For further digging (I tested on recent KONG builds): On command line you can send the SIGUSR1 command to the PID of dnsmasq. So you get information about the stats of dnsmasq in the syslog:
Code:
kill -s USR1 $(pidof dnsmasq)
In my setup the result is like:
Aug 15 10:14:05 R6300v2 daemon.info dnsmasq[1848]: time 399136
Aug 15 10:14:05 R6300v2 daemon.info dnsmasq[1848]: cache size 1500, 0/126270 cache insertions re-used unexpired cache entries.
Aug 15 10:14:05 R6300v2 daemon.info dnsmasq[1848]: queries forwarded 38955, queries answered locally 16520
Aug 15 10:14:05 R6300v2 daemon.info dnsmasq[1848]: DNSSEC memory in use 26224, max 36388, allocated 149996
Aug 15 10:14:05 R6300v2 daemon.info dnsmasq[1848]: server 127.0.0.4#30: queries sent 39523, retried or failed 0
Aug 15 10:14:05 R6300v2 daemon.info dnsmasq[1848]: server 127.0.0.3#30: queries sent 38975, retried or failed 0
Aug 15 10:14:05 R6300v2 daemon.info dnsmasq[1848]: server 127.0.0.2#30: queries sent 40607, retried or failed 0
Aug 15 10:14:05 R6300v2 daemon.info dnsmasq[1848]: server 127.0.0.1#30: queries sent 39042, retried or failed 122
The second and third line gives the cache stats. The rest is due to dnscrypt with DNSSEC.
The responding server IP in your setup is 192.168.1.254: is this really the router running DD-WRT with dnsmasq?
Yes, it is 192.168.1.254
Quote:
On command line you can send the SIGUSR1 command to the PID of dnsmasq. So you get information about the stats of dnsmasq in the syslog
I executed the command and my results:
Code:
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: time 44885
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: cache size 10000, 0/1077 cache insertions re-used unexpired cache entries.
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: DNSSEC memory in use 4312, max 5456, allocated 999988
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 203.12.160.36#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 203.12.160.35#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 101.98.11.156#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 54.79.3.18#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 8.8.4.4#53: queries sent 46, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 8.8.8.8#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 127.0.0.1#30: queries sent 438, retried or failed 1
What is odd is that a number of DNS servers are listed, which I haven't used for a long time. I tried disabling dnsmasq, then restarting the router and re-enabling dnsmasq. The results list the same DNS servers.
So would these results be hampering performance?
Where are the legacy DNS server IPs stored? Can they be removed? If so, how?
Or is this simply a red herring and something else is to blame?
Joined: 03 Jan 2017 Posts: 49 Location: Lindau, Germany
Posted: Tue Aug 15, 2017 12:00 Post subject:
pleiades wrote:
Hi r6300v2usr,
I executed the command and my results:
Code:
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: time 44885
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: cache size 10000, 0/1077 cache insertions re-used unexpired cache entries.
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: DNSSEC memory in use 4312, max 5456, allocated 999988
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 203.12.160.36#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 203.12.160.35#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 101.98.11.156#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 54.79.3.18#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 8.8.4.4#53: queries sent 46, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 8.8.8.8#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 127.0.0.1#30: queries sent 438, retried or failed 1
What is odd is that a number of DNS servers are listed, which I haven't used for a long time. I tried disabling dnsmasq, then restarting the router and re-enabling dnsmasq. The results list the same DNS servers.
Besides the used DNS server:
I'm wondering about the DNSSEC memory used. As DNSSEC is enabled, are you sure that all used nameserves support DNSSEC? I would disable DNSSEC until everything is fixed.
Are you using dnscrypt as well (server 127.0.0.1 on port 30 indicates this)? As for DNSSEC: Disable it until everything works as expected. Especially together with DNSSEC.
Remark: I would not change the cache-size of dnsmasq: 1500 (default for DD-WRT) is for most cases sufficent. Except you find it is not, then change it. You see it in the log report. The other parameters you are using: First get a working dnsmasq configuration, then try to optimize. Not to forget to verify. Default behavior of DD-WRT and dnsmasq works well for most cases.
Quote:
So would these results be hampering performance?
Maybe
Quote:
Where are the legacy DNS server IPs stored? Can they be removed? If so, how?
Before you try to fix this issue:
If you've been playing for a log time with different settings or have done several major firmware updates recently then you should erase NVRAM and restore the settings manually by entering each field in the browser again. Be careful with caching (e.g. chrome).
As you said you haven't used some of the servers for a long time: I can only suggest to clear NVRAM and make a clean manual setup. It takes 15 to 30 minutes and normally you are rid of odd behaviors.
Further possibilities if you want to dig deep into dnsmasq:
As far as I know (from my setup) there are a few sources where these entries may come from: DHCP or defined in GUI (Setup/Basic Setup). The static DNS IPs are stored in NVRAM. dnsmasq itself reads (at least what I know) two files: /tmp/resolv.conf and /tmp/resolv.dnsmasq for nameserver definition. The content of these files is from GUI, DHCP or other sources and read by dnsmasq. I've forgotten the details.
To be sure not to accidentally use other servers:
The parameter "no-resolv" prevents dnsmasq from using other sources as command line and server statement in config file. If using this you have to specify the dns server in the "Additional dnsmasq options", e.g. server=8.8.8.8. Otherwise you have no DNS server.
I always turn DNSmasq off. With it on, I get too many errors in SysLog, some of which have caused me to need to reboot the router in the past. Rather than trying to figure out the problem, I just turn it off. I don't need 2ms response times for my browser to resolve a website IP. So for me, ignorance is bliss.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Wed Aug 16, 2017 7:19 Post subject:
hmm recently on Kong builds DNSMasq was left the default and only DNS manager....i do not know what is the situation with BS builds..
also just noticed are on Netgear D7000 router/modem combo?
this is not listed on DD WRT supported devices... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913