1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

DNSMasq not caching?

Discussion in 'Asuswrt-Merlin' started by sbsnb, Jan 11, 2019.

  1. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    195
    I am using DNSCrypt on my RT-AC88U running 384.8_2, but I'm having an issue where sometimes while browsing a site I get a DNS error. If I load www.foo.com/bar.html and click a link to www.foo.com/bar2.html two minutes later, shouldn't dnsmasq return the cached info rather than sending a new query? That's not happening.
     
    CrystalLattice likes this.
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,578
    Location:
    UK
    Not necessarily. Depends on how much of the TTL remained when you did the first query. But regardless, that's a pretty fundamental part of what dnsmasq does so I doubt it's that aspect of dnsmasq that's at fault here.
     
  3. Vorlonsmoke

    Vorlonsmoke New Around Here

    Joined:
    Jul 13, 2018
    Messages:
    8
    What do you have configured for TTL?

    e.g.

    cache = true
    cache_size = 512
    cache_min_ttl = 600
    cache_max_ttl = 86400
    cache_neg_ttl = 60

    And what do you mean by DNS error. Or did you mean you had an expectation for a cache hit to occur given your particular configuration?


    Sent from my SM-G935F using Tapatalk
     
  4. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    195
    dnsmasq is completely default other than:

    no-resolv
    server=127.0.0.1#65053


    in /jffs/configs/dnsmasq.conf.add

    I mean I'll follow a link to another page, or even hit the back button and it pauses for a while and then Firefox throws an error that the site www.foo.com can't be found.
     
  5. Vorlonsmoke

    Vorlonsmoke New Around Here

    Joined:
    Jul 13, 2018
    Messages:
    8
    Are you using dnmasq caching, dnscrypt-proxy caching, or both (should avoid doing this)?

    If dnsmasq, what's in your dnsmasq config (located in /tmp/etc/dnsmasq.conf) for cache-size and min-cache-ttl?

    If there is no minimum TTL configured on your router, then the TTL as returned by the upstream DNS Server is *ALWAYS* used.

    Use the 'dig' command and it will tell you the actual TTL for www.foo.com.

    You can install 'dig' on your router using,
    > opkg install bind-dig


    Sent from my SM-G935F using Tapatalk
     
    Last edited: Jan 12, 2019
  6. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    195
    dnsmasq has nothing configured for TTL, so I guess it's getting that from dnscrypt, which are defaults. I did notice that the dnscrypt query timeout was set to 2500 ms, which is a little fast. I tried it at 5000 and restarted dnscrypt-proxy. I'll see if that helps or hinders.
     
  7. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,096
    Location:
    United States
    You can dump the dnsmasq stats to the syslog with the following command
    /usr/bin/killall -s USR1 dnsmasq

    Here's an example output from my system
    Code:
    Jan 12 06:04:18 dnsmasq[24727]: time 226366
    Jan 12 06:04:18 dnsmasq[24727]: cache size 1500, 0/12720 cache insertions re-used unexpired cache entries.
    Jan 12 06:04:18 dnsmasq[24727]: queries forwarded 9544, queries answered locally 4437
    Jan 12 06:04:18 dnsmasq[24727]: server 127.0.0.1#5453: queries sent 7921, retried or failed 38
    Jan 12 06:04:18 dnsmasq[24727]: server ::1#5453: queries sent 3339, retried or failed 19
     
  8. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    195
    Thanks. I get:
    Code:
    Jan 12 07:34:20 dnsmasq[12957]: time 2422162
    Jan 12 07:34:20 dnsmasq[12957]: cache size 1500, 8/874057 cache insertions re-used unexpired cache entries.
    Jan 12 07:34:20 dnsmasq[12957]: queries forwarded 617189, queries answered locally 127478
    Jan 12 07:34:20 dnsmasq[12957]: server 185.121.177.177#53: queries sent 189, retried or failed 0
    Jan 12 07:34:20 dnsmasq[12957]: server 127.0.0.1#65053: queries sent 617203, retried or failed 4729
    I guess I'll see if opening the query timeout a little helps. "server 185.121.177.177" is just so my NTP can function before dnscrypt-proxy is up.
     
  9. EmeraldDeer

    EmeraldDeer Senior Member

    Joined:
    Dec 22, 2017
    Messages:
    498
    Location:
    Massachusetts
    I substantially reduced the load on my forwarded DNS servers by enabling negative cache. By default, negative cache is disabled. I had noticed a lot of useless traffic like reverse lookups of multicast IP addresses.
    Code:
    # cat /jffs/scripts/dnsmasq.postconf
    #!/bin/sh
    CONFIG=$1
    source /usr/sbin/helper.sh
    pc_delete "no-negcache" $CONFIG
    pc_append "neg-ttl=3600" $CONFIG
    . /opt/share/diversion/file/post-conf.div # Added by Diversion
    
    Afterwards, the ratio of forwarded to cached queries is 1 to 2.
    I am not sure whether this still happens, but if TTL is not set in a DNS SOA record, then no caching will happen. In this case, I set it to an hour.
     
    Vorlonsmoke likes this.
  10. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    195
    Thanks. I'll give that a whirl. I also bumped cache-size to 2000 on account of the small number of cache entries being booted out of the cache before their TTL. I also disabled the cache in dnscrypt-proxy to let dnsmasq do its thing more effectively and without interference.
     
  11. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    195
    So after a couple of weeks with the new settings:

    Code:
    Jan 27 06:35:11 dnsmasq[2780]: time 3714609
    Jan 27 06:35:11 dnsmasq[2780]: cache size 2000, 0/729432 cache insertions re-used unexpired cache entries.
    Jan 27 06:35:11 dnsmasq[2780]: queries forwarded 244227, queries answered locally 515114
    Jan 27 06:35:11 dnsmasq[2780]: server 185.121.177.177#53: queries sent 181, retried or failed 0
    Jan 27 06:35:11 dnsmasq[2780]: server 127.0.0.1#65053: queries sent 244237, retried or failed 3706
    Things are much improved. No more failure to load sites, and a 68% rate for answering from local cache ain't bad.
     
    EmeraldDeer likes this.