DNS on linux

May 23, 2013

I became curious about what kind of DNS cachine goes on in a modern linux system. You would think that this is the kind of thing that might go on inside the kernel (client side caching that is). My current system is a Fedora 18 x86_64 system running a 3.9.2 kernel. There is a package "nscd" that claims to do DNS caching, but it is neither running nor installed on my present system.

I thought it might be instructive to look at DNS activity with wireshark, but I have to install it first:

yum install wireshark
yum install wireshark-gnome
Probably just installing wireshark-gnome would do. Just yum install wireshark installs something, heaven knows what, but typing "wireshark" on the command line doesn't yield what I want afterwards. Wireshark-gnome gives what I want.

To see only DNS traffic, use this filter:

udp.port eq 53
And, interestingly - every time I type "ping homer", I see a DNS query on the wire. This is not good, no caching going on.
yum install nscd
service nscd start
chkconfig nscd on
And now I see caching, the first "ping" puts a DNS request on the wire, but subsequent ones do not.

To run wireshark on a remote machine:

ssh -X root@mmt wireshark

Have any comments? Questions? Drop me a line!

Adventures in Computing / tom@mmto.org