Home arrow BrainDump arrow Page 2 - Managing a Linux Wireless Access Point

4.16 Managing dnsmasq’s DNS Cache - BrainDump

In this conclusion to a five-part series on building a LInux wireless access point, you'll learn how to manage the details, such as DNS caches. This article is excerpted from chapter four of the Linux Networking Cookbook, written by Carla Schroder (O'Reilly; ISBN: 0596102488). Copyright © 2008 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media

TABLE OF CONTENTS:
  1. Managing a Linux Wireless Access Point
  2. 4.16 Managing dnsmasq’s DNS Cache
  3. 4.17 Managing Windows’ DNS Caches
  4. 4.18 Updating the Time at Boot
By: O'Reilly Media
Rating: starstarstarstarstar / 1
February 09, 2010

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Problem

You know that dnsmasq automatically creates a local DNS cache. How do you know it’s working? How do you see what’s in it, and how do you flush it when you’re making changes to DNS and want to be sure it’s caching fresh data?

Solution

It’s easy to see if it’s working. From any Linux client or from your Pyramid server, query any Internet site with the dig command twice:

  $ dig oreilly.com
  <snip much output>
  ;; Query time: 75 msec
  ;; SERVER: 192.168.1.50#53(192.168.1.50)
  $ dig oreilly.com
  <snip much output>
  ;; Query time: 3 msec
  ;; SERVER: 192.168.1.50#53(192.168.1.50)

The second request is answered from your local dnsmasq cache, so it is faster. This also verifies that your clients are querying the correct DNS server.

What if you want to flush dnsmasq’s cache? Just restart it:

  pyramid:~# killall dnsmasq

dnsmasq is controlled from /etc/inittab, so it will automatically restart.

To view the contents of the cache, first open /etc/inittab and comment out the line that starts dnsmasq:

  pyramid:~# /sbin/rw
  pyramid:~# nano /etc/inittab
  # dnsmasq. This should always be on.
  # DN:23:respawn:/sbin/dnsmasq -k > /dev/null 2>&1

Tell init to reread inittab, stop the active dnsmasq process, then start dnsmasq in debugging mode:

  pyramid:~# telinit q
  pyramid:~# killall dnsmasq
  pyramid:~# dnsmasq -d

This runs it in the foreground, so the next thing you need to do is open a second SSH session, or log in on the serial console, and run this command:

  pyramid:~# killall -USR1 dnsmasq

This dumps the cache contents to your first screen. You should see just your localhosts. This line tells you your cache is empty:

  dnsmasq: cache size 150, 0/0 cache insertions re-used unexpired cache entries.

Start dnsmasq again, visit some web sites from client PCs to generate some cache entries, then dump the cache again to see what they look like. You should see a lot more entries now. When you’re finished, put /etc/inittab back the way it was, and rerun
telinit qand/sbin/ro.

Discussion

It’s unlikely that you’ll ever have to do anything with your dnsmasq cache because it’s pretty much self-maintaining. There are three options in /etc/dnsmasq.conf for configuring cache behavior:

local-ttl

The default is zero, which means do not cache responses from /etc/hosts and your DHCP leases. This ensures fresh local data all the time. If your network is stable and doesn’t have DHCP clients popping in and out a lot, you can set a Time To Live (TTL) value to speed up local look ups.

no-negcache

Do not cache negative responses. Caching negative responses speeds up performance by caching “no such domain” responses, so your clients don’t wait for additional lookups to fail. dnsmasq handles negative caching well, so you shouldn’t disable negative caching unless it causes problems.

cache-size

The default is 150 names. The maximum is around 2,000. Because the cache is stored in RAM, having a too large cache will hurt router performance without appreciable gain. 150 is just fine for most sites; I wouldn’t go over 300.

You are at the mercy of the administrators of the authoritative servers for domains that you visit. If they make changes to their DNS without setting short TTL values, stale data will be cached all over the Internet until their TTLs expire. It can be helpful to flush your dnsmasq cache when you’re debugging DNS and trying to figure out if a DNS problem is local or remote.

Here are some examples of the output you’ll see. This is an empty cache showing only local DNS:

  pyramidwrap:~# dnsmasq -d
 
dnsmasq: started, version 2.23 cachesize 150
  dnsmasq: compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus
  dnsmasq: DHCP, IP range 192.168.1.100 -- 192.168.1.200, lease time 10h
  dnsmasq: using local addresses only for domain alrac.net
  dnsmasq: read /etc/hosts - 4 addresses
  dnsmasq: reading /etc/resolv.conf
  dnsmasq: using nameserver 12.169.174.3#53
  dnsmasq: using nameserver 12.169.174.2#53
  dnsmasq: using local addresses only for domain alrac.net
  dnsmasq: cache size 150, 0/0 cache insertions re-used unexpired cache entries.

dnsmasq: Host

Address

Flags

 

Expires

dnsmasq: stinkpad.alrac.net

192.168.1.102

4FRI

H

 

dnsmasq: localhost

127.0.0.1

4F I

H

 

dnsmasq: xena.alrac.net

192.168.1.10

4FRI

H

 

dnsmasq: pyramid.alrac.net

192.168.1.50

4FRI

H

 

dnsmasq: stinkpad

192.168.1.102

4F I

H

 

dnsmasq: xena

192.168.1.10

4F I

H

 

dnsmasq: localhost.alrac.net

127.0.0.1

4FRI

H

 

dnsmasq: pyramid

192.168.1.50

4F I

H

 

This is a snippet from a populated cache:

  dnsmasq: cache size 150, 0/178 cache insertions re-used unexpired cache entries.

dnsmasq: Host

Address

Flags

 

Expires

dnsmasq: stinkpad.alrac.net

192.168.1.102

4FRI

H

 

dnsmasq: localhost

127.0.0.1

4F I

H

 

dnsmasq: i.cnn.net

64.236.16.137

4F

 

Wed Jan 24 15:36:42

2007

 

 

 

 

dnsmasq: i.cnn.net

64.236.16.138

4F

 

Wed Jan 24 15:36:42

2007

 

 

 

 

dnsmasq: bratgrrl.com

67.43.0.135

4F

 

Wed Jan 24 17:45:49

2007

 

 

 

 

dnsmasq: a.tribalfusion.com

204.11.109.63

4F

 

Wed Jan 24 15:29:08

2007

 

 

 

 

dnsmasq: a.tribalfusion.com

204.11.109.64

4F

 

Wed Jan 24 15:29:08

2007

 

 

 

 

dnsmasq: ad.3ad.doubleclick.net

216.73.87.52

4F

 

Wed Jan 24 15:27:29

2007

 

 

 

 

dnsmasq: ads.cnn.com

64.236.22.103

4F

 

Wed Jan 24 16:21:41

2007

 

 

 

 

Table 4-1 shows what the flags mean.

  • BothFandRmay be set for names from DHCP or /etc/hosts.

Table 4-1. dnsmasq cache flags and their meanings

Flag

Meaning

4

IPv4 address

6

IPv6 address

C

CNAME

F

Forward (name address) mapping

R

Reverse (address name) mapping

I

Immortal (no expiry time)

D

Originates from DHCP

N

Negative (name known not to have address)

X

No such domain (name known not to exist)

H

Originates from /etc/hosts

 

See Also

  • man 8 dnsmasq contains a wealth of helpful information about all the available command-line options, many of which are also dnsmasq.conf options
  • dnsmasq.conf is also a great help resource
  • dnsmasq home page (http://www.thekelleys.org.uk/dnsmasq/doc.html) is where you’ll find mailing list archives and excellent help documents
  • Chapter 24, “Managing Name Resolution,” in Linux Cookbook, by Carla Schroder (O’Reilly)



 
 
>>> More BrainDump Articles          >>> More By O'Reilly Media
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

BRAINDUMP ARTICLES

- Apple Founder Steve Jobs Dies
- Steve Jobs` Era at Apple Ends
- Google's Chrome Developer Tool Updated
- Google's Chrome 6 Browser Brings Speed to th...
- New Open Source Update Fedora 13 is Released...
- Install Linux with Knoppix
- iPad Developers Flock To SDK 3.2
- Managing a Linux Wireless Access Point
- Maintaining a Linux Wireless Access Point
- Securing a Linux Wireless Access Point
- Configuring a Linux Wireless Access Point
- Building a Linux Wireless Access Point
- Migrating Oracle to PostgreSQL with Enterpri...
- Demystifying SELinux on Kernel 2.6
- Yahoo and Microsoft Create Ad Partnership

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: