, you’ll want to verify the changes immediately. Flushing the cache guarantees that the test reflects the new configuration rather than an outdated entry.
Understanding DNS Caching on Linux
Linux does not have a single, universal DNS caching service. Instead, caching can be provided by:
| Service | Typical Package | Primary Use |
|---|---|---|
| systemd‑resolved | systemd-resolved |
Integrated with systemd, default on many modern distros (Ubuntu 18.04+, Debian 10+, Fedora 33+) |
| dnsmasq | dnsmasq |
Lightweight DNS forwarder, often used in routers, virtualization hosts, and development environments |
| named (BIND) | bind9 |
Full‑featured DNS server, includes caching capabilities |
| nscd | nscd |
Name Service Cache Daemon, caches various name‑service lookups, including DNS |
| Unbound | unbound |
Recursive resolver with caching, popular for privacy‑focused setups |
Each service has its own command or signal to clear the cache. The following sections cover the most common scenarios Worth keeping that in mind. Practical, not theoretical..
How to Flush DNS on Different Linux Distributions
Ubuntu, Debian, and Derivatives (systemd‑resolved)
Most recent Ubuntu and Debian releases use systemd‑resolved as the DNS resolver. To flush its cache:
sudo systemd-resolve --flush-caches
You can verify that the cache was cleared by checking the statistics:
systemd-resolve --statistics
The output will show Cache: entries reset to zero Less friction, more output..
Restarting the Service (Alternative)
If the --flush-caches flag is unavailable (older versions), restart the service:
sudo systemctl restart systemd-resolved
Fedora, CentOS, RHEL (systemd‑resolved or NetworkManager)
Fedora 33+ also ships with systemd‑resolved, while older releases may rely on NetworkManager with its own DNS cache The details matter here. No workaround needed..
For systemd‑resolved:
sudo resolvectl flush-caches
For NetworkManager:
sudo nmcli networking off
sudo nmcli networking on
Or simply restart the NetworkManager daemon:
sudo systemctl restart NetworkManager
OpenSUSE (systemd‑resolved or dnsmasq)
OpenSUSE Leap 15.Which means 3+ uses systemd‑resolved by default. Use the same commands as Ubuntu And that's really what it comes down to..
sudo systemctl restart dnsmasq
Arch Linux (systemd‑resolved, dnsmasq, or unbound)
Arch users often choose their own resolver. Identify the active service:
systemctl list-units | grep -E 'systemd-resolved|dnsmasq|unbound|nscd'
Then apply the appropriate flush command:
- systemd‑resolved:
sudo resolvectl flush-caches - dnsmasq:
sudo systemctl restart dnsmasq - unbound:
sudo unbound-control flush(requiresunbound-controlto be configured) - nscd:
sudo nscd -i hosts
Using nscd (Name Service Cache Daemon)
If your system runs nscd, flushing is straightforward:
sudo nscd -i hosts # Flush only the hosts (DNS) cache
sudo nscd -i services # Optional: flush other service caches
To restart the daemon entirely:
sudo systemctl restart nscd
Using dnsmasq Directly
dnsmasq is popular on development machines and small networks. The cache can be cleared by sending a SIGHUP signal:
sudo kill -HUP $(pidof dnsmasq)
Or simply restart the service:
sudo systemctl restart dnsmasq
Using BIND (named)
If you are running a full BIND server, clear the cache with the rndc utility:
sudo rndc flush
For a complete restart (useful if rndc is not configured):
sudo systemctl restart named
Step‑by‑Step Example: Flushing DNS on Ubuntu 22.04
-
Open a terminal – Press
Ctrl+Alt+Tor search for “Terminal” in the applications menu. -
Check which resolver is active
resolvectl statusThe output will list
DNSSEC,Current DNS Server, and indicatesystemd-resolvedas the manager. -
Flush the cache
sudo systemd-resolve --flush-caches -
Confirm the flush
systemd-resolve --statisticsYou should see
Cache size: 0or a very low number. -
Optional – Restart the resolver
sudo systemctl restart systemd-resolved -
Test the result
dig example.com +traceThe
+traceoption forces a fresh lookup, bypassing any local cache. Verify that the IP address matches the expected value.
Common Pitfalls and How to Avoid Them
| Symptom | Likely Cause | Fix |
|---|---|---|
systemd-resolve: command not found |
Using an older distro that doesn’t ship systemd-resolve. Also, |
Use resolvectl (newer) or fall back to restarting systemd-resolved. Even so, |
| DNS still resolves to old IP after flush | Browser or application cache retains the old address. | Clear the browser cache or restart the application. In practice, |
No change after sudo service dnsmasq restart |
Another resolver (e. g.On the flip side, , systemd-resolved) is still handling DNS. |
Disable or reconfigure the competing resolver. Even so, |
rndc command fails with “connection refused” |
BIND control channel not configured. | Edit /etc/rndc.key and /etc/named.conf to enable rndc, then retry. |
nscd -i hosts gives “command not found” |
nscd not installed. |
Install it (sudo apt install nscd on Debian/Ubuntu) or use the resolver’s native flush method. |
Frequently Asked Questions
Q1: Do I need to flush DNS on every Linux machine?
Not necessarily. Modern resolvers automatically purge stale entries based on TTL (Time‑to‑Live) values. Even so, manual flushing is useful when you know a record has changed before the TTL expires or when troubleshooting.
Q2: Will flushing DNS affect other users on the same network?
Flushing the local cache only impacts the machine where the command is run. If a router or DNS forwarder (e.g., a corporate DNS server) caches the record, you’ll need to clear that cache separately But it adds up..
Q3: Can I automate DNS flushing after a network change?
Yes. You can add a hook script to NetworkManager’s dispatcher directory (/etc/NetworkManager/dispatcher.d/) that runs systemd-resolve --flush-caches whenever the interface goes up or down.
Q4: Does flushing DNS improve security?
It reduces the window of exposure to poisoned or outdated records, but it is not a substitute for proper DNSSEC validation, encrypted DNS (DoH/DoT), or secure network configurations Worth keeping that in mind. Less friction, more output..
Q5: What is the difference between dig and nslookup for testing after a flush?
Both utilities query DNS, but dig provides more detailed output and respects the +trace option for full resolution paths. nslookup is simpler but may use cached results unless you specify a different server.
Advanced Tips
1. Verify Which Resolver Is Actually Used
Linux can consult multiple sources defined in /etc/nsswitch.conf. Look for the line:
hosts: files dns
If dns appears, the system will query the resolver configured in /etc/resolv.conf is often a symlink to /run/systemd/resolve/stub-resolv.That said, when systemd-resolvedis active,/etc/resolv.conf. conf Most people skip this — try not to..
ls -l /etc/resolv.conf
2. Temporarily Bypass the Cache
If you need an immediate, uncached lookup without flushing, use the @ syntax with dig:
dig @8.8.8.8 example.com
This sends the query directly to Google’s public DNS server, ignoring any local cache.
3. Adjust Cache Size and TTL
For services like dnsmasq or unbound, you can tune cache behavior in their configuration files (/etc/dnsmasq.conf, /etc/unbound/unbound.conf). Reducing the maximum TTL or cache size can lessen the need for manual flushing.
4. Use Systemd’s systemd-resolve --statistics
Beyond confirming a flush, the statistics command gives insight into cache hit rates, which can help you decide whether a larger cache would benefit your workload.
Conclusion
Flushing the DNS cache on Linux is a straightforward process once you know which resolver your system employs. Think about it: whether you’re on Ubuntu with systemd‑resolved, on a minimal Arch setup using dnsmasq, or managing a full‑blown BIND server, the appropriate command or service restart will instantly clear stale entries and restore reliable name resolution. Remember to verify the active resolver, use the correct flush command, and, when necessary, restart the associated service. With these tools at your disposal, you’ll be equipped to troubleshoot connectivity issues, test DNS changes promptly, and maintain a healthier, more secure networking environment on any Linux machine.
