What Are DNS Caches?

The domain name service is the bit of magic that converts names into numbers. It takes device network names and website names and looks up their IP addresses. The network can then use the IP address to correctly route traffic to those devices or sites.

These look-ups, known as requests, don’t happen instantaneously. There’s a small, finite period of time involved. Internet DNS requests may require querying precursor DNS servers, root name servers, top-level domain servers, and authoritative name servers. DNS requests are fast, but to make them faster still, the answers to recent DNS requests are cached on the DNS precursor servers.

If the answer to a DNS request is found in the precursor server’s cache, no further servers need to be contacted. The answer is sent back from the precursor server’s cache. Similarly, a small cache is maintained by your broadband router at home. If you ask for a local network device using its network device name, your router provides the IP address. It may also cache responses it has received from external DNS servers.

Usually, networks and Linux computers are configured to use external DNS services, either provided by your Internet Service Provider or by a free service such as OpenDNS or Google DNS. There are good reasons why some people run their own DNS server, but most of us don’t. However, your Linux computer—even if it isn’t running a DNS server—can optionally cache DNS request results.

The trouble with using cached data is the whole thing is predicated on the assumption that none of the cached details have changed since they were cached. If the details have changed, the information you receive will be out of date.

If a cache entry or the entire cache becomes corrupt, you’ll receive flaky performance at best, and security vulnerabilities at worst. That’s when you’ll want to looking into “flushing” or clearing the DNS cache.

Is Your Computer Using a Local DNS Cache?

Some of our test computers had local DNS caches turned on, and others had it turned off. It was off on our Manjaro 21 computer, but it was turned on by default on Fedora 37 and Ubuntu 22.10.

To determine whether your Linux computer is caching DNS requests, use the is-active option of the systemctl command. The daemon that manages the DNS cache is the systemd network name resolution manager, known as systemd-resolved.

If the response is “active”, DNS caching is taking place. If the response is “inactive”, it isn’t. On this particular computer, it is active. We can use the resolvectl command with the statistics option to see how many records are in the cache.

We can see there are 330 entries in the DNS cache of this computer.

RELATED: How to Kill Processes From the Linux Terminal

Reviewing Your DNS Cache

Reviewing the DNS cache entries is not a prerequisite to flushing the cache, and if you have no interest in doing so, you can skip this entire step. Sometimes, though, it can be informative. You might see scrambled entries that indicate corruption, or you might see error messages related to device addressing problems on your network.

Now, there isn’t a straightforward way to see these entries. We can do it but need to be a little creative. USR1, or user-defined signal number one, is a signal that can be sent by the kill and killall commands. This signal has no predefined meaning. Applications are free to ignore this signal or to react in whatever way the developers have implemented.

The systemd-resolved daemon reacts to USR1 by writing its cache to the system logs. We can then use the journalctl command to filter out the DNS entries.

We’ll use the killall command with USR1 To send the signal to the systemd-resolved daemon. Note that although we’re using the killall command, the systemd-resolved daemon continues to run. This isn’t a termination signal that we’re sending.

Now we’ll use the journalctl command with the -u (filter by systemd unit) option to extract the log entries that have been generated by systemd-resolved . We’ll redirect that output into a text files called “dns.txt.”

We’ll use the less file viewer to view the contents of the file.

You’ll be able to find the cached mappings between domain names and IP addresses by scrolling and searching through the text.

We can see an entry for Google that has an IP address of 216.58.212.196. You can check that by putting the IP address in a web browser. You should see the home page of Google search.

How to Clear the DNS Cache on Linux

Flushing the cache removes all entries, and starts the collection process once more. If there are any, this forcibly removes incorrect and corrupt entries from the cache.

The command is simple; we use resolvectl with the flush-caches option.

We’re silently returned to the command line. To confirm that something has actually happened, we’ll check the DNS cache statistics again.

We can see that the cache size is dropped to zero. It will increase over time as it accumulates new entries.

How to Flush the dnsmasq Cache on Linux

The dnsmasq application provides a DNS cache and a DHCP server. It is popular with users who want to run their own DNS server, especially on non-systemd installations.

Flushing the dnsmasq DNS cache is easy. We need to send the SIGHUP signal, which tells the dnsmasq daemon to effectively reinitialize. Doing so clears its DNS cache. To send the signal we use the killall command with the -HUP flag, and the name of the application.

Flushed, With Success

Of course, if your computer isn’t caching at all, there’s nothing you need to check.

If it is caching DNS requests but everything is working just fine, you can ignore it too. But if you’re experiencing slow or sporadic webpage updates when you’re browsing the web, or seeing the wrong webpages altogether, it’s probably a good time to clear your DNS cache.