[Dnsmasq-discuss] dnsmasq v2.86?
a.heider at gmail.com
Wed Aug 11 14:23:32 UTC 2021
On 11/08/2021 16:10, Lonnie Abelbeck wrote:
> Hi Andre, et al.
>> On Aug 11, 2021, at 1:36 AM, Andre Heider <a.heider at gmail.com> wrote:
>> I'm using 2.86test6 on OpenWrt, and I think I've found a bug. Detail's are vague so far but ever since I've started DoT with stubby as upstream server, dnsmasq every now and then gets into a mode where it stops responding to request completely and just sits there using 100% cpu power on one core.
>> I haven't found a way yet to trigger that reliably, but it feels like timing/parallel requests.
>> Does that ring any bells?
> Our project experienced a similar issue (pre-2021) when we used dnsmasq->stubby for DoT, at the time we were using dnsmasq 2.82 and getdns/stubby 1.5.2/0.2.6.
> The issue was upstream DNS would randomly "stall", it could be a couple days, a week or a month before the "stall" reoccured. The DoT provider also seemed to make a difference ... for example it stalled more often with Quad9 than with Cloudflare.
But I've also tried dnsproxy instead of stubby, same hangs (but same DoT
upstreams). If the hangs occurs and I restart either of those, it
doesn't fix itself, dnsmasq still hogs the cpu. If I leave stubby or
dnsproxy as-is and restart dnsmasq it works again.
> Keeping all things equal, we tested using unbound 1.13.0 (now 1.13.1) configured only as a DoT forwarder (forward-zone:) replacing getdns/stubby and the random stalls no longer occurred. This dnsmasq->unbound(DoT) is now our production implementation for upstream DoT.
> Side notes:
> 1) Our project used libunbound previously, so building the extra unbound daemon added about the same amount of code as the removed getdns/stubby code.
> 2) As of unbound 1.13.0, its DoT features are on par with stubby, ex. stream reuse and tcp fast open.
> 3) Our default DNS is provided by dnsmasq, only upstream DoT users start the unbound daemon.
> 4) Additionally, getdns/stubby dropping autotools (in favor of cmake) was a thorn in my paw.
> I personally use dnsmasq->unbound(DoT) and no issues since dropping getdns/stubby at the end of 2020.
More information about the Dnsmasq-discuss