RT-AC86U poor DNS response times

[kfp]

Not QoS for snmp traffic over to the collector - more task priority for the snmp agent on the device (in this case, the Asus router) - and depending on the log mask there, can be some latency... not everything runs in real-time on embedded Linux, important tasks do, SNMP and Syslog are not important.

One has to look at trends over time...

Ah take scheduling, got it. Are the DNS queries initiated by SNMP though? If not I still don’t see DNS response ms being impacted.

 

[Adrian Knight]

Thanks for the input.

We are experiencing a pause going between websites which is why I started monitoring the router, also mobile devices which check quality of the connection are saying it slow, when in reality the connection is not slow. The router is new (moved from AC68U) and was factory reset after the last firmware update.

AiProt disabled, QOS disabled, PC disabled, TA disabled, samba disabled, ftp disabled, IPv6 disabled, cannot think of anything else which could cause it.

nothing suspicious in top

 

[ColinTaylor]

@Adrian Knight Can you just confirm your WAN DNS settings on the router. I'm assuming they're set to "Connect to DNS Server automatically". Perhaps set it manually to 8.8.8.8 and see if there's a difference.

@kfp @sfx2000 PRTG's DNS sensor doesn't use SNMP, it directly queries the DNS server.

 

[sfx2000]

PRTG's DNS sensor doesn't use SNMP, it directly queries the DNS server.

That's correct, it's been a while since I've looked at PRTG - that being said, it's measuring the DNS response time via the host machine, and not the router's resolver...

 

[Adrian Knight]

@Adrian Knight Can you just confirm your WAN DNS settings on the router. I'm assuming they're set to "Connect to DNS Server automatically". Perhaps set it manually to 8.8.8.8 and see if there's a difference.

Yes it's set to auto and I have checked /etc/resolv.conf and /tmp/resolv.dnsmasq to confirm all is correct, I have tried changing them to the google dns and also open dns, but the response times are still slow.

I am now wondering if it could be because of the DHCP static list, because I noticed the entries in /etc/dnsmasq.conf and we have a very long list of static addresses.

Checking the DNS history for the router DNS, the max response time is now 501ms, would it be worth thinking about renicing?

 

[ColinTaylor]

The number of entries in the DHCP static list shouldn't cause a problem in terms of performance. People are running ad-blockers with hosts files with over 10,000 entries without any slowdowns. However there might be some rouge value somewhere that's messing things up. You could try temporarily turning off the static list and testing it again. Are you doing anything unusual with the local domain name?

If that doesn't help you could post the contents of /etc/dnsmasq.conf for us to look at. We might be able to spot something. Or perhaps try Merlin's firmware instead of stock.

 

[Adrian Knight]

I know it shouldn't but I am clutching at straws now I do not do anything none standard with the local domain name.

I have triple checked /etc/dnsmasq.conf and everything looks good.

I would love to use Merlin's firmware but I need AiMess capability

 

[ColinTaylor]

I'm assuming that you do have a local domain name set and you haven't left it blank?

What domain name is your PRTG sensor querying? Try changing it to query a host defined on your local network. That way you can see if the problem only occurs when the query is forwarded to upstream DNS servers.

 

[Adrian Knight]

Yes the domain name is blank.

The monitor is not querying a domain, but the IP address of the router and you can see the result of the query not via the router forward in the screenshot, the 4 DNS groups below the Gateway/DHCP: RT-AC86U-7C80 group.

 

[kfp]

Yes the domain name is blank.

Try setting something there and see if it helps. There is a bug how Asuswrt is starting dnsmasq when local domain is blank.

Merlin fork fixed this just recently https://github.com/RMerl/asuswrt-merlin.ng/commit/350dc54abe53f4f4a7de00566060c3a0b02604da

Though I’m not 100% if this is the cause.

 

[Adrian Knight]

@krp maybe a stupid question but where do I set the domain name on the router and would localdomain.com be ok as we do not have a domain.

looking in /etc/dnsmasq.conf the domain= entry is set to the name of the router, is that normal if the domain is empty?

 

[kfp]

@krp maybe a stupid question but where do I set the domain name on the router and would localdomain.com be ok as we do not have a domain.

looking in /etc/dnsmasq.conf the domain= entry is set to the name of the router, is that normal if the domain is empty?

Ah never mind me, what I posted is Merlin specific, my bad. @ColinTaylor was probably going from another angle.

And regarding domain=, that’s normal.
This is wrong.

 

[ColinTaylor]

@krp maybe a stupid question but where do I set the domain name on the router and would localdomain.com be ok as we do not have a domain.

LAN > DHCP Server > Domain Name

Try to avoid using common/reserved names like localhost or localdomain. Try something like "home.lan" or "fredrick.lan".

EDIT: Remember to reboot your clients after you change the domain name so that they pick up the change.

looking in /etc/dnsmasq.conf the domain= entry is set to the name of the router, is that normal if the domain is empty?

No, that's not normal. Unless it's something to do with AiMesh.

 

[ColinTaylor]

And regarding domain=, that’s normal.

Must be a difference between John's firmware and stock/Asus.

 

[Adrian Knight]

Have not set the domain name at the moment, but I have removed the domain= from /etc/dnsmasq.conf and restarted dnsmasq and the response time is now 4ms, will monitor over a period of time.

Then need to try and work out what sets this.

Thanks to ALL for your input.

 

[kfp]

Must be a difference between John's firmware and stock/Asus.

I didn’t check with my devices, just quickly glossed over the code on Github.

My mind was still on that commit I linked to (fixes local=<empty>) so I thought if domain= has a value it must be good.

Anyways, there seems to be only two pages that changes that value Advanced_DHCP_Content.asp and Advanced_MultiSubnet_Content.asp. Not sure why that second page is there but it is. But it might also be AiMess like you said.

 

[kfp]

Have not set the domain name at the moment, but I have removed the domain= from /etc/dnsmasq.conf and restarted dnsmasq and the response time is now 4ms, will monitor over a period of time.

Then need to try and work out what sets this.

Thanks to ALL for your input.

You can probably just manually set lan_domain to nothing in nvram then that should fix it permanently.

 

[Adrian Knight]

You can probably just manually set lan_domain to nothing in nvram then that should fix it permanently.

It already is:-

nvram show|grep domain

ipv61_get_domain=
ipv6_get_domain=
lan1_domain=
lan_domain=
local_domain=router.asus.com

 

[kfp]

Hm.. I wonder how that got there then :/

 

[Adrian Knight]

I done a reboot and checked, it's back in /etc/dnsmasq.conf, so I have had to disable reboot schedule for the moment.