[Dnsmasq-discuss] dnmasq slow for local network

richardvoigt at gmail.com richardvoigt at gmail.com
Wed Nov 4 06:40:54 GMT 2009 

On Tue, Nov 3, 2009 at 10:47 PM, Kiswono Prayogo <kiswono at gmail.com> wrote:
> Hi, i use dnsmasq for resolving my local network address,
> here's my /etc/hosts file (real ip and domain name changed to fake):
> ## cat /etc/hosts
> 127.0.0.1 genesis
> 127.0.0.1       localhost
> 1.1.1.1 dns00.mysecretdomain.ac.id           dns00
> 1.1.1.1 dns.mysecretdomain.ac.id             dns
> 1.1.1.1 mail.mysecretdomain.ac.id           proxy
> . . .
> #20 more server hosts
> . . .
> #and 15000 more advertisement-blocking hosts that redirected ti 1.1.1.1
> # cat /etc/dnsmasq.conf | egrep -a -v '^[[:space:]]*#' $1 | egrep -a
> '[[:print:]]'
> cache-size=1024
> bogus-nxdomain=1.1.1.1
> conf-file=/etc/kyz/hosts/block
> conf-file=/etc/kyz/hosts/mail
> ## cat /etc/resolv.conf | egrep -a -v '^[[:space:]]*#' $1 | egrep -a
> '[[:print:]]'
> search mysecretdomain.ac.id
> nameserver 208.67.222.222 # opendns
> nameserver 208.67.220.220 # opendns
> nameserver 1.1.1.4 # dns4
> nameserver 1.1.1.3 # dns3
> nameserver 1.1.1.2 # dns2
> all my client dns request was redirected to 1.1.1.1
> ## cat /etc/network/if-up.d/custom
> #some iptables clearing rules
> . . .
> real1 = 1.1.1.1
> reals = 1.1.1.1/28
> wifis = 10.0.0.0/8
> staff = 192.168.0.0/16
> iptables -A PREROUTING -t nat -p TCP -s $wifis -d ! $reals --dport 53 -j
> DNAT --to $real1:53
> iptables -A PREROUTING -t nat -p UDP -s $wifis -d ! $reals --dport 53 -j
> DNAT --to $real1:53
> iptables -A PREROUTING -t nat -p TCP -s $staff -d ! $reals --dport 53 -j
> DNAT --to $real1:53
> iptables -A PREROUTING -t nat -p UDP -s $staff -d ! $reals --dport 53 -j
> DNAT --to $real1:53
> . . .
> #some default rules
> and the interface of the gateway server are: eth0 = 192.168.1.1, eth1 =
> 1.1.1.1
> all clients dns configuration was set to 192.168.1.1.
> and if i open for example dns00.mysecretdomain.ac.id, it always lag for 3-25
> seconds (and showing "Resolving host..." on Chromium or "Looking
> up dns00.mysecretdomain.ac.id...") before it show the web.. and it does not
> happened for non local web..
> i wonder where is the lag problem source?

I don't think that bogus-nxdomain applies to /etc/hosts listings, the
man page only says it covers replies from upstream servers.  So your
browser is probably actually trying to contact 1.1.1.1 and timing out.

You can verify this with "ping dns00.mysecretdomain.ac.id" and see if
it fails to get an address, or tries to contact 1.1.1.1


> Regards,
> Kiswono
> GB
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>

More information about the Dnsmasq-discuss mailing list