mac flushdns refers to the Terminal commands that clear the local DNS resolver cache on macOS, forcing the system to discard stale domain-to-IP mappings and fetch fresh records.
# macOS 10.10.4+ (El Capitan, Sierra, High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, Sonoma)
sudo killall -HUP mDNSResponderSyntax
# macOS 10.4 – 10.6 (Tiger, Leopard, Snow Leopard)
sudo dscacheutil -flushcache
# macOS 10.7 – 10.9 (Lion, Mountain Lion, Mavericks)
sudo killall -HUP mDNSResponder
# macOS 10.10.1 – 10.10.3 (Yosemite early)
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
# macOS 10.10.4 – 10.12 (Yosemite late, El Capitan, Sierra)
sudo killall -HUP mDNSResponder
# macOS 10.12.1 – macOS Sonoma 14.x
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder| Flag / Command | Type | Default | Description |
|---|---|---|---|
-flushcache (dscacheutil) |
Action | N/A | Flushes the Directory Service cache, which includes DNS entries. |
killall -HUP mDNSResponder |
Signal | N/A | Sends SIGHUP to mDNSResponder, forcing it to reload its cache. |
-q (dscacheutil) |
Query | N/A | Initiates a directory service query (not used for flushing). |
-a (dscacheutil) |
Attribute | N/A | Specifies a key/value pair for query. |
Tested on macOS Sonoma 14.5 with built-in DNS resolver (mDNSResponder).
Usage Examples
After a live DNS change (e.g., updating A record)
# Flush DNS and verify resolution
sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder
ping -c 1 mydomain.comForces immediate use of the new IP. Run after switching hosting providers or editing a zone file.
After modifying /etc/hosts
# Requires sudo even when editing hosts; flush afterward
sudo killall -HUP mDNSResponder
# The change is effective almost instantly after the flush.mDNSResponder caches hosts entries; flushing ensures no stale mapping persists.
Automated daily flush using launchd
# Create a LaunchDaemon to flush DNS at 3am daily
sudo nano /Library/LaunchDaemons/com.flushdns.plistAdd a plist that runs the flush command with ProgramArguments pointing to a script. Not needed in most environments, but useful for lab machines that undergo frequent network reconfiguration.
Troubleshooting & Common Errors
| Error Message | Root Cause | Resolution |
|---|---|---|
killall: No matching processes |
mDNSResponder not running or name mismatch (older macOS used mDNSResponderHelper). | Check process name: ps aux | grep mDNS. On certain systems use sudo killall -HUP mDNSResponderHelper. |
Operation not permitted (dscacheutil) |
Missing sudo. | Prepend sudo to the command. |
dscacheutil: command not found |
Removed in newer macOS build or PATH issue. | Use sudo killall -HUP mDNSResponder alone; dscacheutil is still present in Sonoma. |
| DNS still resolves to old IP after flush | TTL not expired on authoritative server, or multiple caches (browser, CDN). | Wait for TTL to expire, or flush browser cache (Chrome: chrome://net-internals/#dns). |
Security and Operational Best Practices
Flushing the DNS cache on macOS with killall -HUP mDNSResponder is a low‑risk administrative task, but it requires proper privilege control. The command inherently runs as root via sudo; follow the principle of least privilege by granting only the exact binary in /etc/sudoers:
- Least‑privilege IAM: Create a dedicated admin user or add an entry like
username ALL=(ALL) NOPASSWD: /usr/bin/killall -HUP mDNSResponderto avoid exposing a full root shell. For older macOS (10.5–10.6) usesudo /usr/bin/dscacheutil -flushcachesimilarly. - Authentication knobs: macOS enforces
sudoauthentication via the authorization database. To require a password even for NOPASSWD entries, settimestamp_timeout = 0in/etc/sudoers.d/timeout. Thesudocommand itself logs to/var/log/system.log(or unified log). - Audit & logging hooks: macOS uses the unified logging system. Monitor
mDNSResponderflushes with nativelogcommands. For persistent audit trails, enableauditd.
Operationally, flush only after network or DNS server changes. The alias alias flushdns='sudo killall -HUP mDNSResponder' reduces typos. Verify cache size before and after with dscacheutil -statistics. The command completes in under 1 second. Error code 1 indicates no process was killed (e.g., mDNSResponder not running).
# Real‑time stream of mDNSResponder HUP events
sudo log stream --predicate 'process == "mDNSResponder" AND eventMessage contains "HUP"' --style syslog
# View flushes in the last hour
log show --predicate 'process == "mDNSResponder" AND eventMessage contains "HUP"' --last 1h --info
# Enable auditd for persistent audit records (if not already active)
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist
sudo audit -s
Note: journalctl is unavailable on macOS; use the log command. The sudoers configuration strictly limits the allowed binary, enforcing least privilege.
Multi-Cloud / Cross-Platform Equivalents
| Platform | Command | Effect |
|---|---|---|
| macOS | sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder |
Flushes DNS cache via two mechanisms. |
| Windows (10/11/Server) | ipconfig /flushdns |
Clears the DNS resolver cache. |
| Linux (systemd-resolved) | sudo systemd-resolve --flush-caches |
Flushes systemd DNS cache. |
| Linux (nscd) | sudo nscd -i hosts |
Invalidates the hosts cache in nscd. |
Frequently Asked Questions
What is the difference between sudo killall -HUP mDNSResponder and sudo dscacheutil -flushcache?
killall -HUP mDNSResponder sends a SIGHUP signal, causing the daemon to re-read its configuration and discard cached DNS mappings. dscacheutil -flushcache empties the local system cache used by lookupd for hostname resolution, but does not affect the multicast DNS cache held by mDNSResponder. For a complete flush, both commands are often used sequentially on older macOS versions.
When should I use the --clear-cache option in mDNSResponder?
macOS mDNSResponder has no --clear-cache CLI option. The correct procedure varies by version: for Big Sur and later, run sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder. On Monterey and later, a single sudo killall -HUP mDNSResponder suffices. Avoid using --clear-cache as it is not a valid flag.
How do I fix “Could not start mDNSResponder” error when flushing DNS?
Ensure the service is not disabled: sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist and then sudo killall -HUP mDNSResponder. If the error persists, check for conflicting software (e.g., Little Snitch) blocking the process. On macOS 10.15+, verify SIP status as csrutil status; if enabled, third‑party kernel extensions may interfere.
Does sudo killall -HUP mDNSResponder work on macOS Ventura?
Yes, on Ventura and Sonoma (14.x) the canonical one‑liner is sudo killall -HUP mDNSResponder. This also implicitly flushes the directory services cache. For older macOS (Catalina, Big Sur, Monterey), combine both commands: sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder.
What is the fastest way to flush DNS cache on macOS?
Run sudo killall -HUP mDNSResponder as a single command. Execution time is under 200ms. Verify success by checking resolver: scutil --dns | grep 'cache'. For automation in scripts, add || echo "mDNSResponder not running, starting..." && sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist to handle edge cases.
Command Line Expert & Software Engineer
Welcome! I’m Thomas Heinrich, a software engineer and system administrator with a deep passion for the Command Line Interface (CLI). With years of experience navigating the terminal, building backend architectures, and automating server deployments, I created this space to share practical, real-world terminal knowledge.
Whether you are a beginner taking your first steps in a Linux environment or a seasoned DevOps engineer looking to optimize your deployment scripts, you will find actionable solutions here. My goal is to help you ditch the mouse, speed up your workflow, and harness the full power of the command line.