NextDNS cli - cache hit/miss

A cache 'hit' is where a previously cached record is successfully found and served to a requesting client. Conversely, a cache 'miss' is where the requested DNS record is not in the cache and must then be forwarded to the DNS resolver for response. The subsequent DNS response is then cached and should, in theory, increase 'hits' for future requests.

By running this command:

sudo nextdns cache-keys

You will actually see the DNS records stored in the cache. You can get a count of the number of cached entries by executing the following:

sudo nextdns cache-keys | grep -v -E '^\[|\]$' | wc -l

Another thing I also should have mentioned is that cache entries are unique to a NextDNS profile. That is evident in the call to `nextdns cache-keys`.

For example, let's say you have created two NextDNS profiles:

1. Profile 123abc: Allows "www.facebook.com"
2. Profile 456def: Disallows (blocks) "www.facebook.com"

Therefore, if a client on your network using profile 123abc accesses "www.facebook.com", then the NextDNS CLI will cache the A/AAAA (etc.) records for "www.facebook.com", but will also store "https://dns.nextdns.io/123abc" along with those cache entries.

Then, a client on your network using profile 456def subsequently attempts to access "www.facebook.com", but in this case, the NextDNS CLI will see that profile 456def is not 123abc, and therefore should not be served the cached "www.facebook.com" record for the 123abc. If the NextDNS CLI happened to provide a reply to a client on profile 456def from the cache of profile 123abc, then that would undermine the blocking you desired for profile 456def.

Further, in the case of having 2+ NextDNS profiles, if you call `nextdns cache-keys` and find the count of records there the cache will look a lot bigger than actual unique records. This is due to what I explained above.

Hopefully that all makes sense. If not, I'll be happy to explain further.