1

I asked this question on how to see the Linux DNS cache. It looks like it's possible but it doesn't show TTL, unlike those for Firefox, Chrome, and Windows.

On windows, this looks like

PS C:\> ipconfig /displaydns

Windows IP Configuration


chrome.cloudflare-dns.com
----------------------------------------
Record Name . . . . . : chrome.cloudflare-dns.com
Record Type . . . . . : 1
Time To Live  . . . . : 54
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 104.18.27.211


    vortex.data.microsoft.com
----------------------------------------
Record Name . . . . . : vortex.data.microsoft.com
Record Type . . . . . : 5
Time To Live  . . . . : 6
Data Length . . . . . : 8
Section . . . . . . . : Answer
CNAME Record  . . . . : asimov.vortex.data.trafficmanager.net




...

On linux, it's possible to dump the cache and look at it with journalctl:

rj@vps:~$ time=$(date "+%F %T")
rj@vps:~$ systemctl kill -s USR1 systemd-resolved
rj@vps:~$ journalctl -b -0 --since "$time" -u systemd-resolved | grep " IN "
Oct 10 22:28:38 myserver systemd-resolved[3255524]:         cloudflare.com IN A 104.16.133.229
Oct 10 22:28:38 myserver systemd-resolved[3255524]:         cloudflare.com IN A 104.16.132.229

Question

How do you get the TTL of a record in the DNS cache on Linux using systemd?

Edit:

Based on user1686's answer, this script will return TTL and 0 if it's at 0 or not in cache:

get-ttl () {
    site="$1"
    time=$(date "+%F %T")
    systemctl kill -s USR1 systemd-resolved
    dns_cache=$(journalctl -b -0 --since "$time" -u systemd-resolved \
        | grep " IN ")
    site_cache="$(echo $dns_cache | grep $site)"
    if [ "$site_cache" ]
        then dig +noall +answer $site A | awk '{ print $2 }'
        else echo 0
    fi
}

You can then use this to find TTL in cache and out of cache:

$ get-ttl motel6.com
3349
$ get-ttl motels.com
0
Ross Jacobs
  • 189

1 Answers1

2

Make a DNS query against the caching resolver:

dig +noall +answer cloudflare.com A @127.0.0.53

The remaining cache TTL in seconds will be shown as the 2nd field (between name and class). Optionally add +ttlunits to have it formatted.

(Note that you shouldn't need to specify the @127.0.0.53, as it should be the only entry in your resolv.conf when using systemd-resolved; I have included it for demonstration purposes only.)

Whenever a DNS server returns an answer from cache (regardless of it being systemd-resolved or dnsmasq or your router or 8.8.8.8) the answer's TTL field will always indicate the remaining time to live in the server's cache, to ensure that downstream resolvers won't keep the entry cached longer than the original limit. Only authoritative answers may include the full TTL.

grawity
  • 501,077