Perhaps the host cache needs to be invalidated (nscd, sssd)? What OS and version are you using?
From man nscd of an old version of nscd for example:
NOTES
Nscd doesn't know anything about the underlaying protocols for a ser-
vice. This also means, that if you change /etc/resolv.conf for DNS
queries, nscd will continue to use the old one if you have configured
/etc/nsswitch.conf to use DNS for host lookups. In such a case, you
need to restart nscd.
Newer version of nscd try to watch for changes to this file, but even then there may be a delay..
See for example here:
NOTES
The daemon will try to watch for changes in configuration files appropriate for each data-
base (e.g., /etc/passwd for the passwd database or /etc/hosts and /etc/resolv.conf for the
hosts database), and flush the cache when these are changed. However, this will happen
only after a short delay (unless the inotify(7) mechanism is available and glibc 2.9 or
later is available), and this auto-detection does not cover configuration files required
by nonstandard NSS modules, if any are specified in /etc/nsswitch.conf. In that case, you
need to run the following command after changing the configuration file of the database so
that nscd invalidates its cache:
$ nscd -i <database>
Ultimately whether you can restart the daemon depends on what you agreed upon in your organisation. But I agree with MadeInGermany it should have minimal impact, only performance-wise: directory backend (like LDAP) lookups could be a bit slower for some time and it would mean a bit more work for your directory backend server.
However, depending on the configuration set in /etc/nscd.conf , the cache may be persistent across restarts, so a restart may accomplish nothing.
IMO the best way would be to issue this command:
nscd -i hosts
which would simply invalidate all the host entries in the cache..
--
If that does not do the trick, does your host use sssd ?
What is the output of
Does the output from nslookup some-host-out-there query the new or old DNS server address? Can you post the output (in CODE tags) along with the contents of /etc/resolv.conf and /etc/nsswitch.conf
There can also be environmental variables that adjust the timeout & retrying of lookups. Can you paste in the output from this:-
set|grep -E "^RES_"
What symptoms do you actually get? A failure, a timeout, a hu_u_u_u_u_uge delay?