Diversion Diversion Question- Configuring the Cache TTL

[Twiglets]

Spoke too soon []:

Final hack.

address=/xx.prod.service.minerva.devices.a2z.com/
local=/xx.prod.service.minerva.devices.a2z.com/

These entries will filter out all queries that include "xx.prod.service.minerva.devices.a2z.com" in the query.

This should match your insane client.

Repeat the pattern with anything else it is trying to query infintely.

address=/<whatever>/
local=/<whatever>/

I will really butt out now !!!!!

 

[snapieee]

Yikes! How frequent are the black holed queries in comparison?

About 10-20 min after restarting dnsmasq, and then it is non-stop for a few min - didn't count that one.

If you run top on the router, presumably it's dnsmasq that's using all the CPU?

It seems to be bouncing between these processes: {diversion} /bin/sh /opt/bin/diversion, dnsmasq --log-async, and networkmap --bootwait.

At first, I was watching CPU usage through the GUI, but I stopped doing that so I could get a more objective view using top. When I noticed Diversion climbing the list, I initially thought it might be related to me actively viewing or tailing the dnsmasq log. To test that, I paused the log (Ctrl+C), and almost immediately Diversion dropped back down and CPU usage returned to normal. As soon as I unpause it, CPU spikes again and Diversion shoots back up the list.

What’s interesting is that I don’t see any spikes at all when filtering entries via 0.0.0.0.

That said, this isn’t a constant thing. If it were happening 100% of the time, my router would’ve melted by now . It shows up roughly every 10 minutes. Sometimes it stops on its own, and other times it just keeps running nonstop for who knows how long.


On a side note, I previously had divstats installed, and the query count for that domain was around 1.5 million in just two days. That honestly caught my attention pretty fast. I ended up uninstalling divstats because I was worried that, as the database grows, it could turn into a bigger problem over time.

That’s actually what pushed me toward handling the filtering directly through dnsmasq.conf.add instead.

EDIT:
When filtering using 0.0.0.0 and/or ::1, there are no CPU spikes at all—even while I’m actively viewing or tailing the log through Diversion.

If you don't use IPv6 you can put in dnsmasq.conf.add the following:

filter-AAAA

It filters out all IPv6 addresses returned, not sure if that would include NXDOMAIN from IPv6 queries !!!???

The real problem is the device that is generating all these queries ... where are they coming from ???
Can you 'kill' the app that is responsible ???

PS. Sorry for cross posting ... I will butt out !!!

I really don't really use ipv6 but i'll consider this option.

Spoke too soon []:

Final hack.

address=/xx.prod.service.minerva.devices.a2z.com/
local=/xx.prod.service.minerva.devices.a2z.com/

These entries will filter out all queries that include "xx.prod.service.minerva.devices.a2z.com" in the query.

This should match your insane client.

Repeat the pattern with anything else it is trying to query infintely.

address=/<whatever>/
local=/<whatever>/

I will really butt out now !!!!!

That's the first thing I have tried, but i opted in doing minerva.devices.a2z.com to cover more sub-domains just in case.

 

[snapieee]

filter-AAAA

I just add it in a single line to dnsmasq.conf.add, and it is seems to be working as I don't see any aaaa queries/replies in dnsmasq.

The real problem is the device that is generating all these queries ... where are they coming from ???
Can you 'kill' the app that is responsible ???

I’m pretty sure it’s one of my Amazon smart devices — I just haven’t figured out exactly which one yet. Normally this would be easy to spot by checking the IP in dnsmasq, but after upgrading to 3006, GuestNetworkPro traffic wasn’t being filtered by Diversion at all.

I ended up using a workaround to get filtering working again. The downside is that all DNS queries from GuestNetworkPro now show up in dnsmasq as if they’re coming from the main router IP, which makes tracking the actual device a lot harder.

Here’s the workaround I’m using:

#!/bin/sh

CONFIG="$1"
. /usr/sbin/helper.sh
pc_delete "servers-file=" "$CONFIG"
pc_append "server=192.168.x.x" "$CONFIG"

 

[Twiglets]

I just add it in a single line to dnsmasq.conf.add, and it is seems to be working as I don't see any aaaa queries/replies in dnsmasq.


I’m pretty sure it’s one of my Amazon smart devices — I just haven’t figured out exactly which one yet. Normally this would be easy to spot by checking the IP in dnsmasq, but after upgrading to 3006, GuestNetworkPro traffic wasn’t being filtered by Diversion at all.

I ended up using a workaround to get filtering working again. The downside is that all DNS queries from GuestNetworkPro now show up in dnsmasq as if they’re coming from the main router IP, which makes tracking the actual device a lot harder.

Here’s the workaround I’m using:

#!/bin/sh

CONFIG="$1"
. /usr/sbin/helper.sh
pc_delete "servers-file=" "$CONFIG"
pc_append "server=192.168.x.x" "$CONFIG"
[/QUOTE]

I just add it in a single line to dnsmasq.conf.add, and it is seems to be working as I don't see any aaaa queries/replies in dnsmasq.


I’m pretty sure it’s one of my Amazon smart devices — I just haven’t figured out exactly which one yet. Normally this would be easy to spot by checking the IP in dnsmasq, but after upgrading to 3006, GuestNetworkPro traffic wasn’t being filtered by Diversion at all.

I ended up using a workaround to get filtering working again. The downside is that all DNS queries from GuestNetworkPro now show up in dnsmasq as if they’re coming from the main router IP, which makes tracking the actual device a lot harder.

Here’s the workaround I’m using:

#!/bin/sh

CONFIG="$1"
. /usr/sbin/helper.sh
pc_delete "servers-file=" "$CONFIG"
pc_append "server=192.168.x.x" "$CONFIG"

I know I said I would butt out ... BUT this is annoying me , I want to fix it if I can understand what is going on !!!

What file is this ???

I want to understand what your workaround has changed from the normal setup !!!

 

[dave14305]

What file is this ???

I want to understand what your workaround has changed from the normal setup !!!

It looks like it’s /jffs/scripts/dnsmasq-sdn.postconf reconfiguring each Guest dnsmasq instance to forward requests to the main LAN dnsmasq instance where Diversion is active.

 

[Twiglets]

@snapieee could you provide a copy of the following files:
[Not sure where they 'should be' as I have 'hacked' my setup a lot and the files are now in multiple places ]

Trying to see all the things that impact the final dnsmasq.conf in /etc ... where the changes are coming from, what addresses are predefined in the hosts file & if the resolv files are changing anything !!!

/etc/dnsmasq.conf <=== the final version of dnsmasq after being processed by various scripts
/tmp/resolv.conf ... might be in /etc
/tmp/resolv.dnsmasq ... might be in /etc
/tmp/resolv.dnsmasq.sdn? ... might be multiple files
/jffs/scripts/dnsmasq-sdn.postconf
/jffs/scripts/dnsmasq.postconf
/jffs/configs/dnsmasq.conf.add
/jffs/configs/hosts
/jffs/configs/hosts.dnsmasq

P.S. What addons have you installed on your router and versions ???