DHCP and DNS Maximum cache TTL 3600?

Hi all
Is it not possible to set the cache TTL value to 43200 (12) hours?
I'd like to experiment
I mean if I set it to 12 hours, will it work or not

I don't see why it wouldn't be allowed, but the author of dnsmasq says this:

See https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html or the source code for more.

2 Likes

No problem whatsoever, DNS TTL can be a month


DHCP TTL is not related. 1d is OK, 1w without wireless also, less than a minute will lead to random disconnects.

2 Likes

https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/ - there is an alternative opinion. I'm inclined in this direction too. There are too many short TTLs on Internets without a reason for that. It makes DNS caching nearly useless. I bump it up to 3600 (min cache TTL).

Remember, it's not some blogger on Medium. It's APNIC.

3 Likes

The default fixup to 60s already gives half of intended benefit, but otherwise totally agree with Mr Denis's measurements.

2 Likes

Thanks, good article. I'll give it a go...

1 Like

Thanks for answers !

Here's how I've been watching what's happening with the cache:

# Find the pid of the dnsmasq process.
$ pgrep -l dnsmasq
31909 dnsmasq
31911 /usr/sbin/dnsmasq   << Pick the pid of this one, the bare 'dnsmasq' above is the jail.

# Send USR1 signal to dnsmasq.
$ kill -10 31911

# View the results:
$ logread -l 50 -e dnsmasq
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: time 1718483515
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: cache size 1000, 51/4770 cache insertions re-used unexpired cache entries.
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: queries forwarded 6060, queries answered locally 29309
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: queries for authoritative zones 0
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: DNSSEC per-query subqueries HWM 7
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: DNSSEC per-query crypto work HWM 20
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: DNSSEC per-RRSet signature fails HWM 0
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: pool memory in use 14400, max 29520, allocated 48000
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: child processes for TCP requests: in use 0, highest since last SIGUSR1 5, max allowed 20.
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: server 127.0.0.1#5453: queries sent 6446, retried 11, failed 45, nxdomain replies 91, avg. latency 74ms
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: server ::1#5453: queries sent 3415, retried 5, failed 30, nxdomain replies 42, avg. latency 75ms

Might even pipe that last bit through grep -E 'cache size|queries forwarded' as those are the only two lines pertinent to the discussion (well, maybe the queries sent, too).

pkill is shorter version of all the grep stuff
btw you can double cache entries :wink:

But pkill isn't standard on OpenWrt, so I stick with what works out of the box.

1 Like

Ya know, I'm pretty sure I had it up at like 10000 for a while (I experimented with a bunch of dns stuff a couple years ago, so it's sort of foggy), but noticed that it wasn't being used, so dropped it back down. But now with the longer ttl, maybe it makes sense to jack it back up...

I couldn't leave well enough alone. Save to cache_stats.sh and chmod +x it...

#!/bin/sh
#
# The two lines of interest in the log:
#   Sun Jun 16 06:03:08 2024 [epoch] daemon.info dnsmasq[1]: cache size 11, 22/33 cache insertions re-used unexpired cache entries.
#     11 = cache size
#     22 = drops, number of entries removed to make space before ttl expired
#     33 = total of entries made
#   Sun Jun 16 06:03:08 2024 [epoch] daemon.info dnsmasq[1]: queries forwarded 44, queries answered locally 55
#     44 = misses
#     55 = hits

if [ "$1" = "--update" ]; then
        shift
        pid="$(pidof dnsmasq | awk '{print $1}')"
        kill -s USR1 "$pid"
fi

if [ -n "$1" ]; then
        echo '
Options:
  --help   - show this help and exit
  --update - send dnsmasq a USR1 signal to add a new log entry

Output:
  hits   = the number of queries answered from the dnsmasq cache
  misses = the number of cache misses forwarded upstream
  size   = current size of the cache
  added  = the total number of names that have been inserted into the cache
  drops  = the number of names that have been removed from the cache before
           they expired in order to make room for new names; if this is not
           consistently '0', then increase your cache size as memory permits:
             uci set dhcp.@dnsmasq[0].cachesize=2000 && uci commit

Note:
  When dnsmasq receives a HUP signal, the cache is cleared and counters are
  reset.  SIGHUP is used by various tools to re-read DHCP files without
  restarting dnsmasq.

Reference:
  https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
'
        exit
fi

logread -t | awk '
        BEGIN {
                printf "%19s %6s  %6s  %6s  %6s  %6s\n", "", "hits", "misses", "size", "added", "drops";
        }

        /dnsmasq.*cache size/ {
                split($12, stats, "/");

                epoch   = substr($6, 2);
                stamp   = strftime("%F %T", epoch);
                size    = $11+0;
                drops   = stats[1]+0;
                entries = stats[2]+0;
        }

        /dnsmasq.*queries forwarded/ {
                hits   = $11+0;
                misses = $15+0;
                printf "%s %6d  %6d  %6d  %6d  %6d\n", stamp, hits, misses, size, entries, drops;
        }
'

Run it and you get all the history in the log file, add --update and it adds a new entry.

$ ./cache_stats.sh --update
                      hits  misses    size   added   drops
2024-06-15 16:02:57   8413   42021    1000    1777     216
2024-06-15 20:16:20  11988   90414    1000    9055    1662
2024-06-16 05:29:53    333    2246    4000     899       0
2024-06-16 06:03:08   1390    6332    4000    4404       0
2024-06-16 06:51:06   1707    8020    4000     235       0
2024-06-16 07:58:13   2094   10500    4000    1316       0
2024-06-16 08:45:37   2592   13088    4000    2870       0
2024-06-16 08:56:36   2764   15564    4000    3375       0