DNS caching is a good thing. When your local resolver, in this case, systemd-resolved, looks up a domain’s (or hostname’s) IP address it retains or caches, that IP address on your machine so that it doesn’t need to query the nameservers again. This is faster for you and reduces the load on the nameservers.
However, this can become a problem if you’re changing DNS records and need to see the live remote records from the nameservers and not the local cached records.
Here’s how to flush or clear your local systemd-resolved cache so your next DNS lookup is fresh.
Flush systemd-resolved cache
$ sudo systemd-resolve --flush-caches
Check systemd-resolved stats
$ systemd-resolve --statistics
This will show you general information on the number of cached domains etc. Here is some typical output:
$ systemd-resolve --statistics
DNSSEC supported by current servers: yes
Transactions
Current Transactions: 0
Total Transactions: 7171
Cache
Current Cache Size: 99
Cache Hits: 1740
Cache Misses: 5409
DNSSEC Verdicts
Secure: 1432
Insecure: 3002
Bogus: 0
Indeterminate: 0
Check if you’re system is using systemd-resolved
systemctl is-active systemd-resolved
This command prints out simply if systemd-resolved is your resolved i.e. “active” or not:
$ systemctl is-active systemd-resolved
active
Check how systemd-resolved is resolving
systemd-resolve --status
This command will tell you what resolvers systemd-resolved is using and how e.g. DNSSec, etc. Here is the output from my local machine:
$ systemd-resolve --status
Global
Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=yes/supported
resolv.conf mode: stub
Current DNS Server: 1.1.1.1
DNS Servers: 1.1.1.1 1.0.0.1 2620:fe::fe 2620:fe::9
Fallback DNS Servers: 8.8.8.8#dns.google 2620:fe::10#dns.quad9.net 2001:4860:4860::8888#dns.google
Link 3 (wlan0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
Protocols: +DefaultRoute +LLMNR +mDNS +DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 1.1.1.1
DNS Servers: 1.1.1.1 2620:fe::fe 2402:800:20ff:6666::1 2402:800:20ff:8888::1