DD-WRT :: View topic - Testing dnsmasq performance

Testing dnsmasq performance

DD-WRT Forum Index -> Broadcom SoC based Hardware

View previous topic :: View next topic

Author

Message

pleiades
DD-WRT Novice

Joined: 14 Aug 2017
Posts: 3

Posted: Mon Aug 14, 2017 8:51 Post subject: Testing dnsmasq performance

Hi All,

I've enabled dnsmasq with the following additional options:

Code:

domain-needed
cache-size=10000
dns-forward-max=100
expand-hosts
bogus-priv

However, I'd like to know if the DNS cache performance is typical, or if could it be improved.

Initial DNS query

Code:

dig guardian.com

; <<>> DiG 9.8.3-P1 <<>> guardian.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30994
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;guardian.com. IN A

;; ANSWER SECTION:
guardian.com. 7200 IN A 199.96.13.22

;; Query time: 52 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon Aug 14 18:43:20 2017
;; MSG SIZE rcvd: 46

Subsequent DNS query

Code:

dig guardian.com

; <<>> DiG 9.8.3-P1 <<>> guardian.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44872
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;guardian.com. IN A

;; ANSWER SECTION:
guardian.com. 7198 IN A 199.96.13.22

;; Query time: 31 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon Aug 14 18:43:21 2017
;; MSG SIZE rcvd: 46

Cached results are never much better than about 30ms on the LAN. Any tips or suggestions would be appreciated.

Thanks.

===

DD-WRT: Netgear D7000

Sponsor

r6300v2usr
DD-WRT Novice

Joined: 03 Jan 2017
Posts: 49
Location: Lindau, Germany

Posted: Tue Aug 15, 2017 8:26 Post subject: Re: Testing dnsmasq performance

The responding server IP in your setup is 192.168.1.254: is this really the router running DD-WRT with dnsmasq?

My results of the same domain (with R6300v2 on KONG build 33010), tested with a Linux client PC:

Code:

dig guardian.com

; <<>> DiG 9.9.9-P1 <<>> guardian.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32967
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1252
;; QUESTION SECTION:
;guardian.com. IN A

;; ANSWER SECTION:
guardian.com. 7200 IN A 199.96.13.22

;; Query time: 58 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Aug 15 10:03:51 CEST 2017
;; MSG SIZE rcvd: 57

The subsecent call:

Code:

dig guardian.com

; <<>> DiG 9.9.9-P1 <<>> guardian.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9759
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;guardian.com. IN A

;; ANSWER SECTION:
guardian.com. 7196 IN A 199.96.13.22

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Aug 15 10:03:55 CEST 2017
;; MSG SIZE rcvd: 57

Even via WLAN the query time is below 2ms.

For further digging (I tested on recent KONG builds): On command line you can send the SIGUSR1 command to the PID of dnsmasq. So you get information about the stats of dnsmasq in the syslog:

Code:

kill -s USR1 $(pidof dnsmasq)

In my setup the result is like:

The second and third line gives the cache stats. The rest is due to dnscrypt with DNSSEC.

pleiades
DD-WRT Novice

Joined: 14 Aug 2017
Posts: 3

Posted: Tue Aug 15, 2017 9:41 Post subject:

Hi r6300v2usr,

Thanks for your informative and helpful response.

Quote:

The responding server IP in your setup is 192.168.1.254: is this really the router running DD-WRT with dnsmasq?

Yes, it is 192.168.1.254

Quote:

On command line you can send the SIGUSR1 command to the PID of dnsmasq. So you get information about the stats of dnsmasq in the syslog

I executed the command and my results:

Code:

Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: time 44885
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: cache size 10000, 0/1077 cache insertions re-used unexpired cache entries.
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: DNSSEC memory in use 4312, max 5456, allocated 999988
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 203.12.160.36#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 203.12.160.35#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 101.98.11.156#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 54.79.3.18#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 8.8.4.4#53: queries sent 46, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 8.8.8.8#53: queries sent 0, retried or failed 0
Aug 15 19:00:10 ramses daemon.info dnsmasq[22630]: server 127.0.0.1#30: queries sent 438, retried or failed 1

What is odd is that a number of DNS servers are listed, which I haven't used for a long time. I tried disabling dnsmasq, then restarting the router and re-enabling dnsmasq. The results list the same DNS servers.

So would these results be hampering performance?
Where are the legacy DNS server IPs stored? Can they be removed? If so, how?
Or is this simply a red herring and something else is to blame?

r6300v2usr
DD-WRT Novice

Joined: 03 Jan 2017
Posts: 49
Location: Lindau, Germany

Posted: Tue Aug 15, 2017 12:00 Post subject:

pleiades wrote:

Hi r6300v2usr,
I executed the command and my results:

Code:

Besides the used DNS server:
I'm wondering about the DNSSEC memory used. As DNSSEC is enabled, are you sure that all used nameserves support DNSSEC? I would disable DNSSEC until everything is fixed.

Are you using dnscrypt as well (server 127.0.0.1 on port 30 indicates this)? As for DNSSEC: Disable it until everything works as expected. Especially together with DNSSEC.

Remark: I would not change the cache-size of dnsmasq: 1500 (default for DD-WRT) is for most cases sufficent. Except you find it is not, then change it. You see it in the log report. The other parameters you are using: First get a working dnsmasq configuration, then try to optimize. Not to forget to verify. Default behavior of DD-WRT and dnsmasq works well for most cases.

Quote:

So would these results be hampering performance?

Maybe

Quote:

Where are the legacy DNS server IPs stored? Can they be removed? If so, how?

Before you try to fix this issue:
If you've been playing for a log time with different settings or have done several major firmware updates recently then you should erase NVRAM and restore the settings manually by entering each field in the browser again. Be careful with caching (e.g. chrome).
As you said you haven't used some of the servers for a long time: I can only suggest to clear NVRAM and make a clean manual setup. It takes 15 to 30 minutes and normally you are rid of odd behaviors.

Further possibilities if you want to dig deep into dnsmasq:
As far as I know (from my setup) there are a few sources where these entries may come from: DHCP or defined in GUI (Setup/Basic Setup). The static DNS IPs are stored in NVRAM. dnsmasq itself reads (at least what I know) two files: /tmp/resolv.conf and /tmp/resolv.dnsmasq for nameserver definition. The content of these files is from GUI, DHCP or other sources and read by dnsmasq. I've forgotten the details.

To be sure not to accidentally use other servers:
The parameter "no-resolv" prevents dnsmasq from using other sources as command line and server statement in config file. If using this you have to specify the dns server in the "Additional dnsmasq options", e.g. server=8.8.8.8. Otherwise you have no DNS server.

You can find lots of information regarding dnsmasq in the man pages, for example here: http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
I've not found an isssue where DD-WRT behaves differently.

mchaney
DD-WRT User

Joined: 26 Apr 2013
Posts: 389

Posted: Tue Aug 15, 2017 17:13 Post subject:
I always turn DNSmasq off. With it on, I get too many errors in SysLog, some of which have caused me to need to reboot the router in the past. Rather than trying to figure out the problem, I just turn it off. I don't need 2ms response times for my browser to resolve a website IP. So for me, ignorance is bliss. Mike

Alozaros
DD-WRT Guru

Joined: 16 Nov 2015
Posts: 6446
Location: UK, London, just across the river..

Posted: Wed Aug 16, 2017 7:19 Post subject:

hmm recently on Kong builds DNSMasq was left the default and only DNS manager....i do not know what is the situation with BS builds..
also just noticed are on Netgear D7000 router/modem combo?
this is not listed on DD WRT supported devices...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Broadcom SoC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Log in

Testing dnsmasq performance

Quick Links

Log in