[Dnsmasq-discuss] FW: Cachesize
nathandownes at hotmail.com
Tue Apr 11 10:36:38 BST 2017
Dnsmasq has public ip, allow list limits what can access it. But after reading up on Unbound today it might be a better option.
We don't use DHCP for any of the connections, either subnet allocated or PPP/VPDN/L2TP connection.
Getting about a 90% hit rate on cache over last couple of weeks with a partial rollout so it is definitely helping, I noticed Unbound can do a lookup for expiring cache entries so they are always fresh, will definitely try it out, bandwidth and processing power not really an issue.
Thanks to all for the input.
From: Dnsmasq-discuss [mailto:dnsmasq-discuss-bounces at lists.thekelleys.org.uk] On Behalf Of Eric Luehrsen
Sent: Tuesday, 11 April 2017 12:26 PM
To: dnsmasq-discuss at lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] FW: Cachesize
Just thinking out loud:
> There is only about 1000 endpoints of various types, from residential to business.
Having worked with Unbound and dnsmasq, I would say the proverb "right tool for the right job applies." I would guess not all 1000 endpoints are on one subnet, maybe half-dozen, correct? If you had dnsmasq running an instance for each subnet, then that might be a bit more reasonable.
If you want just one VM and one server, then I might suggest Unbound.
Its as easy to configure, and you can just recurse the global Internet instead of forward (or forward or both or whatever). If you don't DHCP-DNS in one, then Unbound is going to work for you.
> It only came about because I noticed the quantity of traffic to other resolvers was a lot more than I expected and I guessed caching would improve the experience for the end users.
That depends on a lot of things. Statistics would need to be collected to be sure. Compare common cache queries that expire versus unique queries. If your cache pushes "google.com" out, then that may be a problem. If its all the click bait on news sites creating unique DNS lookups to a rotating army of ad-sites, then there isn't much to do.
> The only things I use are setting minimum cache ttl to 30 mins...
That is pushing the edge for certain cases. Server rotation may make some clients connectivity go dead for that 30 mins. Small business customers with small business web-site/email providers can suffer worse when small business server farm providers make things "difficult."
Hope it helps.
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
More information about the Dnsmasq-discuss