
OS X DNS cache reset script - miketheman
https://github.com/eventi/noreallyjustfuckingstopalready
======
cel1ne
In 10.10 Apple replaced the then 12-year-old mDNSResponder, which does DNS
(apart from other things) with "discoveryd", which had issues so they reverted
the change.

[http://arstechnica.com/apple/2015/01/why-dns-in-
os-x-10-10-i...](http://arstechnica.com/apple/2015/01/why-dns-in-
os-x-10-10-is-broken-and-what-you-can-do-to-fix-it/)

[http://arstechnica.com/apple/2015/05/new-os-x-beta-dumps-
dis...](http://arstechnica.com/apple/2015/05/new-os-x-beta-dumps-discoveryd-
restores-mdnsresponder-to-fix-dns-bugs/)

[https://support.apple.com/en-us/HT202516](https://support.apple.com/en-
us/HT202516)

~~~
eventi
Do you remember when it JUST FUCKING WORKED before 10.6?

~~~
cel1ne
Yes. I think it changed because they introduced Airdrop.

~~~
eventi
Ugh - Airdrop which you have to disable in any decently dense Wifi environment

~~~
draw_down
Hmm? As far as I know it's not "on" until you open an Airdrop window in
Finder.

~~~
coldtea
Don't let sense get in the way of cargo cult.

------
pschastain
What a worthless link. How about an explanation of the problem? Stop what? Not
resetting? Why is a reset necessary? And why the double-negative? Why not
"noreallyjustfuckingresetitalready"?

~~~
mzs
OS X has like 4 commands to flush the DNS cache depending on version. It's a
PITA. This script runs the right thing on each.

~~~
pschastain
Even more reason to clarify.

------
akshatpradhan
Too bad they didn't address the DNS problem in the Keynote. This is a bit of
an exaggeration, but I do feel I've spun mDNSResponder more often than using
their Messages app.

That's not a positive feeling. Especially if you're with a client and your
browser stops resolving and your client is watching you open up terminal to
spin mDNSResponder

------
germanier
Could someone add some context please? I see that apparently the method to
flush the DNS cache changes between versions. Is there a deeper reason why
this is necessary?

~~~
trebor
I'm not sure. The `dscacheutil -flushcache` command he lists for Snow Leopard
still works for me (OS X Yosemite here).

~~~
NEDM64
And it still works for me on macOS 10.12.

So I see absolutely no point here.

~~~
masklinn
The command doesn't fail but does it actually flush the DNS cache, or does it
flush the Directory Cache which isn't used for DNS anymore (or possibly at
all, on my El Cap machine flushing succeeds but any _query_ of the cache
content or its statistics replies "Unable to get details from the cache node")

~~~
sirn
The command did flush the Directory Service cache, but DNS is no longer part
of it. You can still use its query command though.

    
    
        dscacheutil -q host -a name www.example.com
    

On the topic, easiest way to see if dscacheutil -flushcache work or not is to
probably do something like:

    
    
        dscacheutil -q host -a name www.example.com
        # Make sure it's in the cache prior to running.
        
        sudo dscacheutil -flushcache
        dscacheutil -q host -a name www.example.com
        # Notice if there's a slight delay for the lookup.
        
        sudo killall -HUP mDNSResponder
        dscacheutil -q host -a name www.example.com
        # Notice if there's a slight delay for the lookup.

------
dgant
What's the context of this?

~~~
ajmurmann
The content is that it's tricky to truly flush the DNS cache on OS X and the
command to do it gets changed a lot with new releases. It's very annoying
because it makes working with DNS very painful.

~~~
heavymark
Any time I need to flush dns cache, I simply google "flush dns cache mac" and
top result shows you the simply command to run: [https://support.apple.com/en-
us/HT202516](https://support.apple.com/en-us/HT202516)

Having a simple command such as "reset dnscache" or something of course would
be nice, but since it can already be done in a matter of seconds with a quick
google I can't imagine it's that much of concern for apple of many developers
compared to other issues.

~~~
post_break
What if ping was different on every build of linux. Shit gets old.

------
justinsaccount
I'd just do

    
    
      dscacheutil -flushcache || \
      discoveryutil mdnsflushcache || \
      killall -HUP mDNSResponder

~~~
eventi
SO MUCH TYPING

~~~
Navarr
Just copy/paste it from the internet.

Nothing bad could possibly happen. [1]

[1]: [http://thejh.net/misc/website-terminal-copy-
paste](http://thejh.net/misc/website-terminal-copy-paste)

~~~
eventi
You might be interrested in an unreleased security tool I've been working on

Install with

curl [http://issh.it/yadummy](http://issh.it/yadummy) | sh

~~~
coldtea
How is that any different than installing any opaque binary app?

It all comes downs to whether you trust the source.

At least with the "curl [http://xxx](http://xxx) | sh" method you can also
examine the contents of the script before running it, and even opt to run it
after downloading it and checking it locally.

With binary apps off of internet sites, which is what people install and use
dozens of times a month, no such luck.

~~~
_asummers
In this case, you have no idea if the connection is MITM'd because of http.
You must assume the source untrustworthy, because you don't know who it is.
Additionally, assuming the page's source (from which you copy this command) is
over http, you must assume the website has compromised (e.g.) your clipboard
on copy and you're pasting in malicious unicode characters or whatever. People
should have an inherent distrust of binary blobs, too, for whatever that's
worth. Same caveats over serving the download over http, with the added
benefit of not being able to read the source (necessarily), with the added
bonus of now having to assume the build machine has not been compromised.

~~~
coldtea
> _People should have an inherent distrust of binary blobs, too, for whatever
> that 's worth._

All you said are true for binary blobs as well. The page could be MITM, etc.

"curl xxx | sh" style deployment has all the same disadvantages of binary
blogs, but has the added advantage that you can download and check the code
before executing it.

------
lamontcg
Could OSX just have a way to disable negative caching completely? All it does
is troll me when I'm on bad wifi and the DNS lookup for www.google.com gets
dropped and that negative response is cached. Can we just stop doing that?

I can't recall the last time I had a positive cache entry issue, but the last
time the dropped DNS lookup for www.google.com happened to me was like 2 days
ago...

------
bluedino
Actually, this should be included with the Mavericks+ version

    
    
        sudo discoveryutil udnsflushcaches

------
protomyth
This is quite nice (I went with an alias myself). Does anyone know if it
changed again in macOS?

~~~
macinjosh
I am running Sierra right now and `killall HUP mDNSResponder` doesn't work but
`sudo dscacheutil -flushcache` does.

------
nickhalfasleep
Also, just think about how we get all new browser user agents because of this.

------
coherentpony
It's good practice to include

    
    
        set -eu
        set -o pipefail
    

to avoid the default ON ERROR RESUME NEXT behaviour of bash.

~~~
stonogo
Please stop with the cargo-cult shell scripting. That's not all those options
do.

~~~
Someone1234
Perhaps an explanation would have been more constructive than an insult.

~~~
stonogo
Yes, I owe an explanation, but the guy advocating pasting bash settings into
every script doesn't.

~~~
coldtea
He gave an explanation of what they do. It might be wrong, but you haven't
given any alternative one.

Besides he is right, and those are useful additions to almost any script that
you want to stop on error, undefined vars, etc.

------
jrcii
I have in my .bash_profile for this purpose: alias cleardns='dscacheutil
-flushcache' but this solution is way funnier.

~~~
eventi
I think you understand my true intentions, jrcii

------
underyx
>(or whatever your name is)

Why is changing names seen as a negative thing? My company also changed its
name a month ago, and several customers leaving negative feedback said
included this phrase or something similar, while to my recollection none of
the positive feedback (which we have way more of) took mention of the name
change.

~~~
fps
When a company renames itself, everyone that works with that company needs to
make changes. Financial records, password and account management, , internal
documentation, integrations, etc all have to change. Plus, eduction on the
change takes time. People who occasionally interact with the company are going
to be confused for months afterwards. It's very rare that something positive
comes out of the name change for existing customers. The same thing is likely
for product renames - platform version detection in software, browser/OS
categorization in analytics tools, documentation, etc. It just makes work for
everyone involved.

And what's the point? MacOS X was a decent name, with good recognition and
trust. If people were interested in understanding the back story to the name,
they could, but the 'X' didn't scream '10' to people who weren't familiar with
the history, so there wasn't a ton of confusion.

~~~
alayne
This isn't a company changing names.

Branding changes product names all the time. MacOS X was nonsensical. I'm glad
they changed it.

------
blakesterz

           echo "¯\_(ツ)_/¯"
    

Something about seeing the shrug emoji in code just cracks me up every time.

~~~
gruez
Thats not an emoji.

~~~
nutheracc
Well now I have to ask... Presumably that's ascii art, and :) is an emoji. And
:-) is also an emoji. So how many characters/rows before an emoji becomes
ascii art? Also, I take it emoji is the ascii, and emoticon is the image.
Also, emoji sounds plural to me - I take it it's not.

~~~
sirn
In Japanese, they call ASCII-art style smiley and a pictogram separately. The
ASCII-art one is "kaomoji" (where kao means "face" and "moji" is letter) while
the pictogram is strictly an emoji (where "e" means "picture").

Of course, one could argue that since the word is now being used
internationally, it's not necessary for them to be interpret in the same way
as its roots.

------
miketheman
Someone renamed this. Why?

~~~
dang
We did. The original title, "Please OS X (or whatever your name is) just
fucking reset your DNS cache please", is obviously baity, which means it
breaks the HN guidelines. Please read
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html).
When a title is misleading or linkbait, you should change it to something
accurate and neutral.

~~~
miketheman
Thanks for the update. Would the removal of "fucking" allowed the original
title to remain? I feel that the title spurred the interest, as evidenced by
the amount of discussion. The new title is not nearly as interesting, nor does
it convey the author's vision and rage accurately.

~~~
pvg
The title rather than the content spurring the interest is pretty much the
point of the 'no clickbait titles' guideline. The content itself is hardly in
the 'gratifies intellectual curiosity' category.

