How to Flush Your DNS Cache

Flushing your DNS cache clears the locally stored DNS records on your device, forcing it to fetch fresh results from DNS servers. This is one of the first troubleshooting steps when a website isn't loading correctly or when you've recently made DNS changes like updating an A record or switching nameservers.

Why Flush Your DNS Cache

Your operating system caches DNS lookups to speed up repeat visits. But this cache can become stale or incorrect:

• After changing DNS records -- you updated an A record or AAAA record, but your browser still shows the old IP
• After a DNS migration -- you moved to a new DNS provider like DNScale and want to verify the change immediately
• Website not loading -- the cached record points to a server that's no longer responding
• DNS poisoning concerns -- a corrupted cache entry is returning the wrong IP address. See DNS Attacks and Threats for more on this.
• Troubleshooting connectivity -- ruling out stale DNS as the cause of network issues, especially when encountering DNS_PROBE_FINISHED_NO_INTERNET errors

Understanding the DNS Cache Layers

Before flushing, it helps to understand that DNS responses are cached at multiple levels, each with its own behavior:

Layer 1: Browser Cache

Your browser maintains its own DNS cache, separate from the OS. Chrome, Firefox, Edge, and Safari all cache DNS lookups internally. This cache is typically short-lived (1-2 minutes) but can cause confusion when you've already flushed the OS cache.

Layer 2: Operating System Cache

Your OS maintains a DNS resolver cache. This is what most people mean when they say "flush DNS." On Windows this is the DNS Client service, on macOS it's mDNSResponder, and on Linux it may be systemd-resolved or nscd.

Layer 3: Recursive Resolver Cache

Your ISP or public resolver (like 8.8.8.8 or 1.1.1.1) caches responses according to the TTL value on each record. You cannot flush this cache -- you must wait for the TTL to expire. This is why TTL planning matters before making DNS changes.

Layer 4: Upstream and CDN Caches

Some networks, corporate proxies, and CDN edge servers also cache DNS. These are generally outside your control.

To fully test a DNS change, you need to clear layers 1 and 2, and then either wait for layer 3 or bypass it by querying nameservers directly with dig.

Flush DNS on Windows

Windows 10 / 11

Open Command Prompt or PowerShell as Administrator:

ipconfig /flushdns

You'll see: Successfully flushed the DNS Resolver Cache.

To verify the cache is empty:

ipconfig /displaydns

This will show all currently cached DNS entries. After a successful flush, the list should be empty or very short (it begins repopulating immediately as your system makes new queries).

Reset the DNS Client Service

If flushing alone doesn't work:

net stop dnscache
net start dnscache

On Windows, you may also need to clear the browser cache (see below) since browsers maintain their own DNS cache independent of the OS.

PowerShell Alternative

Clear-DnsClientCache

You can also view cache statistics:

Get-DnsClientCache

Flush DNS on macOS

The command varies by macOS version, but this works on macOS Monterey and later (including Ventura, Sonoma, and Sequoia):

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

Enter your admin password when prompted. There's no confirmation message -- the command completes silently.

Older macOS Versions

Verifying on macOS

Unlike Windows, macOS doesn't have a built-in command to view the DNS cache contents. You can verify the flush worked by using dig to query before and after:

# Check current resolution
dig example.com +short
 
# Flush
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
 
# Check again -- should reflect any recent changes
dig example.com +short

Flush DNS on Linux

Linux distributions vary in their DNS caching behavior. Many don't cache DNS by default, but if you use systemd-resolved, dnsmasq, or nscd, here's how to clear them:

systemd-resolved (Ubuntu 18.04+, Fedora, Arch)

sudo systemd-resolve --flush-caches

Or on newer versions:

sudo resolvectl flush-caches

Verify with:

resolvectl statistics

This shows cache size, hits, and misses. After flushing, the "Current Cache Size" should be 0.

dnsmasq

sudo systemctl restart dnsmasq

Or send the SIGHUP signal to clear the cache without a full restart:

sudo killall -HUP dnsmasq

nscd (Name Service Cache Daemon)

sudo systemctl restart nscd

Or invalidate just the hosts cache:

sudo nscd -i hosts

No Cache Daemon Running

If your Linux system doesn't run any of these services, DNS is not cached at the OS level. Each application resolves DNS independently through the system's stub resolver. In this case, there's nothing to flush -- simply restart the application (or browser) to clear any application-level cache.

Flush DNS in Browsers

Browsers maintain their own internal DNS cache, separate from the OS cache. Flushing the OS cache alone may not be enough.

Chrome

Chrome maintains its own internal DNS cache. To clear it:

1. Open Chrome and navigate to: chrome://net-internals/#dns
2. Click Clear host cache
3. Optionally, also go to chrome://net-internals/#sockets and click Flush socket pools

Flushing socket pools is important because Chrome can reuse existing connections (HTTP keep-alive), which means even with a fresh DNS cache, it might still use the old IP address for an existing connection.

Firefox

Firefox doesn't have a built-in DNS cache flush button. You have several options:

• Restart the browser entirely
• Set network.dnsCacheExpiration to 0 in about:config (temporarily disables DNS caching)
• Set network.dnsCacheEntries to 0 in about:config

Safari

Enable Develop menu (Settings -> Advanced -> Show features for web developers), then Develop -> Empty Caches.

Edge

Same as Chrome -- navigate to edge://net-internals/#dns and click Clear host cache.

When to Flush vs. When to Wait

Verify DNS Changes Without Flushing

Instead of flushing your cache, you can query a DNS server directly to check if your changes have propagated. This bypasses all local caches:

# Query Google's public DNS
dig example.com @8.8.8.8
 
# Query Cloudflare's DNS
dig example.com @1.1.1.1
 
# Query your DNScale nameserver directly (most authoritative)
dig example.com @ns1.dnscale.eu
 
# Check a specific record type
dig MX example.com @ns1.dnscale.eu
dig TXT example.com @ns1.dnscale.eu
dig AAAA example.com @ns1.dnscale.eu

Querying the authoritative nameserver directly (@ns1.dnscale.eu) shows you exactly what DNScale is serving, regardless of propagation state. If the authoritative answer is correct but public resolvers still show old data, the issue is caching -- just wait for the TTL to expire.

Querying @ns1.dnscale.eu directly bypasses all caching layers and gives you the ground truth. This is the best way to confirm your changes are correct before waiting for global propagation.

Understanding DNS Cache TTL

DNS caching is controlled by the TTL (Time to Live) value set on each record. When you flush your cache, you're clearing entries before their TTL expires.

Pro tip: If you plan to make DNS changes, lower the TTL to 300 seconds (5 minutes) a day before the change. After the change propagates, restore the original TTL. This minimizes the window where stale records are served. See DNS TTL Best Practices for more strategies.

Common TTL values and their cache behavior:

Related Topics

• What Is DNS -- how the Domain Name System works
• What Is TTL -- how cache duration works in DNS
• DNS TTL Best Practices -- recommended TTL strategies
• DNS Propagation Explained -- why DNS changes take time
• Fix DNS_PROBE_FINISHED_NO_INTERNET -- troubleshooting DNS errors in Chrome
• DNS Server Types -- understanding resolvers and authoritative servers
• DNS Attacks and Threats -- when cache poisoning may require a flush

Conclusion

Flushing your DNS cache is a quick, safe operation that forces your device to fetch fresh DNS data. Whether you're troubleshooting connectivity issues, verifying DNS record changes after updating records in DNScale, or clearing a potentially poisoned cache, understanding the multiple cache layers -- browser, OS, and resolver -- helps you target the right one. For the fastest verification of changes, bypass caching entirely by querying your authoritative nameserver directly with dig example.com @ns1.dnscale.eu.