[Dnsmasq-discuss] Two questions about the cache and how dnsmasq forwards queries
samuel.lethiec at intelunix.fr
Mon Feb 15 10:45:47 GMT 2010
> >This also happen for almost every other query. Especially, every domains
> >that I _really_ would like dnsmasq to use its cache for seems to suffer
> >from this problem. But it looks like only those CNAMEs have this
> >TTL of 1s, the NAMEs
> >(eg: www.l.google.com) have a more reasonnable TTL.
> Can you try sending test queries direct to the upstream
> nameserver(s), bypassing dnsmasq. This is starting to look like a
> problem there:
> dig @220.127.116.11 www.google.com
> Send the whole result of doing that: there's also a possibility that
> the answer is confusing dnsmasq's "answer extraction" code, so
> seeing the whole thing would be good.
dig @18.104.22.168 www.google.com
; <<>> DiG 9.6.1-P3 <<>> @22.214.171.124 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54385
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 0 IN CNAME www.l.google.com.
www.l.google.com. 258 IN A 126.96.36.199
www.l.google.com. 258 IN A 188.8.131.52
www.l.google.com. 258 IN A 184.108.40.206
www.l.google.com. 258 IN A 220.127.116.11
www.l.google.com. 258 IN A 18.104.22.168
www.l.google.com. 258 IN A 22.214.171.124
;; AUTHORITY SECTION:
google.com. 194344 IN NS ns4.google.com.
google.com. 194344 IN NS ns1.google.com.
google.com. 194344 IN NS ns2.google.com.
google.com. 194344 IN NS ns3.google.com.
;; Query time: 3448 msec
;; SERVER: 126.96.36.199#53(188.8.131.52)
;; WHEN: Mon Feb 15 11:09:42 2010
;; MSG SIZE rcvd: 220
> If you can increase the retry time in the client's resolvers, that
> would help a lot, so would speeding up the downstream nameserver.
> There may be nothing you can do about that, but one thing to look at
> is any traffic shaping you have on your connection. My home internet
> connection is via a cable modem, and when my ISP applies "traffic
> shaping" it uses a simple leaky-bucket filter which causes the
> latency on the uplink to go very high, and performance gets very
> laggy. I use traffic-shaping to limit the upstream traffic to just
> less then the cap, and things work much better. The recipe I
> followed is here:
> >Doesn't dnsmasq keep a list of forwarded queries? As I can see on the log,
> >it often forwards several times the same query instead of waiting for
> >either a reply or a given timeout.
> No, it doesn't, to keep the memory footprint down. Even if it did,
> it would have to forward retries. DNS traffic is mainly UDP, and
> there's nothing dnsmasq can send back to a client to say "I'm
> working on it, just wait". The client will launch queries onto the
> net and either get a reply, or timeout and fail.
Touching client's configuration isn't an ideal solution for me, I could
'rate-limit' on the LAN side the NEW udp port 53 packets (with iptables),
but this is still far from ideal. I'd rather only 'rate-limit' similar dns
queries. Any idea?
And thanks for the tc link, I will certainly do some traffic-shaping at some
> So, either speed up the upstream servers (maybe by unloading your
> link) or increase the timeout in your clients. (1 second is low, for
> Unix systems, it may be the default for Windows.)
More information about the Dnsmasq-discuss