The basic foundation of the internet we know and use every day is effective and reliable communication of two or more network devices through IP address namespaces. We recall names much easier than numbers, hence the creation of the Domain Name System (DNS) that allows us to access internet addresses by names such as baeldung.com.
In this tutorial, we’re going to find out more about DNS, particularly DNS caching in Linux through local and installable DNS caching tools.
2. What Is DNS Caching?
A DNS cache is like a temporary database of recent DNS lookups that our computer can quickly refer to when it’s trying to figure out how to load a website on the internet. It stores all records of recent and attempted visits.
Whenever we attempt to load a website on our computer, our web browser requests our router for the appropriate IP address of the website we entered. All routers have a DNS server address store, which converts the hostname to the appropriate IP address so that the website can be loaded.
The DNS cache is useful as it intercepts hostname requests of recently visited websites before they’re sent out to the internet and refers them to its local database. This significantly reduces the time taken to load already visited websites as their respective IP address have already been cached.
3. DNS Caching With systemd-resolved
systemd-resolved is a locally available tool that is part of the systemd suite of system management tools. systemd is readily available in almost all of the major Linux distributions.
Most Linux distributions have systemd-resolved installed, but it usually isn’t active.
Let’s use systemd-resolved to create and run a small local caching DNS server that we’ll set up to start on boot. Furthermore, we’ll set up the rest of our system to redirect its DNS queries to the caching server we created.
3.1. Checking if systemd-resolved Is Already Running
By default, Linux distributions such as Ubuntu 19.04 have systemd-resolved running.
Let’s check if it’s running on our system:
$ sudo resolvectl status
If it’s already running, we should see the confirmation in the console output:
Global LLMNR setting: no MulticastDNS setting: yes DNSOverTLS setting: opportunistic DNSSEC setting: allow-downgrade
If we receive a failed message, then we need to enable and configure systemd-resolved.
3.2. How to Enable systemd-resolved
Let’s start the systemd-resolved service:
$ sudo systemctl start systemd-resolved.service
We can also ensure that systemd-resolved is run when our system boots up:
$ sudo systemctl enable systemd-resolved.service
To configure the DNS servers that systemd-resolved will query to resolve domains, we need to edit the systemd-resolved configuration file and include the necessary public or private DNS address pair.
For this article, we’ll use Google’s Public DNS address pair – it’s free and supports both DoT and DNSSEC:
Let’s open the main systemd-resolved configuration file and add Google’s Public DNS pair:
$ sudo nano /etc/systemd/resolved.conf DNS=18.104.22.168 22.214.171.124
We can now save and exit the editor.
Finally, we need to restart the systemd-resolved service to start using the nameservers we entered.
It’s good practice for us to configure systemd-resolved to manage the “/etc/resolv.conf” file by creating a symlink to “/run/systemd/resolve/stub-resolv.conf”. To achieve this, we need to delete or rename the current “/etc/resolv.conf” file, create a symlink, then restart the systemd-resolved service:
$ sudo mv /etc/resolv.conf /etc/resolv.conf.original $ sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf $ sudo systemctl restart systemd-resolved.service
4. DNS Caching With BIND 9
The Berkely Internet Name Domain (BIND 9) is a powerful name server program that we can use to set up a local DNS. It’s one of the most popular and widely-used name server programs.
Before installing bind9, let’s first update our system package repositories. If using apt, we’ll run:
$ sudo apt update $ sudo apt install bind9 bind9utils -y
Or, if we’re using yum, we can run:
$ sudo yum update $ sudo yum install bind9 bind9utils -y
This will install bind9 and its utilities.
After installation, we have access to several commands that we can use to start, enable, stop, and reload the bind9 service using its named systemd unit file:
$ sudo systemctl start --now named $ sudo systemctl enable --now named $ sudo systemctl stop --now named $ sudo systemctl restart --now named
Let’s use dig to measure how much time it takes to load a domain the first and subsequent times:
$ dig +noall +stats baeldung.com ;; Query time: 23 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Jan 01 11:19:05 EST 2022 ;; MSG SIZE rcvd: 56
Note that we used +noall and +stats options above to make the output more readable.
Our lookup above took a total of 23 milliseconds. We can then rerun the command above, and we should expect to get this output:
;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Jan 01 11:20:01 EST 2022 ;; MSG SIZE rcvd: 56
This time, the query time took 0 milliseconds because bind9 had already cached Baeldung’s website during our initial visit.
The default configuration files are:
- /etc/bind – the default bind9 configuration file path
- /var/cache/bind – working directory for named that contains transient file generated by it
- /etc/bind/named.conf – the primary configuration file for bind9
- /var/log/syslog – default log file for bind9
Whenever we make changes to the configuration files, we need to restart the bind9 service to effect the changes.
5. DNS Caching With dnsmasq
dnsmasq is a Linux utility that provides DNS caching capabilities. It’s designed to be lightweight and to have a small footprint, which is suitable for resource-constrained routers. It’s available in most Linux distributions and can be installed through the package manager.
Let’s type in the following command to install dnsmasq:
$ sudo apt-get install dnsmasq
For yum users, let’s use the command below:
$ sudo yum install dnsmasq
After installation, we can use the following commands to start and enable dnsmasq:
$ sudo systemctl start dnsmasq $ sudo systemctl enable dnsmasq
Let’s use dig to test if dnsmasq is working and how much time it saves when querying already visited websites:
$ dig +noall +stats baeldung.com
;; Query time: 27 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Jan 01 10:24:05 EST 2022 ;; MSG SIZE rcvd: 56
Our lookup above took a total of 27 milliseconds. When we rerun the command, we should expect to get the following output:
;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Jan 01 10:24:05 EST 2022 ;; MSG SIZE rcvd: 56
This time, the query time took 0 milliseconds because dnsmasq had already cached Baeldung’s website during our initial visit.
We can also clear the dnsmasq cache by restarting it:
$ sudo systemctl restart dnsmasq
We can find the dnsmasq configuration file in the “/etc/dnsmasq.conf” directory. The file contains a lot of configurations that we can change to make dnsmasq work however we want.
Whenever we edit the configuration file, we need to restart the dnsmasq service to effect the changes we made.
In this article, we took a look at what DNS and DNS caching mean. We also explored DNS caching in Linux using locally available tools like systemd-resolved.
Finally, we looked at installable DNS tools that are available through the package manager and how to utilize them.