DNS cache, list, flush, disable

Discussion in 'all things UNIX' started by MarkKx, Nov 29, 2016.

  1. MarkKx

    MarkKx Registered Member

    Joined:
    Feb 13, 2016
    Posts:
    13
    Hello, everybody.
    DNS cache with all its data, means huge risk factor for computer user.
    My questions are:
    - which program, daemon do all DNS cache job?
    - how could I see data DNS cache?
    - how could I effectively flush all this data?
    - how to stop create a new data?
    How it looks like in Debian Jessie with sysemd?
    Appreciate any help.
    Mark.
     
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Why do you think that?
     
  3. MarkKx

    MarkKx Registered Member

    Joined:
    Feb 13, 2016
    Posts:
    13
    The DNS cache is a record of domain names converted into IP addresses during Web browsing and similar activities.
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    So what, you don't trust your own local machine? Do you honestly think that disabling the DNS cache inceases security?

    A DNS cache is a security benefit, because you then only transmit a DNS request once.

    Disable your DNS cache and you transmit one every time. If you're being monitored, not only can people see what site you're visiting, they now know how many times you visit it.
     
  5. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Well said :thumb:
     
  6. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    426
    It's sad to see a legit question being met by unhelpful [******] replies.

    Mark, I'm using a debian-derivative without systemd and, AFAIK, package "nscd" (nor "unscd") was not pre-installed.

    number 1 search result returned by google search query "linux|debian inspect dns cache" is
    http://unix.stackexchange.com/questions/28553/how-to-read-the-local-dns-cache-contents
    which mentions (as of 2012) nscd is buggy.

    By visiting https://packages.debian.org we can enter a package name & the resulting page will display links to bugtracker, etc.
    Yes, multiple open issues currently still exist for the nscd package.

    Do you keep track of which among your installed programs are net-aware?
    If so, do you employ measures like "firejail --nonet programname" to restrict which progs may callout?
    Of the programs which do (ask to, and are permitted to) callout, which of them involve DNS requests?

    Typically, on my system, nothing other than the web browser, smtube, and streamtuner2 issue DNS requests.
    The browser internally caches DNS lookup results; those other apps (based on the traffic I've observed) do not cache.

    Ironically (considering that you're seeking to disable/purge caching), it's somewhat a PITA to setup/enable caching in the first place
    https://wiki.debian.org/HowTo/dnsmasq
    http://askubuntu.com/questions/22750/best-way-to-set-up-dns-caching

    If you are using TOR, or a VPN client, or dnscrypt, you will need to separately research whether those components individually maintain a DNS cache.
     
    Last edited: Dec 14, 2016
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    I expect you to refrain from such vulgar wording.

    Besides, the question itself was legit but its underlying assumption was questioned by elapsed and myself.
     
  8. MarkKx

    MarkKx Registered Member

    Joined:
    Feb 13, 2016
    Posts:
    13
    Everything I aimed was to see the local DNS's cache content, and make it unaccessible for the others.
    The good news is, the debian-derivative does not do any OS-level DNS caching.
    The only problem to solve is webrowser cache and individual application cache maintain.
    @elapsed
    Please, be serious.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Your initial hypothesis is incorrect.
    A discussion based on it will not yield anything meaningful.
    There's nothing risky in the DNS cache whatsoever.

    However, if you want to make sure no one knows what you have browsed on your box ...
    That's a completely different discussion and it involves so much more than your question.

    Mrk
     
  10. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    426
    Right.
    I've removed the slangword adjective.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    If DNS cache security is the issue and you use a third party firewall or a AV solution with a configurable firewall, you can do this.

    Disable the Windows dnscache service. When you do that, for every outbound program that requires an Internet connection, you will have to additionally code a DNS rule; e.g. outbound port 53, UDP, to your DNS server IP address. This is the most secure way to use DNS.
     
  12. MarkKx

    MarkKx Registered Member

    Joined:
    Feb 13, 2016
    Posts:
    13
    I,am absolutely aware of it, and this answer is not applicable to my question.
    My aim is extremely simple - reducing DNS_cache as risk factor on my Windows machine.
    DNS understand as:
    a\- network traffic (DNSCrypt)
    b\- DNS_cache on PC:
    - viewing (ipconfig /displaydns)
    - flushing (ipconfig /flushdns)
    - stopping (net stop dnscache)
    c\- secure DNS provider (if they exists).
    Basically, I do not like unannounced and curious visitors, thats all.
     
  13. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141

    Salut,


    https://crypto.stanford.edu/dns/dns-rebinding.pdf

    Good luck.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.