Flush the DNS cache

How to flush the dns cache in each shell

sudo resolvectl flush-caches

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

sudo dscacheutil -flushcache; and sudo killall -HUP mDNSResponder

Clear-DnsClientCache

ipconfig /flushdns

Equivalents listed for Bash, Zsh, Fish, PowerShell, cmd.exe.

Gotchas & notes

• **Resolver landscape on Linux is the trickiest** — what to flush depends on which resolver is installed: (1) **systemd-resolved** (most modern distros) — `sudo resolvectl flush-caches`; older syntax `sudo systemd-resolve --flush-caches`; verify with `resolvectl statistics` (cache hits/misses). (2) **nscd** (Name Service Cache Daemon — older RHEL/CentOS) — `sudo nscd -i hosts` (invalidate hosts table); restart with `sudo systemctl restart nscd`. (3) **dnsmasq** (Raspberry Pi, some routers, OpenWRT) — `sudo killall -HUP dnsmasq` (SIGHUP makes dnsmasq re-read config + drop cache). (4) **dns-clean** (NetworkManager init) — `sudo /etc/init.d/dns-clean restart` on systems still using sysvinit. (5) **No resolver running** — many minimal containers/distros use the libc stub resolver only, which has no cache; nothing to flush.
• **macOS quirk: dscacheutil + mDNSResponder is the official spell** — even though Apple's documentation has changed over the years. On macOS 13+ both commands are still effective; pre-Sonoma it was just `sudo killall -HUP mDNSResponder`. The dscacheutil step is partly historical (Directory Services lookups are cached separately from DNS), but Apple's support page recommends both. Test the flush worked: `host -t a example.com` immediately followed by `dscacheutil -cachedump -entries Host` (returns empty if flushed).
• **Browser DNS cache is SEPARATE from OS DNS cache** — Chrome maintains its own cache and ignores OS flushes for the duration of the browser session. Flush Chrome: navigate to `chrome://net-internals/#dns` → "Clear host cache". Firefox: `about:networking#dns` → "Clear DNS Cache". After updating DNS, you almost always need both an OS flush AND a browser restart. Safari uses macOS's system resolver, no separate cache. Edge inherits Chrome's mechanism (Chromium-based).
• **TTL realities — flushing only helps if your upstream cache cooperates**: when you change a DNS record, the new value propagates only when caches at each layer expire. Layer order from client to authority: browser cache → OS cache → ISP recursive resolver (Comcast, Google 8.8.8.8) → root → TLD → authoritative. `dig example.com +trace` shows each layer. ISP resolvers honour the record's TTL strictly — a 3600s TTL means ~1 hour until they re-query the authoritative server. Lowering TTL BEFORE a planned change (to 60s) and raising it after is the migration playbook. Local OS flush bypasses your machine's cache only — useless if your ISP's resolver still has the old record.
• **Verification idioms**: `dig +nocmd +noall +answer example.com` returns just the resolved record; `dig @8.8.8.8 example.com` queries Google's 8.8.8.8 directly (skips your local + ISP resolver to see authoritative state); `getent hosts example.com` uses the libc stub resolver with all configured nsswitch sources (`/etc/hosts`, mDNS, real DNS). pwsh: `Resolve-DnsName example.com -Server 8.8.8.8` (`-Server` bypasses cache). If the answer is the same before and after flush, EITHER the flush didn't work OR the cache wasn't hot to begin with (already-correct value).

Related commands

• dig
• nslookup