How can I dump the pdns-recursor cache on Debian?

Question

According to man rec_control(1) I should be able to dump the pdns-recursor cache to file with rec_control dump-cache /tmp/the-cache.

If I do that (on Debian buster), it says "dumped xxx records", but when I go look there is no file /tmp/the-cache. If I try the same command again, it says "Error opening dump file for writing: File exists". But I still can't find the file.

# rec_control dump-cache /tmp/the-cache
dumped 324 records

# cat /tmp/the-cache
cat: /tmp/the-cache: No such file or directory

# rec_control dump-cache /tmp/the-cache
Error opening dump file for writing: File exists

# cat /tmp/the-cache
cat: /tmp/the-cache: No such file or directory

# systemctl restart pdns-recursor.service

# rec_control dump-cache /tmp/the-cache
dumped 532 records

# cat /tmp/the-cache
cat: /tmp/the-cache: No such file or directory

Does Debian run pdns-recursor in a chroot jail maybe? Is there a way to dump the cache to a file where I can find it?

Answer 1

Reddit user u/hahainternet solved it for me in r/debian.

Debian's systemd unit file for the pdns-recursor service sandboxes the process. Its /tmp directory is still reachable from the host system though:

• via /tmp/systemd-private-[...]-pdns-recursor.service-[...]/tmp
• or by entering the process' namespace using nsenter -a -t <pid of pdns-recursor>.

One of these then allows access to /tmp/the-cache. A bit unwieldy, but it works.