What's new

dnsmasq cache not working

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

fbusa2012

Occasional Visitor
Hi, I have been running asus-merlin for few years. I wasn't pay attention to router dnsmasq cache at all until now. I found that the cache is not working at all. I am not sure if I have some setting wrong. I notice dnsmasq always send request to backend dns server for all the requests. I ran killall -SIGUSR1 dnsmasq and get the message in the log
cache size 1500, 0/0 cache insertions re-used unexpired cache entries.
It does not use cache at all.
I also ran dig +short chaos txt cachesize.bind hits.bind misses.bind insertions.bind evictions.bind
nothing come back

Please advise

Thanks
 
What's in dnsmasq.conf.add ?

Are you using DNSFilter or have set DNS servers under LAN - DHCP Server?
 
Last edited:
I am not using dnsfilter and not having dnsserver under LAN-DHCP server nor connect dns server automatically under WAN.

Here is dnsmasq.conf
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
domain=local.org
expand-hosts
dhcp-range=lan,192.168.17.10,192.168.17.99,255.255.255.0,86400s
dhcp-option=lan,3,192.168.17.1
dhcp-option=lan,15,local.org
dhcp-option=lan,252,"\n"
dhcp-authoritative
interface=tun21
interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1
interface=br3
dhcp-range=br3,192.168.103.2,192.168.103.254,255.255.255.0,86400s
dhcp-option=br3,3,192.168.103.1
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp
edns-packet-max=1280
#
#
conf-file=/jffs/configs/dnsmasq.base.txt

and dnsmasq.base.txt
log-queries
log-async=25
local-ttl=15
dhcp-ttl=180
rebind-localhost-ok
rebind-domain-ok=local.org
domain-needed
bogus-priv
server=192.168.17.235#5300
server=192.168.17.240#5300
server=192.168.17.245#5300
server=/local.org/192.168.17.230
server=/local.org/192.168.17.235
server=/local.org/192.168.17.240
rev-server=192.168.17.0/24,192.168.17.230
rev-server=192.168.17.0/24,192.168.17.235
rev-server=192.168.17.0/24,192.168.17.240
server=/in-addr.arpa/1.1.1.3
add-subnet=32
 
Thanks for that. That looks OK, although a bit unusual.

You appear to have three DNS servers on your LAN that dnsmasq is using, plus whatever's in /tmp/resolv.dnsmasq. That still doesn't explain why you're not getting any hits on the cache.

Can you check the DNS configuration on one of your clients and make sure it's pointing to the router and not going directly to one of your LAN servers.
 
I am running dig @192.168.17.1 to test the dns, so it is using the router to get the dns, I reduce to 1 dns server and it is still not using cache. The /tmp/resolv.dnsmasq is empty
 
I am not using dnsfilter and not having dnsserver under LAN-DHCP server nor connect dns server automatically under WAN.

Here is dnsmasq.conf
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
domain=local.org
expand-hosts
dhcp-range=lan,192.168.17.10,192.168.17.99,255.255.255.0,86400s
dhcp-option=lan,3,192.168.17.1
dhcp-option=lan,15,local.org
dhcp-option=lan,252,"\n"
dhcp-authoritative
interface=tun21
interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1
interface=br3
dhcp-range=br3,192.168.103.2,192.168.103.254,255.255.255.0,86400s
dhcp-option=br3,3,192.168.103.1
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp
edns-packet-max=1280
#
#
conf-file=/jffs/configs/dnsmasq.base.txt

and dnsmasq.base.txt
log-queries
log-async=25
local-ttl=15
dhcp-ttl=180
rebind-localhost-ok
rebind-domain-ok=local.org
domain-needed
bogus-priv
server=192.168.17.235#5300
server=192.168.17.240#5300
server=192.168.17.245#5300
server=/local.org/192.168.17.230
server=/local.org/192.168.17.235
server=/local.org/192.168.17.240
rev-server=192.168.17.0/24,192.168.17.230
rev-server=192.168.17.0/24,192.168.17.235
rev-server=192.168.17.0/24,192.168.17.240
server=/in-addr.arpa/1.1.1.3
add-subnet=32
What happens if you ditch the

conf-file=/jffs/configs/dnsmasq.base.txt

and just append the lines using /jffs/configs/dnsmasq.conf.add
 
I am running dig @192.168.17.1 to test the dns, so it is using the router to get the dns, I reduce to 1 dns server and it is still not using cache. The /tmp/resolv.dnsmasq is empty

You have log-queries set in dnsmasq.base.txt so you should be seeing the dig queries in the syslog. Are you?

EDIT: Actually, with log-queries set you should be seeing a complete dump of the cache when you issue the SIGUSR1, not just the summary statistics.
 
Last edited:
-C, --conf-file=<file>Specify a configuration file. The presence of this option stops dnsmasq from reading the default configuration file (normally /etc/dnsmasq.conf). Multiple files may be specified by repeating the option either on the command line or in configuration files. A filename of "-" causes dnsmasq to read configuration from stdin.

No idea what's actually happening, but it's odd that you use a conf-file instead of just appending your conf in dnsmasq.conf.add.
 
-C, --conf-file=<file>Specify a configuration file. The presence of this option stops dnsmasq from reading the default configuration file (normally /etc/dnsmasq.conf). Multiple files may be specified by repeating the option either on the command line or in configuration files. A filename of "-" causes dnsmasq to read configuration from stdin.

No idea what's actually happening, but it's odd that you use a conf-file instead of just appending your conf in dnsmasq.conf.add.
every time --conf-file is specified dnsmasq reads from a new point, but it ditches the previous path eg. /etc/dnsmasq.conf options become null and void.
 
Last edited:
I am running dig @192.168.17.1 to test the dns, so it is using the router to get the dns, I reduce to 1 dns server and it is still not using cache. The /tmp/resolv.dnsmasq is empty
What's the TTL of the responses from dig?
Code:
# dig @192.168.1.1 www.snbforums.com

; <<>> DiG 9.18.1 <<>> @192.168.1.1 www.snbforums.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59573
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.snbforums.com.             IN      A

;; ANSWER SECTION:
www.snbforums.com.      42      IN      A       104.26.9.66
www.snbforums.com.      42      IN      A       104.26.8.66
www.snbforums.com.      42      IN      A       172.67.69.81

;; Query time: 9 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Mon May 30 19:11:33 EDT 2022
;; MSG SIZE  rcvd: 94
 
I found the issues it is nothing to do with multiple config-file. For some reason, the dnsmasq does not use cache after I add the option 'add-subnet=32'. I want this option because I want backend pihole server to record the requester ip instead of router ip.

after I remove this option, cache is working. I am not sure if this is a dnsmasq bug or add-subnet options is not correct.
Thanks for those who give all the recommendation.
 
I found the issues it is nothing to do with multiple config-file. For some reason, the dnsmasq does not use cache after I add the option 'add-subnet=32'. I want this option because I want backend pihole server to record the requester ip instead of router ip.

after I remove this option, cache is working. I am not sure if this is a dnsmasq bug or add-subnet options is not correct.
Thanks for those who give all the recommendation.
--add-subnet[[=[<IPv4 address>/]<IPv4 prefix length>][,[<IPv6 address>/]<IPv6 prefix length>]] Add a subnet address to the DNS queries which are forwarded upstream. If an address is specified in the flag, it will be used, otherwise, the address of the requestor will be used. The amount of the address forwarded depends on the prefix length parameter: 32 (128 for IPv6) forwards the whole address, zero forwards none of it but still marks the request so that no upstream nameserver will add client address information either. The default is zero for both IPv4 and IPv6. Note that upstream nameservers may be configured to return different results based on this information, but the dnsmasq cache does not take account. Caching is therefore disabled for such replies, unless the subnet address being added is constant.
For example, --add-subnet=24,96 will add the /24 and /96 subnets of the requestor for IPv4 and IPv6 requestors, respectively. --add-subnet=1.2.3.4/24 will add 1.2.3.0/24 for IPv4 requestors and ::/0 for IPv6 requestors. --add-subnet=1.2.3.4/24,1.2.3.4/24 will add 1.2.3.0/24 for both IPv4 and IPv6 requestors.
 
I read the dnsmasq about this option, it said

" Note that upstream nameservers may be configured to return different results based on this information, but the dnsmasq cache does not take account. Caching is therefore disabled for such replies, unless the subnet address being added is constant."

how do I specify this option to have subnet address constant?
 
I read the dnsmasq about this option, it said

" Note that upstream nameservers may be configured to return different results based on this information, but the dnsmasq cache does not take account. Caching is therefore disabled for such replies, unless the subnet address being added is constant."

how do I specify this option to have subnet address constant?
it really shouldn't matter since you also are using the cache of pihole in this case. I would disregard not being able to use the routers cache for these lookups then. Pihole has massive cache that should be turning out your responses quick enough if they are being done over the same network. It is actually rather brilliant they disable the routers cache in this instance. it prevents a conflict with piholes cache on these client name lookups.
 
how do I specify this option to have subnet address constant?
"Constant" would be something like add-subnet=192.168.1.0/24 which probably isn't helpful to your PiHole.

But as noted above, the consensus in these forums in the past is that it's best to disable dnsmasq's cache when forwarding to another local caching DNS server.
 
I read the dnsmasq about this option, it said

" Note that upstream nameservers may be configured to return different results based on this information, but the dnsmasq cache does not take account. Caching is therefore disabled for such replies, unless the subnet address being added is constant."

how do I specify this option to have subnet address constant?
For my pihole, I use

Code:
add-subnet=32,128 #128 is only needed if you have ipv6 enabled.
add-mac

on my router.

Everything works smoothly.
These allow your pihole to separately identify client traffic when forwarding request to pihole from your routers dnsmasq instance. Other wise your pihole would only see request as coming from the "router" himself void of any knowledge of what client made the request.

in this instance, there is no need to worry about the routers cache since all request are made to a local dns server as @ColinTaylor pointed out . If the routers cache were allowed in the mix, you would have all kinds of potential issues from client identification on your pihole to stale cache responses.
 
For my pihole, I use

Code:
add-subnet=32,128 #128 is only needed if you have ipv6 enabled.
add-mac

on my router.

Everything works smoothly.
These allow your pihole to separately identify client traffic when forwarding request to pihole from your routers dnsmasq instance. Other wise your pihole would only see request as coming from the "router" himself void of any knowledge of what client made the request.

in this instance, there is no need to worry about the routers cache since all request are made to a local dns server as @ColinTaylor pointed out . If the routers cache were allowed in the mix, you would have all kinds of potential issues from client identification on your pihole to stale cache responses.
Thanks, I will take your advice and use pihole cache.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top