How to flush DNS cache on Linux (for systemd resolved BIND, Dnsmasq or nscd)

This article explains how to flush the DNS cache (clear) on Linux, not only for systems that use systemd resolution (such as Ubuntu 18.04 and later), but also for systems that use nscd, BIND, or Dnsmasq to cache DNS queries.
DNS or Domain Name System, like the phone book of the Internet, translates human-friendly computer host names into IP addresses. E.g, google.com Is translated into 216.58.214.238 IPv4 address, and 2a00:1450:400d:808::200e IPv6 address. In this way, the domain name can change the IP address without affecting its users or changing its name.
A DNS cache (or DNS resolver cache) is a temporary database that stores these records and is used to quickly find a website when you try to access it.
If DNS is cached, some hostnames that have changed recently may not be accessible-before updating or clearing the DNS cache, this is why it is useful to refresh / clear the DNS cache in some cases. After clearing the DNS cache, a new address will be obtained from the DNS server set up for your network.System analysis Is a network name resolution manager. It implements a cached and validated DNS / DNSSEC stub resolver, as well as LLMNR and MulticastDNS resolvers and responders.
By default, systemd-resolved is used for the latest versions of many Linux distributions, including Ubuntu, Linux Mint, and Fedora.
Don’t know if your system uses systemd-resolved? use:

systemctl is-active systemd-resolved

If this command returns active, Your system has systemd-resolved enabled and activated. If there are other things (such as inactive)), Systemd-resolved is not used on the system. Please refresh the DNS cache when using systemd-resolved:

sudo systemd-resolve --flush-caches

Use the following command to check the DNS cache:

systemd-resolve --statistics

of Current Cache Size Is the value you are looking for. If it is 0You just refreshed the DNS cache.
Example output (run immediately after flushing the DNS cache, so the cache size is 0):

$ systemd-resolve --statistics
DNSSEC supported by current servers: no

Transactions
Current Transactions: 0
  Total Transactions: 5538

Cache
  Current Cache Size: 0
          Cache Hits: 3482
        Cache Misses: 2096

DNSSEC Verdicts
              Secure: 0
            Insecure: 0
               Bogus: 0
       Indeterminate: 0

How to flush DNS cache when using BIND

Bind Or “named” acts as an authoritative name server for one or more specific domains, as well as a recursive resolver commonly used in DNS systems, and can act as a cache DNS server. Bind has made three major revisions, of which BIND4 and BIND8 are technically outdated, while BIND9 is a supported version that has DNSSEC in addition to other features and enhancements.
To check if BIND (the service name is “named”) is active on the system (although please note that in most cases it will only be active if you explicitly install and enable the feature), you can run the following command :

systemctl is-active named

When active Returned by the command, indicating that the service is active on your system.
On older systems or systems without systemd, you can instead use the following command to check the service status:

service named status

To flush the BIND (named) DNS cache, use:

sudo rndc flush

For BIND, checking if the DNS cache has been cleared is more complicated. After flushing the DNS cache, run the following command to dump the cache:

sudo rndc dumpdb -cache

The cache file is now saved in /var/named/data/cache_dump.db. You can view this file as the root to check if there are any cached DNS entries:

sudo cat /var/named/data/cache_dump.db

If the cache is refreshed (and therefore no cached DNS entries), this file should look like this:

$ sudo cat /var/named/data/cache_dump.db 

;
; Start view _default
;
;
; Cache dump of view '_default' (cache _default)
;
$DATE 20190711141232
;
; Address database dump
;
; [edns success/4096 timeout/1432 timeout/1232 timeout/512 timeout]
; [plain success/timeout]
;
;
; Unassociated entries
;
;
; Bad cache
;

If it contains entries similar to the following, the DNS cache is not flushed:

102397 IN DNSKEY 256 3 8 (
  AwEAAeVDC34GZILwsQJy97K6Fst4P3XYZrXL
  yrkausYzStEjSUulgh+iLgHg0y7FIF890+sI
  jXsk7KLJUmCOWfYWPorNKEOKLk5Zx/4M6D3I
  HZE3O3m/Eahrc28qQzmTLxiMZAW65MvR2UO3
  LxVtYOPBEBiDgAQA47x2JLsJYtavCzNL5WiU
  k59OgvHmDqmcC7VXYBhK8V8Tic089XJgExGe
  plKWUt9yyc31ra1swJX51XsOaQz17+vyLVH8
  AZP26KvKFiZeoRbaq6vl+hc8HQnI2ug5rA2z
  oz3MsSQBvP1f/HvqsWxLqwXXKyDD1QM639U+
  XzVB8CYigyscRP22QFnwKIU=
  ) ; ZSK; alg = RSASHA256 ; key id = 25266

How to refresh DNS cache when using Dnsmasq

Dnsmasq Is a DNS forwarder and DHCP server that can be used as a cache DNS server.
To check if dnsmasq is active on the system, run:

systemctl is-active dnsmasq

When active Returned by the command, indicating that the service is active on your system.
On older systems or systems without systemd, you can instead check service status using:

service dnsmasq status

To refresh the DNS cache when using Dnsmasq, restart its service:

sudo systemctl restart dnsmasq

On older systems or systems without systemd, refresh the DNS cache of Dnsmasq with

sudo service dnsmasq restart

I couldn’t find a way to check if dnsmasq was refreshed.

How to refresh DNS cache when using nscd

CD Is the name service cache daemon.
To check if nscd is active on the system (although please note that in most cases it is active only if it is installed and explicitly enabled), you can run:

systemctl is-active nscd

When this command returns “active”, it means that the service is active on your system.
On older systems or systems without systemd, you can instead check service status using:

service nscd status

Although you will find most guides online to restart the nscd service, the DNS cache is not actually flushed because the files are still stored in /var/db/nscdAnd use after the nscd service starts again. What you actually want to flush the DNS cache of nscd is Invalidate To invalidate the host cache when using nscd (refresh the DNS host cache), use:

sudo nscd --invalidate=hosts

To check if the DNS cache is cleared, run:

sudo nscd -g

And look at the “Hosts” section (if multiple are enabled), you should see 0 Value of action used data pool size If the DNS cache has just been refreshed. As you use DNS to access various hosts / domain names, it will slowly increase.
Example output (after flushing the DNS cache):

$ sudo nscd -g
nscd configuration:

              0  server debug level
         1m  5s  server runtime
              5  current number of threads
             32  maximum number of threads
              0  number of times clients had to wait
             no  paranoia mode enabled
           3600  restart internal
              5  reload count
.......................................
hosts cache:

            yes  cache is enabled
            yes  cache is persistent
            yes  cache is shared
            211  suggested size
         216064  total data pool size
              0  used data pool size
           3600  seconds time to live for positive entries
             20  seconds time to live for negative entries
              0  cache hits on positive entries
              0  cache hits on negative entries
              5  cache misses on positive entries
......................................

Source

Sidebar