When surfing the Internet, a problem that can arise for consumers is getting a number of DNS errors or 404 errors in the web browser despite a working Internet connection. If this is the case, then learning how to flush DNS for your computer’s operating system (OS) is key to restoring the proper quality of service for your computer’s web browsing capability. The act of flushing the DNS removes the local resolution for the website name saved or cached on your computer which can result in a slower initial revisit to the webpage; however, it will eliminate browsing errors encountered from the entry being corrupted.

What is DNS?

The Domain Name System (DNS) is a database system which translates the plain language web address or URL into an IP address. The system was created since it’s easier to remember a domain name such as www.byteguide.com than 123.456.789.10. Typically, every local computer network will have at least one server that handles DNS requests or queries (called a name server) which performs a caching or quick-lookup function to minimize the time it takes to resolve domain look-ups. If the local name server doesn’t have a domain name stored, it will request the identity from the next name server it knows about and so forth.

History of DNS

Before DNS was invented in 1982, the idea of using a name vice a computer host’s numerical address on the network dates to the ARPANET. Prior to 1982, every computer on the network would have a HOSTS.TXT file that would be retrieved from a computer at SRI. The field would map the names to numerical addresses. The hosts file is still in use on modern operating systems to map to the “localhost.” The rapid growth of computer networks; however, made the hand edited hosts file almost unusable. As a result, Paul Mockapetris invented the Domain Name System in 1983 and wrote the first implementation. The original implementation was subsequently published as an IETF standard and has been superseded since that time. The first Unix implementation of DNS was completed in 1984 by Douglas Terry, David Riggle, Mark Painter, and Songnian Zhou referred to as BIND (Berkeley Internet Name Domain) server. BIND would later be ported to Windows NT in the early 1990s.

DNS Cache Poisoning

Similar to other fundamental Internet constructs, the Domain Name System was not originally designed to be secure. DNS cache poisoning is the term used to describe a data integrity or security compromise in DNS. The vulnerability occurs when data gets introduced to DNS cache that did not come from or originate with an authoritative DNS source. This can occur from a malicious attack or from a bad or misconfiguration of DNS cache. Once a DNS server has received the non-authenticated information and caches or saves to the database, it is then considered poisoned when the bad information starts to be supplied to client machines of the server. At the minimum, a poisoned server will send end-users to incorrect websites. During malicious attacks, they may be directed to malicious web pages designed to infect the client computer or pretend to be legitimate websites designed to steal user’s information and/or money.

Preventing DNS Cache Poisoning

Many of the traditional DNS cache poisoning attacks are prevented by making DNS servers trust the information passed to them by other DNS servers less. This is accomplished by ignoring DNS records that are returned to the requesting server not related to the query. The most current version of BIND addresses poisoning attacks in this manner. Additionally, implementing source port randomization for DNS requests (makes requests harder to spoof) along with using cryptographically-secure random numbers to select the source port and nonce significantly reduce the probability of DNS attacks. Secure DNS or DNSSEC is the current initiative being slowly deployed to fully solve the DNS cache poisoning issue by using electronic signatures and public key certificates to validate the authenticity of data.

Common Problems with DNS

There are wide arrays of DNS issues that can arise at the network administrator or power user level. For the end-user; however, the majority of DNS problems arise from either bad configuration entries or the local computer’s DNS storage requiring flushing. Independent of the type of operating system, many home computer users will input the DNS Server for their respective Internet Service Provider (ISP) incorrectly resulting in a failed Internet connection. Each ISP will have a slightly different configuration process; however, the IP address of the DNS server for your home network to use will be provided on registration for service. Many times the ISP will use the address for their actual DNS server, where others it will be the same as the Gateway IP for the service (also the IP address of the router).

How to Flush DNS in Windows Using the Command Prompt

Step 1 – Close all open web browsers and applications on your computer.

Step 2 – Open the Windows command prompt by selecting the “Start” menu and entering “cmd” in the search text field box followed by clicking the “enter” key.

Step 3 – At the command prompt, enter “ipconfig /flushdns” followed by pressing the “enter” key. After a moment, Windows will display a message similar to: “Successfully flushed the DNS Resolver Cache.” Once the message is displayed, the DNS will be flushed removing all incorrect entries.

Step 4 – View the DNS resolver cache by entering, “ipconfig /displaydns” at the command prompt followed by clicking the “Enter” key.

How to Turn Off DNS Caching in Windows

If clearing DNS cache does not solve frequent DNS errors on the computer running Microsoft Windows, client-side DNS caching can be disabled. When DNS caching on the client disabled, your computer will still be “usable,” but just not as efficient or “fast” as it is with the service turned on and working properly.

Step 1 – Open the Windows command prompt by selecting the “Start” menu button and entering “cmd” in the search text field followed by pressing the “enter” key on your computer.

Step 2 –  Enter “net stop dnscache” or “sc servername stop dnscache” at the command prompt followed by pressing the “enter” key on your computer. DNS caching will be disabled until the next time the computer is restarted or rebooted. In order to make the change permanent, the DNS Client Service will need to be changed to disabled using the Microsoft Service Controller or

Services tool.

Steps to Stop DNS Client Services in Windows Using the Services Tool

Step 1 – Open the Windows command prompt. Then, input services.msc at the command prompt and press the enter key.

Step 2 – Locate the “DNS Client” application and double click the program icon.

Step 3 – Select the “Stop” menu button. Conversely, the application can be restarted in the same location of the services user interface.

Changing DNS Cache Settings in Windows

An alternative method that can be used to modify Windows DNS caching on the client-side is to change two of the registry entries in the registry associated with the service.

Step 1 – Select the “Start” menu button and enter “regedit” in the search text field followed by pressing the “enter” key.

Step 2 – Click the “Edit” and “Find”  and enter “DNSCache” or use the menu on the left hand side of the editor to locate: HKEY_LOCAL_MACHINESYSTEM -> CurrentControlSet -> Services -> Dnscache -> Parameters.

Step 3 – The MaxCacheTTL is the maximum amount of time that Windows will cache a DNS lookup. The default value at the time of this writing is 86,400 seconds. You can change this entry to 1 to force windows to clear the cache every second. This can result in a negative performance drop on your computer.

Step 4 – Another registry key setting that can be changed is MaxNegativeCacheTTL which is the maximum amount of time that a failed DNS result will be cached. This is normally set to 900 seconds, but if you change it to 0, Windows will not store failed look-ups.

*Note, the path to the DNS cache registry key will be slightly different based on the version of Windows installed on your computer. Modifying the registry should be done with caution and not by those who lack significant computer experience.

How to Flush DNS in Mac OS X

If you are an Internet or web developer or do a fair amount of administrator tasks on your Mac, then the requirement to flush DNS cache will arise. Depending on what version of the OS is installed on your computer (Leopard vs Tiger), there will be a slightly different command to flush DNS.

Step 1 – If Mozilla Firefox is installed on your computer, exit the application if it is open.

Step 2 – Open the terminal on your computer.

Step 3 – On a computer running Lion (Mac OS X 10.5, 10.6, or 10.7) enter the following command followed by pressing the “return” key:

dscacheutil –flushcache

Step 4 – In Mac OS X 10.4 Tiger, enter the following command followed by pressing the “return” key:

lookupd –flushcache

How to Flush DNS in Linux

In many builds of Linux the nscd daemon is used to manage the client DNS cache. For builds that use this method, restarting the nscd daemon is the primary means to flush DNS cache. Other builds of Linux may run BIND or dnsmasq as the primary name service.

Steps to Flush NSCD DNS Cache

NSCD is used to speed up consecutive access to the same data and improve overall system performance.

Step 1 – Enter “$sudo /etc/init.d/nscd restart and press the “enter” or “return” key.

Step 2 – Once nscd restarts the DNS will be flushed. Alternatively, you can enter “# service nscd restart.”

Steps to Flush DNSMASQ DNS Cache

DNMASQ is used as a lightweight DHCP, TFTP, and DNS server. It was primarily designed to provide DHCP and DNS services to a LAN, accepts DNS queries, and answers them. It is also installed on a number of routers to cache DNS queries or look-ups.

Step 1 – Enter “$ sudo /etc/init.d/dnsmasq restart”

Step 2 – Once dnsmasq restarts the DNS will be flushed.

Steps to Flush BIND Server DNS Cache

Similar to nscd and dnsmasq, to flush DNS cache in BIND simply requires a restart to clear the cache.

Step 1 – Enter “# /etc/init.d/named restart” followed by pressing the “enter” or “return” key.

Step 2 – Once BIND completes restart the DNS will be flushed.

How to Disable Firefox DNS Cache

Unlike other popular web browsers, Firefox runs its own DNS cache separate from the client services on your computer. As a result, if you commonly switch between a VPN, home ISP, or other connections, undesired results may occur if you access services which require use of your VPN, etc. For this reason, when you take actions to fully flush DNS on your computer, FireFox should be closed. If DNS issues persist on your computer and FireFox is your preferred browser, then the answer may lay in disabling DNS Cache in the browser specifically.

Step 1 – Launch Mozilla Firefox on your computer.

Step 2 – Install the Firefox DNS cache plugin.

Step 3 – Right click the “Home” menu button on Firefox and then select the “Customize” menu option.

Step 4 – Locate the “DNS Cache” menu button and then drag it beside the “Home” button on Firefox followed by clicking the “Done” button.

Step 5 – Click the “DNS Cache” menu button whenever you want to have Firefox DNS cache disabled.

Step 6 – Alternatively, you can change the FireFox DNS settings to have the cache expire after 0 seconds. To do so, enter “about:config” in the location bar followed by pressing the “enter” or “return” key. Right click at a blank location on the subsequently displayed record and select “New” and “Integer.”

Step 7 – Enter “network.dnsCacheExpiration” as the preference name with “0” as the integer value. If “network.dnsCacheExpiration” already exists, modify the integer value to “0.” If you want to restore FireFox defaults, simply change the value back to the default of  “3600.” With 0 entered, DNS cache in FireFox will automatically expire on your computer.

Video on How to Flush DNS

The following video provides highlights on how to flush DNS in Microsoft Windows, MAC OS X, and Linux.