How to read the local DNS cache contents?

Question

I know that on Windows I can issue ipconfig /displaydns and I see the local DNS's cache content.

How can I list the DNS's cache content in Linux?

I would like to get as much as cross-distro solution as possible.

As far as I am aware, there is no DNS cache maintained on the client in Linux (resolver) unless the system is using local caching only dns service on the client. — Nikhil Mulley, Jan 07 '12 at 18:55
You always have the `/etc/hosts` file which may contain entries generated by DNS blacklisting services. — , Jan 07 '12 at 19:08

Serge Stroobandt · Answer 1 · 2019-09-12T22:42:51.300

25

Prior to `systemd`, there was almost no OS-level DNS caching

Prior to systemd there was no OS-level DNS caching on Linux (and probably most Unix), unless nscd or dnsmasq was installed and running.

Even then, the DNS caching feature of nscd was disabled by default in Debian at least, simply because it is broken.

As for dnsmasq, the caching seems to occur in RAM by default.

edited Sep 12 '19 at 22:42

answered Jun 22 '15 at 17:40

Serge Stroobandt

2,314
3
32
36

3

A lot of systems these days use `dnsmasq` by default so https://unix.stackexchange.com/q/162973/79839 could be useful. – chicks May 30 '18 at 18:51
4

And *these* days, anything using `systemd` will likely have `systemd-resolved` running by default which does cache DNS results based on their TTL – Drew Sep 11 '19 at 21:59

score 9 · Answer 2 · answered Jan 07 '12 at 20:16

nscd is the Name Service Caching Daemon. This is the utility that Linux, Solaris, and other use to cache name service lookups. Name Service in this case is a generic term, not strictly limited to host resolution, but also users, groups, etc.

I don't know of a way to see the actual contents of the cache, though you can display statistics with /usr/sbin/nscd -g.

That can at least show you how efficient your cache is, though not exactly what it's resolving.

You may have other options if you're using an alternate caching tool, like DNSMASQ.

SteveK · Answer 3 · 2017-04-21T15:47:41.280

7

If you are using nscd, you can view the contents (and possibly some other garbage), by showing the ASCII strings from the binary cache file. In Debian/Ubuntu, that file is /var/cache/nscd/hosts for the hosts/DNS cache, so you can run strings /var/cache/nscd/hosts to see the hosts in cache.

Note that this is a total hack as there is seemingly no proper way to inspect the nscd cache without decoding the binary format.

edited Apr 21 '17 at 15:47

answered Feb 12 '16 at 02:57

SteveK

171
1
3

1

`strings /var/cache/nscd/hosts | sort | uniq` works well – Mathieu Rollet Mar 31 '22 at 21:31
Mine appears under `/var/db/nscd/hosts` (but not readable except by root) – Cameron Sep 13 '22 at 20:02

score 2 · Answer 4 · answered Oct 29 '22 at 12:27

2

You can send SIGUSR1 to systemd-resolved process to view the cache with journalctl.

killall -USR1 systemd-resolved && journalctl -u systemd-resolved | grep -A 100000 "CACHE:"

answered Oct 29 '22 at 12:27

Eugene

21
1

How to read the local DNS cache contents?

4 Answers4

Prior to `systemd`, there was almost no OS-level DNS caching

Linked

How to read the local DNS cache contents?

4 Answers4

Prior to systemd, there was almost no OS-level DNS caching

Linked

Prior to `systemd`, there was almost no OS-level DNS caching