4.16 Managing dnsmasq’s DNS Cache - BrainDump

Problem

You know that dnsmasq automatically creates a local DNS cache. How do you know it’s working? How do you see what’s in it, and how do you flush it when you’re making changes to DNS and want to be sure it’s caching fresh data?

Solution

It’s easy to see if it’s working. From any Linux client or from your Pyramid server, query any Internet site with the dig command twice:

  $ dig oreilly.com
  <snip much output>
  ;; Query time: 75 msec
  ;; SERVER: 192.168.1.50#53(192.168.1.50)
  $ dig oreilly.com
  <snip much output>
  ;; Query time: 3 msec
  ;; SERVER: 192.168.1.50#53(192.168.1.50)

The second request is answered from your local dnsmasq cache, so it is faster. This also verifies that your clients are querying the correct DNS server.

What if you want to flush dnsmasq’s cache? Just restart it:

  pyramid:~# killall dnsmasq

dnsmasq is controlled from /etc/inittab, so it will automatically restart.

To view the contents of the cache, first open /etc/inittab and comment out the line that starts dnsmasq:

  pyramid:~# /sbin/rw
  pyramid:~# nano /etc/inittab
  # dnsmasq. This should always be on.
  # DN:23:respawn:/sbin/dnsmasq -k > /dev/null 2>&1

Tell init to reread inittab, stop the active dnsmasq process, then start dnsmasq in debugging mode:

  pyramid:~# telinit q
  pyramid:~# killall dnsmasq
  pyramid:~# dnsmasq -d

This runs it in the foreground, so the next thing you need to do is open a second SSH session, or log in on the serial console, and run this command:

  pyramid:~# killall -USR1 dnsmasq

This dumps the cache contents to your first screen. You should see just your localhosts. This line tells you your cache is empty:

  dnsmasq: cache size 150, 0/0 cache insertions re-used unexpired cache entries.

Start dnsmasq again, visit some web sites from client PCs to generate some cache entries, then dump the cache again to see what they look like. You should see a lot more entries now. When you’re finished, put /etc/inittab back the way it was, and rerun
telinit qand/sbin/ro.

Discussion

It’s unlikely that you’ll ever have to do anything with your dnsmasq cache because it’s pretty much self-maintaining. There are three options in /etc/dnsmasq.conf for configuring cache behavior:

local-ttl

The default is zero, which means do not cache responses from /etc/hosts and your DHCP leases. This ensures fresh local data all the time. If your network is stable and doesn’t have DHCP clients popping in and out a lot, you can set a Time To Live (TTL) value to speed up local look ups.

no-negcache

Do not cache negative responses. Caching negative responses speeds up performance by caching “no such domain” responses, so your clients don’t wait for additional lookups to fail. dnsmasq handles negative caching well, so you shouldn’t disable negative caching unless it causes problems.

cache-size

The default is 150 names. The maximum is around 2,000. Because the cache is stored in RAM, having a too large cache will hurt router performance without appreciable gain. 150 is just fine for most sites; I wouldn’t go over 300.

You are at the mercy of the administrators of the authoritative servers for domains that you visit. If they make changes to their DNS without setting short TTL values, stale data will be cached all over the Internet until their TTLs expire. It can be helpful to flush your dnsmasq cache when you’re debugging DNS and trying to figure out if a DNS problem is local or remote.

Here are some examples of the output you’ll see. This is an empty cache showing only local DNS:

  pyramidwrap:~# dnsmasq -d
  dnsmasq: started, version 2.23 cachesize 150
  dnsmasq: compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus
  dnsmasq: DHCP, IP range 192.168.1.100 -- 192.168.1.200, lease time 10h
  dnsmasq: using local addresses only for domain alrac.net
  dnsmasq: read /etc/hosts - 4 addresses
  dnsmasq: reading /etc/resolv.conf
  dnsmasq: using nameserver 12.169.174.3#53
  dnsmasq: using nameserver 12.169.174.2#53
  dnsmasq: using local addresses only for domain alrac.net
  dnsmasq: cache size 150, 0/0 cache insertions re-used unexpired cache entries.

dnsmasq: Host	Address	Flags		Expires
dnsmasq: stinkpad.alrac.net	192.168.1.102	4FRI	H
dnsmasq: localhost	127.0.0.1	4F I	H
dnsmasq: xena.alrac.net	192.168.1.10	4FRI	H
dnsmasq: pyramid.alrac.net	192.168.1.50	4FRI	H
dnsmasq: stinkpad	192.168.1.102	4F I	H
dnsmasq: xena	192.168.1.10	4F I	H
dnsmasq: localhost.alrac.net	127.0.0.1	4FRI	H
dnsmasq: pyramid	192.168.1.50	4F I	H

This is a snippet from a populated cache:

  dnsmasq: cache size 150, 0/178 cache insertions re-used unexpired cache entries.

dnsmasq: Host	Address	Flags		Expires
dnsmasq: stinkpad.alrac.net	192.168.1.102	4FRI	H
dnsmasq: localhost	127.0.0.1	4F I	H
dnsmasq: i.cnn.net	64.236.16.137	4F		Wed Jan 24 15:36:42
2007
dnsmasq: i.cnn.net	64.236.16.138	4F		Wed Jan 24 15:36:42
2007
dnsmasq: bratgrrl.com	67.43.0.135	4F		Wed Jan 24 17:45:49
2007
dnsmasq: a.tribalfusion.com	204.11.109.63	4F		Wed Jan 24 15:29:08
2007
dnsmasq: a.tribalfusion.com	204.11.109.64	4F		Wed Jan 24 15:29:08
2007
dnsmasq: ad.3ad.doubleclick.net	216.73.87.52	4F		Wed Jan 24 15:27:29
2007
dnsmasq: ads.cnn.com	64.236.22.103	4F		Wed Jan 24 16:21:41
2007

Table 4-1 shows what the flags mean.

• BothFandRmay be set for names from DHCP or /etc/hosts.

Table 4-1. dnsmasq cache flags and their meanings

See Also

• man 8 dnsmasq contains a wealth of helpful information about all the available command-line options, many of which are also dnsmasq.conf options
  
• dnsmasq.conf is also a great help resource
  
• dnsmasq home page (http://www.thekelleys.org.uk/dnsmasq/doc.html) is where you’ll find mailing list archives and excellent help documents
  
• Chapter 24, “Managing Name Resolution,” in Linux Cookbook, by Carla Schroder (O’Reilly)