<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Thanks for the reply, Simon.</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">
DNSSEC isn't enabled.</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">I wonder if the pattern of the problem gives any clues...</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">As I said, on a normal day with around 40-50 clients on the network there is no problem at all with dnsmasq managing to use barely 0 - 2% of the CPU. When the problem occurred there were a little over 100 clients. Running top showed dnsmasq using 100% cpu so I restarted dnsmasq and kept an eye on top. For maybe 5 or 10 minutes there was no problem, with dnsmasq using very little cpu. Then dnsmasq would start to peak at maybe 20-30% for a couple of seconds before dropping back. Then it would start peaking at higher and higher levels before dropping back. Eventually, after running for maybe half an hour it would start peaking at over 90% and staying there for longer before dropping back. At this point dns requests would become very slow (and maybe time out). And then dnsmasq would hit 100% cpu and would stay there. Dns requests would time out and only restarting dnsmasq would fix the problem. The pattern would then start over again.</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">I may be wrong but it doesn't seem that dnsmasq is hitting a bug that suddenly causes it to loop and hog the cpu until it's killed. It seems to gradually show more and more of the problem before it eventually hogs 100% cpu and has to be killed.</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">If the problem was caused by dnsmasq being overloaded with requests, is it likely or possible that 50 clients could put very little load on it but 100 clients could swamp it? Also, would the problem not show itself as soon as dnsmasq was restarted rather than showing the gradual increase in peak usage until it hits 100%?</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">I hope this helps. Any thoughts on this pattern?</div><div class="gmail_default" style="font-family:tahoma,sans-serif">
<br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">Cheers</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">
David</div><div class="gmail_extra"><br><br><div class="gmail_quote">On 24 April 2014 12:41, Simon Kelley <span dir="ltr"><<a href="mailto:simon@thekelleys.org.uk" target="_blank">simon@thekelleys.org.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 22/04/14 20:04, David Joslin wrote:<br>
> Hi<br>
><br>
> I have an Asus rt-n16 router running the Shibby version of the Tomato<br>
> firmware which includes dnsmasq version 2.69test3. It's in use in a<br>
> building that frequently has 50+ users on a wireless network and dnsmasq<br>
> has performed extremely well with very little load on the router.<br>
><br>
> However, we've recently run a couple of conferences in the building and the<br>
> number of people using the wireless network has been just over 100. Several<br>
> times there have been problems resolving addresses and when I've looked at<br>
> the router dnsmasq has been using 100% cpu. Restarting dnsmasq temporarily<br>
> fixes the problem but it occurs again maybe 20 minutes later.<br>
><br>
> I've turned off logging, increased the cache-size and the maximum number of<br>
> dhcp leases (anything I could see that might be a problem with more users)<br>
> but this hasn't fixed the problem.<br>
><br>
> I wondered if anyone has come across anything similar or has any<br>
> suggestions?<br>
><br>
<br>
</div></div>The first thing is to try and decide which of two possible scenarios ar<br>
happening. The first is that you've triggered a bug in the code and<br>
dnsmasq is looping somewhere without ever getting back to the select()<br>
loop and doing actual work. The second is that it's getting so much work<br>
that it's running out of CPU to do it.<br>
<br>
In the first case, dnsmasq will stop working entirely. Is that<br>
consistent with "problems resolving addresses" or does it still<br>
partially work? Turning off logging is probably counter-productive here,<br>
the logs may have valuable clues.<br>
<br>
<br>
In the second case, DNSSEC is something to worry about. Do you have that<br>
turned on?<br>
<br>
Also, it's possible to arrive at configurations with DNS forwarding<br>
loops where once DNS query gets sent upstream, but somehow ends up back<br>
at the dnsmasq instance that originally forwarded it and then goes round<br>
in circles. It's quite difficult to do this without at least two dnsmasq<br>
instances, but it is possible.<br>
<br>
Finally, logging to a syslog daemon which does its own DNS lookups (to<br>
label logs from remote hosts) can create a collapse: dnsmasq will log<br>
several lines for each DNS query, if each of those lines generates a new<br>
DNS query which has to handled by dnsmasq, it all goes wrong very quickly.<br>
<br>
<br>
Cheers,<br>
<br>
<br>
Simon.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
</div></div></blockquote></div><br></div></div>