How to read the local DNS cache contents?

  • I know that on Windows I can issue ipconfig /displaydns and I see the local DNS's cache content.

    How can I list the DNS's cache content in Linux?

    I would like to get as much as cross-distro solution as possible.

    As far as I am aware, there is no DNS cache maintained on the client in Linux (resolver) unless the system is using local caching only dns service on the client.

    You always have the `/etc/hosts` file which may contain entries generated by DNS blacklisting services.

  • Prior to systemd, there was almost no OS-level DNS caching

    Prior to systemd there was no OS-level DNS caching on Linux (and probably most Unix), unless nscd or dnsmasq was installed and running.

    Even then, the DNS caching feature of nscd was disabled by default in Debian at least, simply because it is broken.

    As for dnsmasq, the caching seems to occur in RAM by default.

    A lot of systems these days use `dnsmasq` by default so could be useful.

    And *these* days, anything using `systemd` will likely have `systemd-resolved` running by default which does cache DNS results based on their TTL

  • nscd is the Name Service Caching Daemon. This is the utility that Linux, Solaris, and other use to cache name service lookups. Name Service in this case is a generic term, not strictly limited to host resolution, but also users, groups, etc.

    I don't know of a way to see the actual contents of the cache, though you can display statistics with /usr/sbin/nscd -g.

    That can at least show you how efficient your cache is, though not exactly what it's resolving.

    You may have other options if you're using an alternate caching tool, like DNSMASQ.

  • If you are using nscd, you can view the contents (and possibly some other garbage), by showing the ASCII strings from the binary cache file. In Debian/Ubuntu, that file is /var/cache/nscd/hosts for the hosts/DNS cache, so you can run strings /var/cache/nscd/hosts to see the hosts in cache.

    Note that this is a total hack as there is seemingly no proper way to inspect the nscd cache without decoding the binary format.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM