macbook flush dns clears the system-wide DNS resolver cache on macOS by terminating and restarting the mDNSResponder daemon with a SIGHUP signal, forcing fresh DNS lookups from configured servers.
Syntax
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponderTested on macOS Ventura 13.x, Monterey 12.x, Big Sur 11.x, and older releases back to OS X 10.11 El Capitan using the built-in mDNSResponder.
Options and Flags
| Flag / Option | Type | Default | Description |
|---|---|---|---|
-flushcache |
dscacheutil flag | N/A | Clears the Directory Services cache (includes DNS entries). |
-HUP |
killall signal option | N/A | Sends SIGHUP signal to mDNSResponder, forcing it to reload its cache from scratch. |
sudo |
privilege escalation | Required | Needed because dscacheutil and killall interact with system daemons. |
When to Flush DNS
Use the combined command after DNS record changes (domain propagation), site migrations, or when browsers and ping return stale IP addresses. The two commands together clear both the Directory Services cache and the mDNSResponder daemon cache, covering macOS 10.11 through Sonoma 14 on Intel and Apple Silicon.
Usage Examples
Example 1: Flush DNS after domain propagation
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponderAfter changing DNS records for a domain, this command forces the MacBook to query the authoritative nameservers immediately instead of using stale cached entries. Useful during migration or failover scenarios.
Example 2: Diagnose “host not found” errors
ping -c 3 example.com
# If ping shows outdated IP, run:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
ping -c 3 example.comWhen a domain resolves to an old IP in the browser or terminal, flushing the cache confirms whether the issue is client-side vs server-side. Combines DSD cache and mDNSResponder reset for full clearance.
Example 3: Automate with sudoers (no password prompt)
# Add to /etc/sudoers.d/flushdns (using visudo):
# %admin ALL=(ALL) NOPASSWD: /usr/bin/dscacheutil, /usr/bin/killall
# Then run as non-root:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponderFor deeper DevOps integration, configure passwordless sudo for these two binaries. This allows scripts or monitoring tools (e.g., Ansible, shell cron) to flush DNS without interactive password entry.
Troubleshooting & Common Errors
| Error/Output | Root Cause | Resolution Command |
|---|---|---|
sudo: dscacheutil: command not found |
dscacheutil removed or corrupted in macOS | Reinstall Command Line Tools: xcode-select --install |
killall: killing mDNSResponder: No such process |
mDNSResponder not running (e.g., after manual stop) | Start daemon: sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist then re-run. |
Operation not permitted even with sudo |
System Integrity Protection (SIP) prevents killall | Boot into Recovery Mode, run csrutil disable (not recommended). Alternative: reboot and use sudo killall -HUP mDNSResponder only if SIP allows it. |
| DNS still uses old IP after flush | Browser cache or HTTP/2 preload | Clear browser cache (chrome://net-internals/#dns in Chrome) or use incognito mode. |
Multi-Platform Comparison
| Platform | Command | Notes |
|---|---|---|
| macOS (MacBook) | sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder |
Works on 10.11 and later. On older systems, use sudo killall -HUP mDNSResponder alone. |
| Windows | ipconfig /flushdns |
Requires administrator privileges. |
| Linux (systemd-resolved) | sudo systemd-resolve --flush-caches or sudo resolvectl flush-caches |
Distribution-dependent. Alternatively restart network manager. |
| Cloud (AWS EC2 Linux) | No native cloud CLI; flush within instance using Linux commands above. | AWS Route 53 Resolver cache can be flushed via API or console. |
Performance Considerations and Tuning
Flushing the DNS cache on macOS via sudo killall -HUP mDNSResponder is a quick fix for stale records, but it does not address underlying performance issues. To tune DNS resolution, adjust system-level knobs that govern UDP buffer sizes, query timeouts, and cache behavior.
- UDP receive buffer (
net.inet.udp.recvspace) – controls how much data the kernel can buffer for incoming DNS responses. View withsysctl net.inet.udp.recvspace; default is 42080 bytes on macOS. Increase to reduce packet drops under heavy load. - DNS query timeout – managed by the resolver. Check current timeout with
scutil --dns(look for “options timeout:”). The default is 5 seconds. Adjust vianetworksetup -setdnsservers(does not directly change timeout; instead, use a custom resolver configuration in/etc/resolver/). - Cache statistics – examine cache hit rates using
dscacheutil -statistics. A low hit rate may indicate the cache size is too small. Apple’smDNSRespondercache size can be tuned via a launchd plist (e.g.,--CacheEntriesflag), though manual editing of the plist is required.
Example of viewing current buffer sizes and MTU (which affects maximum datagram size for DNS over UDP):
sysctl net.inet.udp.recvspace net.inet.udp.maxdgram net.inet.tcp.mssdfltRefer to Apple’s Kernel Programming Guide and the DNS Resolver System Preferences Manual for authoritative parameter descriptions. Tuning these values improves DNS responsiveness without relying solely on cache flushes.
Security and Operational Best Practices
Flushing the DNS cache on macOS requires administrative privileges, making least‑privilege a core concern. The command sudo killall -HUP mDNSResponder must be run as root — but users should never remain in a root shell. Instead, execute the flush command only when needed and exit any elevated session immediately after.
- Authentication & Privilege: Always use
sudointeractively; avoid scriptingsudowith hardcoded credentials. Verify that only trusted users have/etc/sudoersentries forkillallordscacheutil. - Audit & Logging: macOS does not log the flush itself, but you can monitor
mDNSResponderactivity. Uselog showto capture related events.
# Perform a safe flush
sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder
# After flushing, review recent mDNSResponder logs (last 10 minutes)
log show --predicate "process == 'mDNSResponder'" --last 10m --info
# Check for repeated unauthorized flush attempts in unified log
sudo log show --predicate 'eventMessage contains "flush"' --last 1hRegularly monitor /var/log/system.log for mDNSResponder restarts. Combine with auditd (via sudo audit trails) to capture sudo invocations. This approach provides retroactive visibility into DNS‑cache resets without introducing cloud‑specific IAM — the local best practice is to limit sudo scope and log all privileged executions.
Frequently Asked Questions
What is the difference between sudo dscacheutil -flushcache and sudo killall -HUP mDNSResponder?
Answer: dscacheutil clears the system DNS cache; killall -HUP restarts the mDNSResponder daemon, which also flushes its resolver cache.
The two commands target different layers: dscacheutil flushes the DirectoryServices cache, while killall -HUP forces mDNSResponder to reload its configuration and clear its internal cache. Running only one may leave stale entries. Use the combined command:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponderWhen should I use the -HUP signal instead of -INFO in sudo killall mDNSResponder?
Answer: Use -HUP to restart the daemon and force a complete cache flush.
-INFO sends a SIGINFO signal, which dumps the current mDNS cache statistics to the system log. This is useful for investigating unresolved hostnames but does not purge entries. For a production-grade DNS flush, always use -HUP:
sudo killall -HUP mDNSResponderHow do I fix nslookup still returning a stale IP address after running sudo dscacheutil -flushcache?
Answer: Restart mDNSResponder with sudo killall -HUP mDNSResponder.
A single dscacheutil flush may not purge the mDNSResponder cache. Execute both commands sequentially. For stubborn entries, also reset the DNS resolver by toggling Wi-Fi or running:
sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder && sudo networksetup -setdnsservers Wi-Fi EmptyDoes the sudo killall -HUP mDNSResponder command work on macOS Sonoma (14) and Apple Silicon (M1/M2/M3)?
Answer: Yes, supported on macOS High Sierra (10.13) and later.
The mDNSResponder daemon is present on all modern macOS versions. No platform-specific flags exist. On very old macOS (pre-10.13), use sudo dscacheutil -flushcache alone. Verify the service status:
sudo launchctl list | grep mDNSResponderWhat is the fastest way to flush DNS on a MacBook with a single command for DevOps automation?
Answer: Run sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder as a one-liner.
The semicolon ensures both commands execute even if the first fails. For scripted use, consider capturing exit codes. Example alias:
alias flushdns='sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder; echo "DNS flushed."'
Command Line Expert & Software Engineer
Welcome! I’m Thomas Heinrich, a software engineer and system administrator with a deep passion for the Command Line Interface (CLI). With years of experience navigating the terminal, building backend architectures, and automating server deployments, I created this space to share practical, real-world terminal knowledge.
Whether you are a beginner taking your first steps in a Linux environment or a seasoned DevOps engineer looking to optimize your deployment scripts, you will find actionable solutions here. My goal is to help you ditch the mouse, speed up your workflow, and harness the full power of the command line.