We've all been there - you update DNS records, verify the changes on your nameserver with dig, but client machines stubbornly keep resolving the old records. Even after reducing TTL to 10 minutes, waiting feels inefficient during critical deployments.

Multiple layers cache DNS records:

1. Browser DNS cache (Chrome: chrome://net-internals/#dns)
2. Operating system cache (Windows: DNS Client service)
3. Local recursive resolver (office DNS server)
4. ISP's resolver

When you can't restart the DNS server:

# Flush local OS cache (Windows)
ipconfig /flushdns

# macOS
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

# Linux
sudo systemd-resolve --flush-caches

For emergency testing before propagation completes:

# Edit /etc/hosts (Linux/macOS) or C:\Windows\System32\drivers\etc\hosts
192.0.2.1   example.com www.example.com

Modern browsers implement aggressive caching:

// Chrome DevTools console (force fresh DNS lookup)
chrome://net-internals/#dns
document.getElementById('dns-view-clear-cache').click()

Some networks block rapid DNS changes for security. Try these query variations:

dig @1.1.1.1 example.com +short
dig example.com A +norecurse
nslookup -type=soa example.com

---

When working with domain updates, we often encounter situations where our authoritative nameserver shows the correct records via dig or nslookup, but local office DNS caches stubbornly cling to old records. This typically happens when:

• The TTL (Time To Live) hasn't expired on cached records
• Intermediate resolvers (like office DNS servers) ignore lower TTL values
• Client machines have their own DNS caching mechanisms

1. Client-Side DNS Cache Flushing

For Windows machines, run in Command Prompt:

ipconfig /flushdns

For macOS/Linux:

sudo dscacheutil -flushcache   # macOS
sudo systemd-resolve --flush-caches  # Linux (systemd)

2. Force DNS Query with No-Cache Lookup

Use dig to bypass local cache:

dig +nocmd +nocomments +nostats example.com @8.8.8.8

Or with nslookup:

nslookup -d2 example.com 8.8.8.8

3. Temporary DNS Override via Hosts File

Edit /etc/hosts (Unix) or C:\Windows\System32\drivers\etc\hosts (Windows):

# Temporary override
192.0.2.1   example.com www.example.com

4. Force Different DNS Resolution Path

Change network settings to use public DNS temporarily:

# PowerShell (Windows):
Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses ("8.8.8.8","1.1.1.1")

# Linux:
nmcli con mod eth0 ipv4.dns "8.8.8.8 1.1.1.1"
nmcli con up eth0

5. DNS Query Manipulation

Add random subdomains to force fresh lookups:

# Bash example:
RAND=$RANDOM
dig test${RAND}.example.com

6. Browser-Specific Cache Busting

Chrome/Edge special address:

chrome://net-internals/#dns

7. Network Isolation Testing

Use tcpdump to verify actual DNS traffic:

sudo tcpdump -i eth0 -n port 53

• Always reduce TTL well in advance (24-48 hours) before making DNS changes
• Consider using API-driven DNS services for instant updates
• Document these procedures for your team's runbook