22

I've configured dnsmasq as a caching-only DNS server on a Debian server, and it's working well (I'm seeing improved DNS response times via dig).

However, I'd like to understand what dnsmasq is caching at any one time, so that I can start to think about the efficiency (i.e. hit rate) that I'm achieving.

I've had a look around the man pages, and web, and can't find how I see what dnsmasq is caching at any point (unlike you can do for the leases for example, which are kept in a dnsmasq.lease file).

Is the dnsmasq DNS cache held in memory only? Or do I have to do some log file munging?

Braiam
  • 35,380
  • 25
  • 108
  • 167
newtovaux
  • 353
  • 1
  • 2
  • 6

2 Answers2

27

I do not have access to dnsmasq but according to this thread titled: dnsmasq is it caching? you can send the signal USR1 to the dnsmasq process, causing it to dump statistics to the system log.

$ sudo pkill -USR1 dnsmasq

Then consult the system logs:

$ sudo tail /var/log/syslog
Jan 21 13:37:57 dnsmasq[29469]: time 1232566677
Jan 21 13:37:57 dnsmasq[29469]: cache size 150, 0/475 cache insertions re-used unexpired cache entries.
Jan 21 13:37:57 dnsmasq[29469]: queries forwarded 392, queries answered locally 16
Jan 21 13:37:57 dnsmasq[29469]: server 208.67.222.222#53: queries sent 206, retried or failed 12
Jan 21 13:37:57 dnsmasq[29469]: server 208.67.220.220#53: queries sent 210, retried or failed 6

NOTE: I believe that dnsmasq retains its cache in RAM.

So if you want to dump the cache you'll need to enable the -q switch when dnsmasq is invoked. This is mentioned in the dnsmasq man page:

   -d, --no-daemon
        Debug mode: don't fork to the background, don't write a pid file, 
        don't change user id, generate a complete cache dump  on
        receipt on SIGUSR1, log to stderr as well as syslog, don't fork new 
        processes to handle TCP queries. Note that this option is for use in 
        debugging only, to stop dnsmasq daemonising in production, use -k.

   -q, --log-queries
        Log the results of DNS queries handled by dnsmasq. Enable a full 
        cache dump on receipt of SIGUSR1.
slm
  • 363,520
  • 117
  • 767
  • 871
  • 1
    Thanks, that seems to work, and produces output similar to: Oct 20 08:39:17 dnsmasq[4846]: time 1413790757 Oct 20 08:39:17 dnsmasq[4846]: cache size 4096, 0/59976 cache insertions re-used unexpired cache entries. Oct 20 08:39:17 dnsmasq[4846]: queries forwarded 13376, queries answered locally 1326 So I guess total cache entry hits is: 1326/14702 which is about 9%. The longer I leave it running and the more sites of the same sites I visit, I guess that might creep up. – newtovaux Oct 20 '14 at 07:52
  • On OpenWRT based routers use `logread | tail`. – Brian Jun 10 '15 at 03:28
  • 1
    @binaryfrost any idea onmemory usage per cached dns address ? lets say if i have 500,000 cache size will full records how much memory is expected to be used ? – sherpaurgen Jul 25 '18 at 17:36
  • 1
    Systems which use systemd don't have /var/log/syslog, and I cannot find any entries for dnsmasq after issuing SIGUSR1 in `journalctl` output. Is there a way to explicitly specify where dnsmasq should dump the records ? – Sergiy Kolodyazhnyy Jan 20 '19 at 06:03
  • I have Manjaro Linux. I was able to determine that it uses dnsmasq for resolving DNS queries. However, I see the following line in the log instead of DNS cache entries: dbus-daemon[757]: dbus-daemon[757]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service not found. Starting the service with systemctl start systemd-homed.service doesn't solve the problem, the new line is: sudo[2158211]: pam_systemd_home(sudo:account): Not a user managed by systemd-homed: No home for user km known – ByteEater Oct 07 '22 at 02:46
  • Does anybody know what I should do? How do I check if dnsmasq was started with -q? I could restart it, use the Internet for some time to populate the DNS cache and then do the above. But the main issue, which looks independent of the -q, is dnsmasq not dumping the DNS cache to the log, contrary to what @slm wrote. – ByteEater Oct 07 '22 at 02:46
10

Another way to get this info from the man page:

The cache statistics are also available in the DNS as answers to queries of class CHAOS and type TXT in domain bind. The domain names are cachesize.bind, insertions.bind, evictions.bind, misses.bind, hits.bind, auth.bind and servers.bind. An example command to query this, using the dig utility would be

   dig +short chaos txt cachesize.bind
   dig +short chaos txt hits.bind
   dig +short chaos txt misses.bind

If you have something like systemd-resolve on your system then you'll need to query the server directly with:

   dig +short chaos txt hits.bind @serverIP
NeroP
  • 101
  • 1
  • 2