[Dnsmasq-discuss] Many immortals slow down dnsmasq. Bug or expected ?
Followin scenario: dnsmasq runs on embedded system; many (250,000) entries like "address=/abcd/0.0.0.0/" in dnsmasq.conf Caches in dnsmasq and browser empty. Now, when browsing to a page with many links to other sites, page load takes more than 10sec. Clearing browser cache, and reloading the same page, is much faster. Using dig on the system, running dnsmasq, I see, that first name resolution takes about 400ms. Second try takes 0ms. Cache-size set to default or 10,000 makes no difference. cache-size=0 makes dnsmasq unbearable slow, looks like looping somewhere. Dropping the 250,000 "address=xxx" from dnsmasq.conf, shows fast name resolution (about 25ms) for first try. In principal, I see same effects on my faster x86-based system. My conclusions: Time for cache lookup is not influenced by number of IMMORTALs. But creating a new entry in cache is badly effected by IMMORTALs. As creating a new entry assumes checking first, whether same entry exists as IMMORTAL already, which is very like a (fast) cache-lookup, this *should* not have a noticable negative effect. Which points to a "very slow" insertion of a new entry into hash table. So, are my observations because of a bug or to be expected ? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] DNSMasq forwarding timeout
I have dnsmasq (optware) installed on an ARM based NAS (LinkStation) and DHCP/TFTP are seemingly fine, DNS is failing only on forwarding regardless how I go about configuring and testing (resolv.conf, server=ip, etc.) /var/log/messages shows just the query being run three times on the four servers entered and quits. strace... same thing: gettimeofday({1443934488, 192360}, NULL) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2294, ...}) = 0 write(11, "<134>Oct 4 00:54:48 dnsmasq[457"..., 72) = 72 sendto(12, "[R\1\0\0\1\0\0\0\0\0\0\6google\3com\0\0\1\0\1", 28, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, 16) = 28 write(2, "dnsmasq: ", 9dnsmasq: )= 9 write(2, "forwarded google.com to 8.8.8.8", 31forwarded google.com to 8.8.8.8) = 31 write(2, "\n", 1 ) Testing both locally and remotely: * nslookup works as expected using resolv.conf (direct network) * nslookup works as expected using dnsmasq with local addresses in dnsmasq.conf * nslookup works as expected using dnsmasq with local addresses in /etc/hosts * nslookup times out using dnsmasq->resolv.conf for upstream * There are no firewalls installed (yet) * SELinux does not apply to this device * Device IP is static (10.0.0.254), no other DNS/DHCP servers running on the 10 network * Default route is in place and otherwise seems to be correct ( 10.0.0.0/255.0.0.0 -> 10.0.0.1 router) * trace/ping to the listed name servers is fine Thoughts/ideas appreciated! ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Many immortals slow down dnsmasq. Bug or expected ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 address=/abcd/0.0.0.0/ does NOT use the cache code. There's an implied wildcard in the domain name, it matches *.abcd. The matching for this is a relatively slow, linear, search. It is certainly not suitable for 25 names! If you don't need the wildcard matching, then using host-record=abcd,0.0.0.0 instead will make real cache entries, which are efficently searched. That will be much, much faster. Cheers, Simon. On 03/10/15 11:20, reiner otto wrote: > Followin scenario: dnsmasq runs on embedded system; many (250,000) > entries like "address=/abcd/0.0.0.0/" in dnsmasq.conf Caches in > dnsmasq and browser empty. Now, when browsing to a page with many > links to other sites, page load takes more than 10sec. Clearing > browser cache, and reloading the same page, is much faster. > > Using dig on the system, running dnsmasq, I see, that first name > resolution takes about 400ms. Second try takes 0ms. > > Cache-size set to default or 10,000 makes no difference. > cache-size=0 makes dnsmasq unbearable slow, looks like looping > somewhere. > > Dropping the 250,000 "address=xxx" from dnsmasq.conf, shows fast > name resolution (about 25ms) for first try. > > In principal, I see same effects on my faster x86-based system. > > > My conclusions: Time for cache lookup is not influenced by number > of IMMORTALs. But creating a new entry in cache is badly effected > by IMMORTALs. > > As creating a new entry assumes checking first, whether same entry > exists as IMMORTAL already, which is very like a (fast) > cache-lookup, this *should* not have a noticable negative effect. > Which points to a "very slow" insertion of a new entry into hash > table. > > So, are my observations because of a bug or to be expected ? > > > > > ___ Dnsmasq-discuss > mailing list Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJWEFijAAoJEBXN2mrhkTWiUhEP+QFFn/K/pwkEP0jPBkIB6AwB ZKzYyvAdltdykt0qyZvILCf8XUydGz4Fi9z+wtdZgCfDkF4QLalQM6PrO7upqxBw /PHCv91CGoY7wo2vdnh7YHo8D7pgbZJsAUp7HNsV0cEpi3w5kSm4zrMTVXxi7zLY +bRmmY1n03bux9ufkfXz80oUyaSVdYbDYP7tafgZZGqnCNovqVA1M9rfJym/p5TW 6B8B3XCKc2LzEuv+zafMiacwTpxgHRruIebDjQS06jOBBpTAU1xVjD0lNG28qK8H RKG/49R8n93Uyy6B97Wo/g4EtkvLdXbmkW8zuG9+mLEZ/qVlBg0PgF1m9DPd+W3w V0rV3d0UwNh8ztGoUE4HOQ4O13TlrO1wY69NffO1XE+S4kaTRO4j8z3qW9XK6wrh pdzkmLQ+XXMi8+EUzNo9cSpQ/eFIzXoPFixLcvli4D+mqpVScBhUmU7vO6PyXDEO fr6UHmkEGYcdz7zH7UrUHa61Yz+UuX7Sq33HprNMJacU1PAOjqDIR5I98bjmPGuV p4uRsDIhLfW7mzTn/WdJKiQMBXOhqRcErAv3+g68YdtgiUV7vqP2naMRIJjpjI6r DvnlXRjRX2J2WD7g7zd2WduQvvuw6gu8HmlsJoxoZK9xmmPk6ZO0rHlSm2NefeL4 uYtQRpW0aHr2v5KkGBvY =Fy+4 -END PGP SIGNATURE- ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSSEC: Answer for local hosts with AD flag set?
> Unbound is only a resolver. You're right. Since I have no hands-on experience with Unbound the name might have misled me into assuming it were usable as a full-blown DNS server. > To replace dhcp and dns on lan, you might need a dhcp+bind with split mode. It looks like that -- and even less of a chance for AVM making the move. Thanks! Ernst -- Ernst Ahlers, Redakteur/Editor PGP-Key-ID: 0x265E 3662, plain text preferred c't - Magazin für Computertechnik www.ct.de Karl-Wiechert-Allee 10 D-30625 Hannover, Germany Phone +49 (0)511 5352 300 Fax +49 (0)511 5352 417 Heise Medien GmbH & Co. KG Registergericht: Amtsgericht Hannover HRA 26709 Persönlich haftende Gesellschafterin: Heise Medien Geschäftsführung GmbH Registergericht: Amtsgericht Hannover, HRB 60405 Geschäftsführer: Ansgar Heise, Dr. Alfons Schräder Katze 5e signature.asc Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSSEC: Answer for local hosts with AD flag set?
Le vendredi 2 octobre 2015, 19:34:30 Ernst Ahlers a écrit : > Thanks for chiming in Stephane, > > > Allowing dnsmasq to sign (or give a proof of authenticity) would solve > > this > > problem, yet I am sure it is not easy. > > AFAIK there's no provision yet in dnsmasq for keeping signed domains. > After all it was never intended to be a fully fledged DNS server. > > So the only viable option I see now would be switching to Unbound -- > which AVM is unlikely to do IMHO. > > Have a nice weekend all around! > > Ernst Unbound is only a resolver. To replace dhcp and dns on lan, you might need a dhcp+bind with split mode. Bind would then allow you also to resolve (as it's the all-in-one dns). -- The file signature.asc is not attached to be read by you. It's a digital signature by GPG. If you want to know why I use it, and why you should as well, you can read my article there: http://www.22decembre.eu/2015/03/21/introduction-en/ signature.asc Description: This is a digitally signed message part. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss