While debugging a problem with EDNS records, I wanted to get some cache info from the PowerDNS pdns-recursor. rec_control dump-cache should supply it, but I did not see it.

# rec_control dump-cache out.txt
Error opening dump file for writing: Permission denied

Doh, it's running as the pdns user. Let's write in /tmp.

# rec_control dump-cache /tmp/out.txt
dumped 42053 records

# less /tmp/out.txt
/tmp/out.txt: No such file or directory

Wait what? No files?

Turns out Systemd has mapped /tmp into a private location:

# ls -l /tmp/systemd-private-81..34-pdns-recursor.service-1..Q/tmp/out.txt 
-rw-r----- 1 pdns pdns 2303585 nov 15 15:36 /tmp/systemd-private-81..34-pdns-recursor.service-1..Q/tmp/out.txt

Feature.

If you know it, it won't come as a surprise.

# grep -i tmp /lib/systemd/system/pdns-recursor.service
PrivateTmp=true

powerdns systemd tmpfs dns