A DNS cache records all the websites you’ve visited over a set amount of time. Simply put, your DNS cache is a list of websites you visited in the past that’s stored on your device. Your computer uses it to speed up visits to those same websites, making it an important component of how we access the internet.
Your DNS cache can also impact your browsing experience, security, and even privacy. For this reason, knowing how to “flush” your DNS cache, or delete all the records inside it, can be critical, depending on your threat model(new window). In this article, we’ll look at:
- How to flush the operating system’s DNS cache
- How to flush your browser’s DNS cache
- How to flush the DNS cache on the router
- What is the Domain Name System (DNS)
- What is the DNS cache
- Why you may want to flush the DNS cache
- How Proton VPN protects DNS
- FAQs
How to flush the operating system’s DNS cache
Flushing your DNS cache means manually emptying or deleting it, removing every single entry regardless of its TTL. Since the DNS cache is stored on your device and managed by its operating system, how you flush your DNS cache depends on which device you have.
The general process for flushing DNS caches is similar for all platforms:
- Open a terminal.
- Run a platform-specific command to flush the DNS cache.
- Enter your password (if prompted).
How to open the terminal and which command to run differ from platform to platform.
How to flush DNS on Windows
There are several ways to open the terminal on Windows, called “command prompt”. The most direct way that works across almost any Windows version is to:
- Type Windows + R to open the Run box
- Type cmd and hit Enter.
You can also open the command prompt directly from the start menu in Windows 11 and 10. In Windows XP, Vista, 7, and 8, it’s under All programs and then Accessories.
Once you’ve opened command prompt, type the command:
ipconfig /flushdns
Then hit the Enter key.
How to flush DNS on macOS
The terminal is among the other apps on your Mac and is actually called “Terminal”. You can find it by opening the Finder, navigating to Applications, then Utilities.
The DNS flush command depends on the macOS version:
| Versions | Command |
|---|---|
| Tiger (10.4) | lookupd -flushcache |
| Leopard (10.5) | sudo lookupd -flushcache |
| Snow Leopard (10.6) | sudo dscacheutil -flushcache |
| Lion (10.7), Mountain Lion (10.8), Mavericks (10.9) | sudo killall -HUP mDNSResponder |
| Yosemite (10.10) | sudo discoveryutil mdnsflushcache |
| El Capitan (10.11), Sierra (10.12), High Sierra (10.13), Mojave (10.14), Catalina (10.15) | sudo killall -HUP mDNSResponder |
| Big Sur (11), Monterey (12), Ventura (13), Sonoma (14), Sequoia (15) | sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder |
How to flush DNS on Linux
The Linux ecosystem is much more varied than the other options, sonot all distributions even use a DNS cache. To check whether your system is caching DNS queries in the first place, you can use the following command in a terminal (which you know how to access if you are a Linux user):
systemctl is-active systemd-resolved.
If the answer is “active”, DNS caching is happening.
The command to flush the DNS cache depends on your system. In Ubuntu, you can use the following command:
sudo systemd-resolve –flush-caches.
Otherwise, different applications managing DNS queries have different commands:
- NCSD: sudo /etc/init.d/nscd restart
- Dnsmasq: sudo /etc/init.d/dnsmasq restart
- BIND: sudo /etc/init.d/named restart
How to flush browsers’ DNS cache
This article has mostly focused on the DNS cache inside your device’s operating system. However, browsers also keep an internal DNS cache. The same drawbacks apply to this backup DNS cache, so you should also know how to flush it.
How to flush DNS on Chrome, Brave, Opera, and Edge
All these browsers are based on the Chromium open-source browser, so they all share similar methods for flushing their DNS caches. You can simply paste the appropriate command below into your URL bar and then click Clear host cache.
| Browser | Command |
|---|---|
| Chrome | chrome://net-internals/#dns |
| Brave | brave://net-internals/#dns |
| Opera | opera://net-internals/#dns |
| Edge | edge://net-internals/#dns |
How to flush the DNS cache on Firefox
Firefox is not based on Chromium, but its process is similar. In the URL bar, type:
about:networking#dns
Then click Clear DNS cache.
How to flush the DNS cache on Safari
Safari makes finding the DNS cache a bit more complicated because the Develop menu needs to be enabled first. The steps are:
- Open Settings in the Safari menu in the menu bar.
- Navigate to the Advanced tab.
- Select the Show Develop menu in menu bar checkbox. This is sometimes called Show features for web developers, depending on the version.
- Open the Develop menu in the menu bar and select the Empty Caches option to flush the DNS cache.
How to flush DNS on a router
Some routers also store a DNS cache of their own. This is usually the case for more advanced equipment than those ISPs give to their clients. When there is a DNS cache, it’s usually stored in the router’s temporary memory, so a simple restart should flush any entries stored there.
What is the Domain Name System?
Before you can understand how your DNS cache works, you need to know about the Domain Name System (DNS). Let’s go through a quick recap to contextualize what a DNS cache is.
Computers on the internet communicate with each other using Internet Protocol (IP) addresses. Each computer connected to the internet has a unique IP address that identifies it and allows other computers to connect to it. In fact, when you came to the protonvpn.com website, your computer connected to the server hosting our content by sending a request to its IP address.
The most common type of IP address is structured as four three-digit numbers separated by a dot (for example, the IP address of protonvpn.com is 185.159.159.140). While IP addresses are easy for computers to use, they’re quite difficult for humans, as we’re not great at remembering random numbers. This is why the internet uses DNS, allowing each IP address to be associated with a name that’s easier for people to remember.
Think of DNS as the phonebook for the internet. With a phonebook, you don’t need to remember everyone’s phone number, just their names. You can then use the phonebook to find the relevant number by looking up their name. In the same way, DNS is responsible for associating numeric-only IP addresses with website names (domain names) that are easier for people to remember.
What is a DNS cache?
Whenever you type “protonvpn.com” in a browser’s URL bar, your browser looks up that domain name in the DNS to retrieve the corresponding IP address it needs (since computers only really understand IP addresses). This requires a rather intricate sequence of queries to various actors, including your router, your Internet Service Provider (ISP), the Top Level Domain server (TLD, which in this example is “.com”), and more. This process is called DNS resolution. Unsurprisingly, it can be quite slow for computers, and the resulting load times can be frustrating for humans. Thus, DNS caches represent a simple, useful solution.
A DNS cache is a list of recently visited websites and their IP addresses that’s stored on your device. When you try to visit a website on this list, your browser can skip the entire DNS resolution process and simply retrieve that website’s IP address from the cache. As a consequence, your device can resolve your query much faster.
On top of a simple name-address association, the DNS cache also stores other contextual information regarding that entry, like a Time To Live (TTL) number. This represents the number of seconds after which your device will remove the entry from the DNS cache, preventing your DNS cache from storing website information for too long.
Apart from the TTL mechanism, which removes entries if the TTL number is surpassed, you can also manually erase your DNS cache. This is what “flushing” the DNS cache means.It might seem unnecessary , but there are several reasons you might want to.
Why you may want to flush your DNS cache
Despite its clear usefulness, the DNS cache can cause issues in certain situations. It can also be a vector of malicious activity. Here are the four main reasons why you might want to flush the DNS cache:
1. If a website changes its IP address or domain name, the information stored in your DNS cache becomes obsolete and can cause 404 “Page Not Found” errors (or others). Eventually, this type of issue is automatically resolved when that entry’s TTL expires.
2. Outdated DNS entries in your device’s cache can also lead to you connecting to old versions of a website. When a website owner changes its DNS settings, it takes time for the changes to reach all parts of the DNS resolution process (also known as s “DNS propagation”). Even if your device doesn’t have an outdated entry in its DNS cache, it might still take you to an outdated website because DNS propagation hasn’t been completed yet.
3. DNS caches are subject to a range of attacks called DNS spoofing attacks, which attempt to swap legitimate DNS entries with maliciously crafted ones. Instead of holding the correct IP address for protonvpn.com, attackers will attempt to implant the IP address of a website they control. If they did a decent job mimicking the expected webpage, they could fool you into sharing sensitive information (for example, if they replaced the IP address of your bank’s website with one they control and you attempt to log in, they could get access to your online bank account).
This is called DNS poisoning, and while it’s a less popular attack now than it was in the early aughts, it can still be effective, like when attackers spoofed a cryptocurrency wallet(new window) to steal $150,000(new window). They collected users’ credentials, used them to log in to their ’ wallets, and sent cryptocurrency to themselves.
4. Your DNS cache is effectively a list of visited websites, much like your browser history. However, your device’s operating system usually manages the DNS cache, meaning it’s outside the scope of any single browser and its safeguards.
One such safeguard is incognito (or private) browsing mode. While incognito mode doesn’t deliver on the vast majority of its advertised privacy promises, it does prevent your browser from storing your browsing history. Yet, a similar list of websites is present inside the DNS cache and outlives your incognito session. A compromised device could expose your browsing history via the DNS cache, even if you visited those websites in incognito mode.
How Proton VPN protects DNS
The DNS cache is a simple solution for speeding up DNS resolution by allowing your browser to look up IP addresses locally rather than over the internet. Whenever the DNS cache doesn’t contain the domain name you are trying to visit, it must send that query over the web. It’s as if your browser goes around asking, “What is the IP address of this domain name?” Anyone who can watch these requests, like your ISP or network manager, can see the websites you visit.
This is why Proton VPN offers DNS leak protection. Connecting to Proton VPN forces all your traffic through the VPN tunnel, including DNS queries. To the DNS resolver, it will appear as though your DNS queries are coming from the VPN server rather than your computer, preventing it from tying your browsing history to you.
Learn more about Proton VPN DNS leak protection
Frequently asked questions flushing DNS caches
It removes all past DNS queries from the DNS cache. Therefore, any new attempt to visit a website will need to pass through the entire DNS resolution process until the DNS cache is replenished.
Yes. Flushing your DNS won’t break anything. In fact, it can be a good thing to do if you have an advanced threat model as it helps you avoid DNS spoofing attacks.
The most technical answer is no, flushing the DNS cache has no impact on connection performance almost at all. In fact, the first time you visit websites after flushing the DNS cache your connection will be marginally slower since your device will need to go through the DNS resolution again. However, from a user point of view, flushing the DNS cache can give the impression of a faster connection to some websites where the DNS entry was corrupted or outdated.
Flushing your DNS is very fast. It shouldn’t take more than a few seconds.
There’s no real answer to this, as it mostly depends on anyone’s specific threat model and their browsing behavior. In general, you should consider flushing your DNS cache if you experience problems with specific websites or after DNS poisoning attacks.
