On MacOS clearing the DNS cache with dscacheutil -flushcache && killall -HUP mDNSResponder is annoying. Very annoying. Because of that fucking sudo that you need to add everytime you want to run it.
Want to get rid of it? Add the commands to your sudoders file. Yup, this exists on MacOS.
Here’s the Ansible I use to make DNS flushing experience just that little bit more delightful:
- name: Allow admin users to run DNS flush commands without password
become: true
community.general.sudoers:
name: flush-dns
group: admin
commands:
- /usr/bin/dscacheutil -flushcache
- /usr/bin/killall -HUP mDNSResponder
nopassword: true
state: present
This resides in my bootstrap-macos-server role.
But that’s not all. Becuase if you’re using Tailscale and have private subdomains tied to Tailscale nodes then you have to go one step extra. Tailscale maintains its own DNS resolver at 100.100.100.100 with an independent cache. The little bastard.
The fix is to cycle Tailscale (tailscale down && tailscale up), which reinitialises everything.
I wrapped all this up in a script which, as always, you can take a gander at.