1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

DNS Caching Question

Discussion in 'ASUS AX Routers & Adapters' started by LongRangeSkeet, May 28, 2020.

  1. LongRangeSkeet

    LongRangeSkeet Regular Contributor

    Joined:
    Feb 15, 2020
    Messages:
    65
    Does the stock firmware provide DNS caching or only Merlin?

    I had to downgrade back to stock and noticed that my Pi-Hole is now faster in the DNS benchmarks than the router.

    Thanks
     
  2. dave14305

    dave14305 Part of the Furniture

    Joined:
    May 19, 2018
    Messages:
    3,348
    Location:
    USA
    Search in your syslog for “cachesize” and it should tell you. 150 is dnsmasq default. 1500 is Merlin default. I have no recollection of what Stock uses.
     
    LongRangeSkeet likes this.
  3. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    33,269
    Location:
    Canada
    Both use dnsmasq for caching.
     
    LongRangeSkeet likes this.
  4. LongRangeSkeet

    LongRangeSkeet Regular Contributor

    Joined:
    Feb 15, 2020
    Messages:
    65
    Thanks. It's strange though, while on Merlin the router would score a ton higher on DNS benchmark, always taking first place. Now, back on stock firmware, my pi-hole scores best, followed by the upstream 1.1.1.1, every single time.

    Should AI Protection be enabled? Is it good for security or is it needed for QoS? Or should it be left OFF because it will break things? Do you have it turned ON?

    Thanks again
     
  5. LongRangeSkeet

    LongRangeSkeet Regular Contributor

    Joined:
    Feb 15, 2020
    Messages:
    65
    I did a Ctrl+F on the general log and couldn't find DNS caching mentioned anywhere. The only thing that came up were several lines about packet caching.
     
  6. dave14305

    dave14305 Part of the Furniture

    Joined:
    May 19, 2018
    Messages:
    3,348
    Location:
    USA
    Force a change on the WAN DNS page or LAN DHCP Server page to restart dnsmasq, then check again. Or login via ssh and run:
    Code:
    grep cache /etc/dnsmasq.conf
     
  7. LongRangeSkeet

    LongRangeSkeet Regular Contributor

    Joined:
    Feb 15, 2020
    Messages:
    65
    Thank you brother! Making a change on the WAN DNS page is all it took. :)
     
  8. dave14305

    dave14305 Part of the Furniture

    Joined:
    May 19, 2018
    Messages:
    3,348
    Location:
    USA
    What was the result? 1500?
     
  9. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    33,269
    Location:
    Canada
    My guess is either you used different DNS servers, or you had DoT and DNSSEC enabled, which will both slow down DNS queries.

    Personally I think at the very least Malicious Website blocking should be enabled, to protect all your LAN clients (including mobile devices) against accessing malicious websites. Enabling the two-way IPS is probably a good idea as well. I do keep Infected Devices blocking disabled however, as there has been a few reports of false positive from that one.

    As for Adaptive QoS, it's a matter of choice/needs. Personally I do use it, in part because I use VoIP both for work and for home (first through an IP phone, the second through an ATA on a separate SIP account). I also like being able to track traffic types within my LAN.
     
  10. Pak Kriss

    Pak Kriss Regular Contributor

    Joined:
    Nov 12, 2018
    Messages:
    67
    Location:
    Bali
    A question related to DNS caching:

    DoT strict enabled
    DNS Filer - Global filter mode: Router

    Is there a DNS cache expiry value (in seconds) at Merlin which can be modified?

    Sent from my OnePlus 7 Pro using Asus RT-AC86U & Merlin 384.17
     
  11. dave14305

    dave14305 Part of the Furniture

    Joined:
    May 19, 2018
    Messages:
    3,348
    Location:
    USA
    You could create a /jffs/configs/dnsmasq.conf.add and use built-in dnsmasq parameters:
    What would the benefit be for you?
     
    Pak Kriss likes this.
  12. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    33,269
    Location:
    Canada
    Cache lifetime is based on the TTL value specified by the person managing the DNS zone you are querying. It's bad form to use a lower TTL than intended by the owner of the DNS zone, as you will be increasing the load on his DNS server beyond what was intended/planned by the manager of that DNS server. And using a longer TTL may lead to issues if the manager deliberately specified a short TTL for a specific reason. For instance when I know ahead of time that a customer will be migrating a service to a new IP, I generally reduce the TTL ahead of time to speed up propagation.

    So unless you had a very valid reason and fully understood the implication, you shouldn't touch the TTL.
     
  13. LongRangeSkeet

    LongRangeSkeet Regular Contributor

    Joined:
    Feb 15, 2020
    Messages:
    65
    I'm not sure, but it looks to be working so far. The second result down is the pihole.
    Annotation 2020-05-29 100405.png