Flush DNS on Linux: systemd-resolved, NetworkManager, and nscd

When your Linux system behaves oddly while accessing websites—or resolves incorrect domains—it might be time to flush the DNS cache. Like your browser’s cache, the DNS cache stores temporary data that helps improve web browsing speed and reduce latency. However, when this cache becomes outdated or corrupt, it can lead to connectivity issues. This is especially important in development or networking scenarios where domain names frequently change. In this article, we’ll explore how to flush the DNS cache in Linux systems that use systemd-resolved, NetworkManager, or nscd (Name Service Cache Daemon).

Understanding DNS Caching in Linux

DNS caching is a mechanism that stores DNS lookups locally. This prevents repeated queries for the same domain name from being resent to DNS servers, which can enhance performance. However, Linux distributes DNS resolution responsibilities differently depending on the system components or services in use.

In modern distributions, you’re most likely to encounter one of the following resolver systems:

• systemd-resolved: Common in newer distributions like Ubuntu 18.04+ and Fedora.
• NetworkManager: Often works with systemd-resolved or another backend.
• nscd (Name Service Cache Daemon): Found in some traditional Unix and enterprise Linux systems.

Each of these systems handles DNS caching differently, which means the method to flush the cache also varies. Let’s walk through each one in detail.

Flushing DNS Cache in systemd-resolved

systemd-resolved is a service provided by systemd to manage DNS queries and caching. It’s becoming the standard in many mainstream Linux distributions. You can verify whether your system uses systemd-resolved by running:

systemctl is-active systemd-resolved

If it’s active, proceed to flush the DNS cache with the following command:

sudo systemd-resolve --flush-caches

To confirm the cache has been cleared, or view current statistics, you can use:

systemd-resolve --statistics

This command displays metrics like the number of cache entries, hits, and misses, helping you ensure the cache flushing was successful.

systemd-resolved Configuration and Debugging

For advanced users, the service’s configuration resides in /etc/systemd/resolved.conf. You can adjust settings like the DNS servers or fallback behaviors. If you experience persistent DNS issues, consider checking journalctl logs for systemd-resolved:

journalctl -u systemd-resolved

This can be incredibly helpful when troubleshooting domain resolution problems stemming from DNS misconfiguration or cache poisoning.

Using NetworkManager to Refresh DNS

NetworkManager is a utility that handles network configuration automatically across many Linux distributions, including desktop environments like GNOME and KDE. While NetworkManager itself doesn’t cache DNS, it often determines what service (like systemd-resolved) handles DNS.

To refresh DNS settings using NetworkManager, you can restart the service:

sudo systemctl restart NetworkManager

This method indirectly forces a DNS re-resolution by restarting connections and related services. If you want to get more granular, you can also disable and re-enable specific network interfaces. For example:

nmcli networking off
nmcli networking on

Or, for a specific device:

nmcli device disconnect eth0
nmcli device connect eth0

This method is particularly useful when switching between networks or resolving domain propagation issues after DNS changes.

Inspecting DNS Settings with nmcli

If you want to inspect which DNS your NetworkManager is using, the command:

nmcli dev show | grep DNS

will list the currently active DNS addresses. This is useful when verifying that DNS settings from DHCP or static addressing are correctly applied.

Flushing DNS with nscd (Name Service Cache Daemon)

While it’s less common in modern desktop Linux systems, nscd is still used in enterprise and legacy environments. It caches name service requests to speed up resolution for hostnames, passwords, and other database objects. First, make sure it’s installed and running:

sudo systemctl status nscd

If it’s active, flushing the DNS cache is straightforward:

sudo nscd -i hosts

This command tells nscd to invalidate (-i) its cache entries for hostnames. If you’d like to flush everything, not just DNS entries, use:

sudo nscd -I

That will reload the entire configuration and clear cached data for all supported databases.

Configuring and Monitoring nscd

nscd is configured via /etc/nscd.conf. You can enable or disable caching for various data types like:

• passwd
• group
• hosts

The file is well-commented, making it reasonably approachable. Monitoring logs via journalctl -u nscd lets you keep an eye on its behavior and identify potential issues.

How to Determine Which Caching Mechanism You Are Using

Not sure which system your Linux machine relies on for DNS caching? Here are a few quick checks:

• Does systemd-resolve --status return meaningful output? If yes, your system likely uses systemd-resolved.
• Does nscd -g provide table entries? You might be using nscd.
• Does resolvectl work on your system? That’s a good cue for systemd-resolved.
• Is dnsmasq or BIND installed? That points to more advanced setups requiring separate steps.

Identifying the DNS resolver in use is crucial before attempting to flush or debug the DNS cache, as flushing the wrong cache will not resolve your problem.

Why Regularly Flushing DNS is Beneficial

While DNS caching enhances performance, it can also be problematic. Here’s why and when you might want to flush it:

• After changing DNS entries: Non-flushed caches may point to old IPs or DNS servers.
• Troubleshooting connectivity issues: Corrupt or poisoned cache leads to failed resolutions.
• Development-era scenarios: When testing a domain migration or switching between staging and production servers.

Regularly flushing the DNS cache helps maintain system health and avoids unexpected site access problems—especially for power users, system administrators, and developers.

Advanced Tips and Tools

If you’re working in a complex environment or need more control over DNS resolution, here are some bonus tools and tips:

• dnsmasq: Acts as a lightweight DNS forwarder with caching capabilities.
• BIND (named): Enterprise-grade DNS server with tunable zone caching and custom expiration.
• dig and nslookup: Debugging tools to test real-time DNS records.
• host: Simple and direct for querying DNS records without cache disruption.

Final Thoughts

Flushing your DNS cache in Linux is a straightforward task—once you know which tool or service handles DNS resolution on your system. Whether you’re using systemd-resolved, NetworkManager, or nscd, understanding how each operates will arm you with the skills to quickly resolve any DNS-related troubleshooting scenario. Keeping your DNS cache clean isn’t just good hygiene—it’s essential for reliable and accurate domain name resolution in today’s dynamic networking landscape.