Thanks Eric,

Dnsmasq has public ip, allow list limits what can access it. But after reading 
up on Unbound today it might be a better option. 

We don't use DHCP for any of the connections, either subnet allocated or 
PPP/VPDN/L2TP connection.

Getting about a 90% hit rate on cache over last couple of weeks with a partial 
rollout so it is definitely helping,  I noticed Unbound can do a lookup for 
expiring cache entries so they are always fresh, will definitely try it out, 
bandwidth and processing power not really an issue.

Thanks to all for the input.

-----Original Message-----
From: Dnsmasq-discuss [] 
On Behalf Of Eric Luehrsen
Sent: Tuesday, 11 April 2017 12:26 PM
Subject: Re: [Dnsmasq-discuss] FW: Cachesize

Hi Nathan,

Just thinking out loud:

 > There is only about 1000 endpoints of various types, from residential to 
 > business.

Having worked with Unbound and dnsmasq, I would say the proverb "right tool for 
the right job applies." I would guess not all 1000 endpoints are on one subnet, 
maybe half-dozen, correct? If you had dnsmasq running an instance for each 
subnet, then that might be a bit more reasonable. 
If you want just one VM and one server, then I might suggest Unbound. 
Its as easy to configure, and you can just recurse the global Internet instead 
of forward (or forward or both or whatever). If you don't DHCP-DNS in one, then 
Unbound is going to work for you.

 > It only came about because I noticed the quantity of traffic to other 
 > resolvers was a lot more than I expected and I guessed caching would improve 
 > the experience for the end users.

That depends on a lot of things. Statistics would need to be collected to be 
sure. Compare common cache queries that expire versus unique queries. If your 
cache pushes "" out, then that may be a problem. If its all the click 
bait on news sites creating unique DNS lookups to a rotating army of ad-sites, 
then there isn't much to do.

 > The only things I use are setting minimum cache ttl to 30 mins...

That is pushing the edge for certain cases. Server rotation may make some 
clients connectivity go dead for that 30 mins. Small business customers with 
small business web-site/email providers can suffer worse when small business 
server farm providers make things "difficult."

Hope it helps.

Dnsmasq-discuss mailing list

Dnsmasq-discuss mailing list

Reply via email to