Does PureOS use a DNS cache?

I tried googling how to flush the DNS cache for Linux machines and most of the answers have told me to restart a specific service that handles the DNS caching. However, I’ve tried all of these and the service is never found on my machine. Does PureOS do any DNS caching whatsoever? And if it does what service does it use?

1 Like

I’m not sure about PureOS I’m with Debian and Ubuntu in my computers, did you try with sudo systemd-resolve --flush-caches ?
That’s how works for me if not, here you’ve got some other options.

I think in fact we do use a DNS caching tool, specifically dnsmasq. I haven’t set it up on my machine but I can see that it is “vendor enabled” according to systemd;

● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)

It’s possible that the design of systemd requires a DNS cache and it looks like the command uzanto posted is likely a good place to start.

$ sudo systemd-resolve --flush-caches 
Failed to flush caches: Unit dbus-org.freedesktop.resolve1.service not found.
$ sudo systemctl restart nscd
Failed to restart nscd.service: Unit nscd.service not found.
$ sudo systemctl restart dnsmasq
Failed to restart dnsmasq.service: Unit dnsmasq.service not found.
$ sudo systemctl restart named
Failed to restart named.service: Unit named.service not found.

There doesnt seem to be a service running for me on any of these. However, systemd-resolve exists on my system.

$ which systemd-resolve 

Am I doing something wrong?

I don’t think you’re doing something wrong. Perhaps we’ll have an easier time if you let us know why you need to flush your DNS cache – do you think you are getting inaccurate DNS results or unable to connect to a service? Perhaps another means of debugging might help? Like TCPDump?

I need to make sure that my DNS is flushed because I decided to play with poisontap. I already flushed my browser cache I just want to make sure there isn’t any residual effects still present at the OS DNS layer.

1 Like

Bump. Currently I’m under the assumption that there is no DNS cache on my device. Is this possible? Is there any other ideas about what I should check?

You might check to see if dnsmasq is running. As I mentioned, it is ‘vendor enabled’ in PureOS. There is one way to dump the dnsmasq cache;

sudo pkill -USR1 dnsmasq

Then look in /var/log/syslog for dnsmasq entries. That should show you stats. Otherwise you’ll need to debug your system locally to determine if your configuration or installs have brought in a caching mechanism.

Thanks for the tip on the syslog file location. Looks like nothing new shows up in /var/log/syslog after running sudo pkill -USR1 dnsmasq. The log file has a bunch of reports that dns-mgr is writing and removing DNS information to/from the file /sbin/resolvconf. These line look as follows:

Mar 31 15:23:11 -- NetworkManager[694]: <info>  [1554063791.2829] dns-mgr: Writing DNS information to /sbin/resolvconf
Mar 31 15:23:11 -- NetworkManager[694]: <info>  [1554063791.3111] dns-mgr: Removing DNS information from /sbin/resolvconf

I’m not certain why it is logged that DNS information is being written to an executable file in my path. And I also don’t know why it is logged as dns-mgr because there is no executable or service on my system with that name.

$ which dns-mgr
$ sudo systemctl status dns-mgr
Unit dns-mgr.service could not be found.

Removing these repeating lines leaves the following output:

$ sudo cat /var/log/syslog | grep dns | grep -v resolvconf
Mar 24 15:04:32 -- systemd[1]: pppd-dns.service: Succeeded.
Mar 24 15:04:32 -- kernel: [   19.386025] audit: type=1400 audit(1553457871.880:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/{bin,sbin}/dnsmasq" pid=579 comm="apparmor_parser"
Mar 24 15:04:32 -- kernel: [   19.386035] audit: type=1400 audit(1553457871.880:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/{bin,sbin}/dnsmasq//libvirt_leaseshelper" pid=579 comm="apparmor_parser"
Mar 24 15:04:32 -- kernel: [   19.401551] audit: type=1400 audit(1553457871.896:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="mdnsd" pid=583 comm="apparmor_parser"
Mar 24 15:05:08 -- variety.desktop[1957]:     (self._dns_host, self.port), self.timeout, **extra_kw)
Mar 24 15:05:38 -- variety.desktop[1957]:     (self._dns_host, self.port), self.timeout, **extra_kw)

Looks like I have a dns service called pppd?

$ sudo systemctl status pppd-dns
● pppd-dns.service - Restore /etc/resolv.conf if the system crashed before the ppp link was shut down
   Loaded: loaded (/lib/systemd/system/pppd-dns.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Sun 2019-03-24 15:04:32 CDT; 1 weeks 0 days ago
  Process: 685 ExecStart=/etc/ppp/ip-down.d/0000usepeerdns (code=exited, status=0/SUCCESS)
 Main PID: 685 (code=exited, status=0/SUCCESS)

Mar 24 15:04:32 -- systemd[1]: Starting Restore /etc/resolv.conf if the system crashed before the ppp link was shut down...
Mar 24 15:04:32 -- systemd[1]: pppd-dns.service: Succeeded.
Mar 24 15:04:32 -- systemd[1]: Started Restore /etc/resolv.conf if the system crashed before the ppp link was shut down.

But this service is listed as inactive, since the 24th. I’ve used my laptop browser since that date, so if it was handling DNS caching wouldn’t have been active then? Or even now as I write this response?

I’ve tried googling pppd and how to clear the cache for the program, but I haven’t found anything yet. I will keep looking, but this is where I am right now. What would happen if I just masked the pppd service with systemctl to prevent it from running? I assume bad things.

PS: My PureOS install is the default install on the Librem13v3 which I bought around November/December. I haven’t directly messed with anything related to DNS yet. So my configuration and installs should be the same as everyone else with this OS version.

I don’t think you need to have ppp (the point-to-point protocol) daemon on your system, unless of course you explicitly installed it or if it has been installed as a dependency by another application. You can look in/var/log/apt/history.log to see if it has been pulled in. My history files go back a pretty long way so you should find ppp in there and see which package pulled it in.

What if that file is blank? I use apt. Could the apt log file be elsewhere?
Hold on, the log files are just compressed

zless can read gzipped files
zless /var/log/foo.gz

Well, I already used gunzip to unpack them. But I will keep zless in mind for future compressed file reading. From the apt log files, it seems ppp only appears once, It was one of the packages that was updated when I ran apt-get upgrade back in December. I don’t see anything that shows it’s installation.

How it got install isn’t a main concern of mine right now though, I can delete it later. If ppp doesn’t handle DNS caching then what on my system does? None of my googling results has pointed me to a software that I have installed and running…

Do you know what dns-mgr is? From the previous log output it looks to be a part of NetworkManager? I’ve tried looking into NetworkManager DNS flushing but have found no solutions through the GUI or CLI. I’ve seen a couple things on stack overflow that mention DNS caching on older versions of Ubuntu were disabled by default, but PureOS is neither Ubuntu nor running versions around 12.0 so I’m still not confident that my machine isn’t caching DNS.

dnsmasq seems to be installed on my system, because I can run man dnsmasq. Also:

$ which dnsmasq

Is there a config file somewhere that would tell me if caching is enabled?

The way DNS is done seems to keep on changing so caveat emptor

cat /etc/resolv.conf

Probably this file is used by very few system components these days but it may be being maintained for historical compatibility and may point you in the right direction.

Also see whether systemd-resolved is a process that is running,

Also use netstat -anup to see whether you can spot any processes that might be listening for DNS requests (probably port 53).

This won’t tell you whether any component is caching DNS results but it might at least tell you how DNS requests are being resolved, and hence get you looking in the right place.

I don’t know what the context of your original question was but bear in mind that individual applications may cache DNS results over and above what the operating system is doing. In particular, something like Firefox may cache DNS results independently of the operating system. (Edit: This is quite separate from something like Firefox caching actual web pages.)

1 Like