How to view DNS cache entries with the new systemd-resolved resolver

If your Linux servers or desktops are experiencing networking issues, you might want to view your DNS cache. Jack Wallen shows you how with a systemd-resolved-based distribution.

Using the new systemd-resolved resolver to view DNS cache entries

Many recently released Linux distributions, such as Ubuntu 20.10 and Fedora 33, have made the switch to systemd-resolved for the handling of DNS, DNSSEC, DNS over TLS, mDNS, and LLMNR. Although this system has been around for some time, many distributions have been hesitant to make the change. That trepidation has been brushed aside in favor of the flexibility offered by systemd-resolved. 

For those new to this new system, it's probably going to be a bit of a challenge to get up to speed on the finer points of working with the systemd-based resolver.

For instance, take the viewing of DNS cache entries. There is no built-in mechanism for this task, but there is a way to get around that. Although a bit of trickery shouldn't be necessary, if you want to view DNS cache entries, there's not much choice (that I know of) to make this happen.

You might be asking, "Why would I need to view DNS cache entries?" There are times when a DNS cache goes a bit awry. When this happens, any service that depends on DNS might not function properly. Although a regular flushing of the DNS cache can go a long way to prevent this, if the issue is happening often, you'll want to view that cache to see if it offers any insight into why the problem is occurring in the first place.

In other words, viewing the DNS cache is one way to beef up your network troubleshooting efforts.

SEE: Linux service control commands (TechRepublic Premium)

What you'll need

  • A Linux distribution (either Server or Desktop) that uses systemd-resolved

  • A user with sudo privileges

How to view the DNS cache

In order to make this happen, we have to send a kill signal to systemd-resolved. This doesn't actually kill the service, but will instruct systemd-resolved to write the current cache entries (and a few other bits of information) to the system log.

The command to send that kill signal is:

sudo killall -USR1 systemd-resolved

You should get your command prompt back immediately. Once you do, you can then run the command to export the log message to a text file with the command:

sudo journalctl -u systemd-resolved > ~/dns-cache.txt

The above command will create the file dns-cache.txt in your home directory. Depending on how large your DNS cache file is, the command might take anywhere from two to 30 seconds.

You can then view the txt file with the command:

less ~/dns-cache.txt

When viewing the file for my recently upgraded Pop!_OS distribution, I discovered the repeated error:

systemd-resolved[1839]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.

It turns out the upgrade created an incorrect symlink. The file /etc/resolv.conf was incorrectly pointing to /run/systemd/resolve/stub-resolv.conf instead of /run/systemd/resolve/resolv.conf. To correct that, I had to first remove the current link with the command:

sudo rm /etc/resolv.conf

Next, I created the correct link with the command:

sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

The DNS error stopped filling up my cache and all was well.

And that's all there is to viewing the DNS cache entries with a Linux distribution that uses systemd-resolved. It's not all that hard, but it does require that you remember a couple of commands. That shouldn't be a problem, given you're a Linux systems administrator.

Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Also see

istock-542837448.jpg

Image: iStockphoto/Spectral-Design