You know that dnsmasq automatically creates a local DNS cache. How do you know it’s working? How do you see what’s in it, and how do you flush it when you’re making changes to DNS and want to be sure it’s caching fresh data?
It’s easy to see if it’s working. From any Linux client or from your Pyramid server, query any Internet site with the dig command twice:
Start dnsmasq again, visit some web sites from client PCs to generate some cache entries, then dump the cache again to see what they look like. You should see a lot more entries now. When you’re finished, put /etc/inittab back the way it was, and rerun telinit qand/sbin/ro.
It’s unlikely that you’ll ever have to do anything with your dnsmasq cache because it’s pretty much self-maintaining. There are three options in /etc/dnsmasq.conf for configuring cache behavior:
The default is zero, which means do not cache responses from /etc/hosts and your DHCP leases. This ensures fresh local data all the time. If your network is stable and doesn’t have DHCP clients popping in and out a lot, you can set a Time To Live (TTL) value to speed up local look ups.
Do not cache negative responses. Caching negative responses speeds up performance by caching “no such domain” responses, so your clients don’t wait for additional lookups to fail. dnsmasq handles negative caching well, so you shouldn’t disable negative caching unless it causes problems.
The default is 150 names. The maximum is around 2,000. Because the cache is stored in RAM, having a too large cache will hurt router performance without appreciable gain. 150 is just fine for most sites; I wouldn’t go over 300.
You are at the mercy of the administrators of the authoritative servers for domains that you visit. If they make changes to their DNS without setting short TTL values, stale data will be cached all over the Internet until their TTLs expire. It can be helpful to flush your dnsmasq cache when you’re debugging DNS and trying to figure out if a DNS problem is local or remote.
Here are some examples of the output you’ll see. This is an empty cache showing only local DNS:
pyramidwrap:~# dnsmasq -d dnsmasq: started, version 2.23 cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus dnsmasq: DHCP, IP range 192.168.1.100 -- 192.168.1.200, lease time 10h dnsmasq: using local addresses only for domain alrac.net dnsmasq: read /etc/hosts - 4 addresses dnsmasq: reading /etc/resolv.conf dnsmasq: using nameserver 220.127.116.11#53 dnsmasq: using nameserver 18.104.22.168#53 dnsmasq: using local addresses only for domain alrac.net dnsmasq: cache size 150, 0/0 cache insertions re-used unexpired cache entries.