DNSMasq not caching?

[sbsnb]

I am using DNSCrypt on my RT-AC88U running 384.8_2, but I'm having an issue where sometimes while browsing a site I get a DNS error. If I load www.foo.com/bar.html and click a link to www.foo.com/bar2.html two minutes later, shouldn't dnsmasq return the cached info rather than sending a new query? That's not happening.

 

[ColinTaylor]

If I load www.foo.com/bar.html and click a link to www.foo.com/bar2.html two minutes later, shouldn't dnsmasq return the cached info rather than sending a new query?

Not necessarily. Depends on how much of the TTL remained when you did the first query. But regardless, that's a pretty fundamental part of what dnsmasq does so I doubt it's that aspect of dnsmasq that's at fault here.

 

[Vorlonsmoke]

I am using DNSCrypt on my RT-AC88U running 384.8_2, but I'm having an issue where sometimes while browsing a site I get a DNS error. If I load www.foo.com/bar.html and click a link to www.foo.com/bar2.html two minutes later, shouldn't dnsmasq return the cached info rather than sending a new query? That's not happening.

What do you have configured for TTL?

e.g.

cache = true
cache_size = 512
cache_min_ttl = 600
cache_max_ttl = 86400
cache_neg_ttl = 60

And what do you mean by DNS error. Or did you mean you had an expectation for a cache hit to occur given your particular configuration?


Sent from my SM-G935F using Tapatalk

 

[sbsnb]

dnsmasq is completely default other than:

no-resolv
server=127.0.0.1#65053

in /jffs/configs/dnsmasq.conf.add

I mean I'll follow a link to another page, or even hit the back button and it pauses for a while and then Firefox throws an error that the site www.foo.com can't be found.

 

[Vorlonsmoke]

dnsmasq is completely default other than:

no-resolv
server=127.0.0.1#65053

in /jffs/configs/dnsmasq.conf.add

I mean I'll follow a link to another page, or even hit the back button and it pauses for a while and then Firefox throws an error that the site www.foo.com can't be found.

Are you using dnmasq caching, dnscrypt-proxy caching, or both (should avoid doing this)?

If dnsmasq, what's in your dnsmasq config (located in /tmp/etc/dnsmasq.conf) for cache-size and min-cache-ttl?

If there is no minimum TTL configured on your router, then the TTL as returned by the upstream DNS Server is *ALWAYS* used.

Use the 'dig' command and it will tell you the actual TTL for www.foo.com.

You can install 'dig' on your router using,
> opkg install bind-dig


Sent from my SM-G935F using Tapatalk

 

[sbsnb]

dnsmasq has nothing configured for TTL, so I guess it's getting that from dnscrypt, which are defaults. I did notice that the dnscrypt query timeout was set to 2500 ms, which is a little fast. I tried it at 5000 and restarted dnscrypt-proxy. I'll see if that helps or hinders.

 

[john9527]

You can dump the dnsmasq stats to the syslog with the following command
/usr/bin/killall -s USR1 dnsmasq

Here's an example output from my system

Jan 12 06:04:18 dnsmasq[24727]: time 226366
Jan 12 06:04:18 dnsmasq[24727]: cache size 1500, 0/12720 cache insertions re-used unexpired cache entries.
Jan 12 06:04:18 dnsmasq[24727]: queries forwarded 9544, queries answered locally 4437
Jan 12 06:04:18 dnsmasq[24727]: server 127.0.0.1#5453: queries sent 7921, retried or failed 38
Jan 12 06:04:18 dnsmasq[24727]: server ::1#5453: queries sent 3339, retried or failed 19

 

[sbsnb]

Thanks. I get:

Jan 12 07:34:20 dnsmasq[12957]: time 2422162
Jan 12 07:34:20 dnsmasq[12957]: cache size 1500, 8/874057 cache insertions re-used unexpired cache entries.
Jan 12 07:34:20 dnsmasq[12957]: queries forwarded 617189, queries answered locally 127478
Jan 12 07:34:20 dnsmasq[12957]: server 185.121.177.177#53: queries sent 189, retried or failed 0
Jan 12 07:34:20 dnsmasq[12957]: server 127.0.0.1#65053: queries sent 617203, retried or failed 4729

I guess I'll see if opening the query timeout a little helps. "server 185.121.177.177" is just so my NTP can function before dnscrypt-proxy is up.

 

[EmeraldDeer]

I substantially reduced the load on my forwarded DNS servers by enabling negative cache. By default, negative cache is disabled. I had noticed a lot of useless traffic like reverse lookups of multicast IP addresses.

# cat /jffs/scripts/dnsmasq.postconf
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_delete "no-negcache" $CONFIG
pc_append "neg-ttl=3600" $CONFIG
. /opt/share/diversion/file/post-conf.div # Added by Diversion

Afterwards, the ratio of forwarded to cached queries is 1 to 2.
I am not sure whether this still happens, but if TTL is not set in a DNS SOA record, then no caching will happen. In this case, I set it to an hour.

 

[sbsnb]

Thanks. I'll give that a whirl. I also bumped cache-size to 2000 on account of the small number of cache entries being booted out of the cache before their TTL. I also disabled the cache in dnscrypt-proxy to let dnsmasq do its thing more effectively and without interference.

 

[sbsnb]

So after a couple of weeks with the new settings:

Jan 27 06:35:11 dnsmasq[2780]: time 3714609
Jan 27 06:35:11 dnsmasq[2780]: cache size 2000, 0/729432 cache insertions re-used unexpired cache entries.
Jan 27 06:35:11 dnsmasq[2780]: queries forwarded 244227, queries answered locally 515114
Jan 27 06:35:11 dnsmasq[2780]: server 185.121.177.177#53: queries sent 181, retried or failed 0
Jan 27 06:35:11 dnsmasq[2780]: server 127.0.0.1#65053: queries sent 244237, retried or failed 3706

Things are much improved. No more failure to load sites, and a 68% rate for answering from local cache ain't bad.