MacOS – How to really (dig) flush the DNS cache on OS X 10.9

dnsmacosNetwork

I'm on OS X 10.9, according to support.apple.com I can flush the cache with

sudo killall -HUP mDNSResponder

Unfortunately this does not really refresh my DNS cache at all, also not like this:

dscacheutil -flushcache; sudo killall -HUP mDNSResponder

E.g.

$ dig www.example.com|grep CNAME
www.example.com.    83955   IN  CNAME   example.com.

If cache were cleared it would be showing a number close to 86400, 3600, 300 or 60 are the TTL values offered by my domain name provider).

If I add @dns-host to dig it works as expected:

$ dig @ns0.transip.net www.example.com|grep CNAME
www.example.com.    60  IN  CNAME   GITHUBACCOUNT.github.io.

I also tried the other commands on that page. In the meantime I work around this by ssh'ing onto one of my servers and check things there. But I'd like a proper way to really refresh all DNS cache on my Mac. How can I do that?

Best Answer

The effect you're seeing has absolutely nothing to do with the caches on your computer.

Instead what you're seeing is that your recursive DNS server (i.e. typically your ISPs DNS server or Google DNS or similar) has taken the original TTL value and subtracted the amount of time passed since it retrieved these records from the authoritative DNS server.

For example let's say that you own example.com and have an authoritative DNS server set up that when queried gives you that CNAME with a TTL of 86400. Then at some random point in time, your ISPs recursive DNS server is asked by someone else for www.example.com and retrieves those records. It caches that information.

Now you come along issuing the dig command without the @ parameter - this means that the request uses the server listed in /etc/resolv.conf, which is typically your ISPs recursive DNS server. Now you get the response back with TTL 83995, which means that 86400-83995=2405 seconds has passed since it originally retrieved those records.

Nowhere in this process is your standard, local macOS DNS cache involved, so mDNSResponder and dscacheutil is not going to change anything at all.

The reasoning behind this is that the authoritative DNS server has essentially stated that "this information is valid for 86400 seconds". The recursive DNS doesn't know if the authoritative DNS server has since been changed to give out new information, so it can only tell you that the information is now valid for a slightly smaller amount of time.

Related Solutions

DNS Cache – How to Flush on macOS 10.6 Snow Leopard

Use

sudo dscacheutil -flushcache

sudo killall -HUP mDNSResponder

In 10.6 the handling of Unicast DNS is now managed by mDNSResponder - dscacheutil -flushcache now just tells mDNSResponder to restart (the second command above).

MacOS – DNS Flush Issue

It sounds to me as though the problem is with Chrome itself since you said that the site works fine in other browsers.

When you visit a webpage (like a search results page), Google Chrome will pre-fetch the IP addresses of all websites that are listed on that page. Since the browser has the IP addresses of all the links in advance, DNS pre-fetching ensures that any links that may you click on that webpage will load faster. However, when pre-fetching fails, something that’s not very uncommon, you may get the “link broken” error. (source)

To disable the pre-fetching, go to Tools > Options (or Preferences on a Mac) > Under the Hood and uncheck the setting that says “Use DNS pre-fetching to improve page load performance.”

Otherwise you can also try simply clearing the cache of that specific site.

Best Answer

Related Solutions

DNS Cache – How to Flush on macOS 10.6 Snow Leopard

MacOS – DNS Flush Issue

Related Question