When managing Linux/FreeBSD servers handling high-frequency DNS lookups (like monitoring tools or service discovery systems), cached records can persist longer than desired. Unlike Windows' straightforward ipconfig /flushdns, Unix-like systems require specific approaches depending on the DNS resolver implementation.
First determine which service handles DNS caching:
# Check running services:
ps aux | grep -E 'nscd|unbound|dnsmasq|systemd-resolved'
# Common system configurations:
# 1. nscd (Name Service Cache Daemon)
# 2. unbound (DNS resolver common in FreeBSD)
# 3. systemd-resolved (modern Linux)
# 4. dnsmasq (lightweight resolver)Method 1: nscd (Linux)
# Restart the service (brute-force but effective):
sudo systemctl restart nscd
# Alternative - send invalidation signals:
sudo nscd -i hostsMethod 2: unbound (FreeBSD/Linux)
# Using unbound-control:
sudo unbound-control flush_zone example.com
# Flush everything (requires control setup):
sudo unbound-control flushMethod 3: systemd-resolved (Modern Linux)
# View cache statistics first:
sudo systemd-resolve --statistics
# Clear cache:
sudo systemd-resolve --flush-cachesFor environments requiring frequent cache clearing, create a cron job:
# Example: Clear cache every 15 minutes
*/15 * * * * /usr/bin/systemctl restart nscd >/dev/null 2>&1
# For unbound (with proper ACLs):
*/15 * * * * /usr/local/sbin/unbound-control flush >/dev/null 2>&1Always verify the flush operation:
# Check with dig showing query time:
dig example.com | grep 'Query time'
# Alternative for systemd-resolved:
journalctl -u systemd-resolved --since "1 hour ago" | grep cacheFor large deployments:
- Consider TTL adjustments in DNS records
- Evaluate negative caching impacts
- Implement proper monitoring for DNS resolution times
When managing Linux and FreeBSD servers that perform frequent DNS lookups, cached entries can persist longer than desired - especially problematic during DNS record changes. Unlike Windows' straightforward ipconfig /flushdns, *nix systems require specific approaches depending on the DNS resolver in use.
First determine which caching service your system uses:
# Check active DNS resolver
ps aux | grep -E 'nscd|dnsmasq|systemd-resolved'
# Alternative method for systemd systems:
systemctl list-units | grep -E 'nscd|dnsmasq|resolved'
1. nscd (Name Service Cache Daemon)
The traditional caching service for many Linux distributions:
# Restart the service (brute-force method)
sudo systemctl restart nscd
# More elegant flush (if supported)
sudo nscd -i hosts
2. systemd-resolved
Modern systems using systemd's resolver:
# Flush cache without service restart
sudo systemd-resolve --flush-caches
# Verify cache is cleared
sudo systemd-resolve --statistics
3. dnsmasq
Common in lightweight distributions and routers:
# Send USR1 signal to dump cache
sudo killall -USR1 dnsmasq
# Alternative restart method
sudo systemctl restart dnsmasq
4. FreeBSD Specific (unbound)
FreeBSD typically uses unbound as its resolver:
# Flush cache via local control
sudo unbound-control flush_zone example.com
# Wildcard flush (all domains)
sudo unbound-control flush *
For systems requiring frequent cache clearing, consider these approaches:
# Cron job to flush cache hourly
0 * * * * /usr/bin/systemd-resolve --flush-caches
# Script to clear before critical operations
#!/bin/bash
echo "Pre-deployment DNS cache clearance"
if systemctl is-active --quiet systemd-resolved; then
systemd-resolve --flush-caches
elif systemctl is-active --quiet nscd; then
nscd -i hosts
fi
After clearing cache, verify with:
dig example.com +stats | grep "Query time"
# Subsequent queries should show higher initial query times
For persistent caching issues, consider adjusting TTL values in your DNS configuration or implementing more aggressive cache expiration policies in your resolver configuration files.