34

To list the entries of DNS cache in OSX 10.11.6, I tried dscacheutil -statistics but that didn't work.

$ sudo dscacheutil -statistics
Unable to get details from the cache node

How can I just print what is there in the DNS cache without flushing it?

Praseetha KR
  • 725
  • 1
  • 5
  • 9

2 Answers2

23

mDNSResponder (multicast DNS daemon) SIGINFO signal can dump a snapshot summary of the internal state to /var/log/system.log, including the cache details. To do this:

Keep system log opened in one terminal:

tail -f /private/var/log/system.log

Send a SIGINFO signal to mDNSResponder from another terminal:

sudo killall -INFO mDNSResponder

Then check the logs in first terminal, you would be able to see cache dump:

mDNSResponder[98]: ------------ Cache -------------
mDNSResponder[98]: Slt Q     TTL if     U Type rdlen
mDNSResponder[98]:  52      1827 -U-      CNAME   17 www.sublimetext.com. CNAME sublimetext.com.
...
...
mDNSResponder[98]: Cache currently contains 154 entities; 3 referenced by active questions

(For more info: man mDNSResponder)

Praseetha KR
  • 725
  • 1
  • 5
  • 9
  • 12
    I tried this under Mac OS X Sierra 10.12.2 and it doesn't do anything! – Olivier Jan 21 '17 at 21:38
  • 16
    @OlivierdeBroqueville To check logs of `sudo killall -INFO mDNSResponder` in Sierra, open **Console** app, select your device on the left sidebar, then apply search filter _mdnsresponder_, DNS cache logs can be seen there. – Praseetha KR Jan 30 '17 at 10:14
  • Worked like a charm! Thank you! Btw, do you know if it's possible to edit the contents of the DNS cache? – Olivier Jan 31 '17 at 11:43
  • 7
    On newer macOS versions the logs were moved to a new logging system. You can either see them using the Console app, as @PraseethaKR has mentioned, or you can get them from your shell with following command: `log stream --predicate 'process == "mDNSResponder"' --info` – kjagiello Jul 09 '18 at 19:55
  • 7
    on my 10.14 MacOS it shows a bunch of private and not the actual info – Neal Dec 12 '18 at 02:55
  • Is it possible that this isn't consistent across all versions of macOS? I get different results per version. Is there a definitive command that lists the cache entries? – SolidSid Feb 24 '21 at 17:19
  • I came across this tool on my journey to seeing cache entries across different OS versions. It worked really well: https://georgegarside.com/blog/macos/sierra-console-private/ – SolidSid Mar 01 '21 at 10:46
  • 1
    I am trying in macOS BigSur. This plan will not work. – Bob Du Jun 08 '21 at 09:30
  • Confirmed. This does not work for BigSur. – James Hudson Sep 22 '21 at 12:26
  • I investigated some under-the-mask stuff and I think that maybe have something that can work. Unfortunately I'm a bit scary to test it on my working PC with a lot of company bloatware and I don't have my private Mac. I'm not posting this as an answer because it is not tested. Most probably it should not break MacOS but I can't guarantee it. Here is all my investigation and proposed steps: https://pastebin.com/BugQTPP4 – jdi Sep 24 '21 at 21:01
21

As @PrasseethaKR and @kjagiello point out, on High Siera mDNSResponer has moved from syslog to log. In addition, your DNS lookup messages are now considered private and will show as <private> in both Console and log stream by default.

To view your DNS lookups on High Sierra open an Terminal and run:

sudo log config --mode "private_data:on"
log stream --predicate 'process == "mDNSResponder"' --info

To go back to using private just run the following command.

sudo log config --mode "private_data:off"

Cheers!

Troy Sandal
  • 496
  • 4
  • 6