Hi all
Is it not possible to set the cache TTL value to 43200 (12) hours?
I'd like to experiment
I mean if I set it to 12 hours, will it work or not
I don't see why it wouldn't be allowed, but the author of dnsmasq says this:
See https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html or the source code for more.
2 Likes
No problem whatsoever, DNS TTL can be a month
DHCP TTL is not related. 1d is OK, 1w without wireless also, less than a minute will lead to random disconnects.
2 Likes
https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/ - there is an alternative opinion. I'm inclined in this direction too. There are too many short TTLs on Internets without a reason for that. It makes DNS caching nearly useless. I bump it up to 3600 (min cache TTL).
Remember, it's not some blogger on Medium. It's APNIC.
3 Likes
The default fixup to 60s already gives half of intended benefit, but otherwise totally agree with Mr Denis's measurements.
2 Likes
Thanks, good article. I'll give it a go...
1 Like
Thanks for answers !
Here's how I've been watching what's happening with the cache:
# Find the pid of the dnsmasq process.
$ pgrep -l dnsmasq
31909 dnsmasq
31911 /usr/sbin/dnsmasq << Pick the pid of this one, the bare 'dnsmasq' above is the jail.
# Send USR1 signal to dnsmasq.
$ kill -10 31911
# View the results:
$ logread -l 50 -e dnsmasq
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: time 1718483515
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: cache size 1000, 51/4770 cache insertions re-used unexpired cache entries.
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: queries forwarded 6060, queries answered locally 29309
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: queries for authoritative zones 0
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: DNSSEC per-query subqueries HWM 7
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: DNSSEC per-query crypto work HWM 20
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: DNSSEC per-RRSet signature fails HWM 0
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: pool memory in use 14400, max 29520, allocated 48000
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: child processes for TCP requests: in use 0, highest since last SIGUSR1 5, max allowed 20.
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: server 127.0.0.1#5453: queries sent 6446, retried 11, failed 45, nxdomain replies 91, avg. latency 74ms
Sat Jun 15 13:31:55 2024 daemon.info dnsmasq[1]: server ::1#5453: queries sent 3415, retried 5, failed 30, nxdomain replies 42, avg. latency 75ms
Might even pipe that last bit through grep -E 'cache size|queries forwarded' as those are the only two lines pertinent to the discussion (well, maybe the queries sent, too).
pkill is shorter version of all the grep stuff
btw you can double cache entries 
But pkill isn't standard on OpenWrt, so I stick with what works out of the box.
1 Like
Ya know, I'm pretty sure I had it up at like 10000 for a while (I experimented with a bunch of dns stuff a couple years ago, so it's sort of foggy), but noticed that it wasn't being used, so dropped it back down. But now with the longer ttl, maybe it makes sense to jack it back up...
I couldn't leave well enough alone. Save to cache_stats.sh and chmod +x it...
#!/bin/sh
#
# The two lines of interest in the log:
# Sun Jun 16 06:03:08 2024 [epoch] daemon.info dnsmasq[1]: cache size 11, 22/33 cache insertions re-used unexpired cache entries.
# 11 = cache size
# 22 = drops, number of entries removed to make space before ttl expired
# 33 = total of entries made
# Sun Jun 16 06:03:08 2024 [epoch] daemon.info dnsmasq[1]: queries forwarded 44, queries answered locally 55
# 44 = misses
# 55 = hits
if [ "$1" = "--update" ]; then
shift
pid="$(pidof dnsmasq | awk '{print $1}')"
kill -s USR1 "$pid"
fi
if [ -n "$1" ]; then
echo '
Options:
--help - show this help and exit
--update - send dnsmasq a USR1 signal to add a new log entry
Output:
hits = the number of queries answered from the dnsmasq cache
misses = the number of cache misses forwarded upstream
size = current size of the cache
added = the total number of names that have been inserted into the cache
drops = the number of names that have been removed from the cache before
they expired in order to make room for new names; if this is not
consistently '0', then increase your cache size as memory permits:
uci set dhcp.@dnsmasq[0].cachesize=2000 && uci commit
Note:
When dnsmasq receives a HUP signal, the cache is cleared and counters are
reset. SIGHUP is used by various tools to re-read DHCP files without
restarting dnsmasq.
Reference:
https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
'
exit
fi
logread -t | awk '
BEGIN {
printf "%19s %6s %6s %6s %6s %6s\n", "", "hits", "misses", "size", "added", "drops";
}
/dnsmasq.*cache size/ {
split($12, stats, "/");
epoch = substr($6, 2);
stamp = strftime("%F %T", epoch);
size = $11+0;
drops = stats[1]+0;
entries = stats[2]+0;
}
/dnsmasq.*queries forwarded/ {
hits = $11+0;
misses = $15+0;
printf "%s %6d %6d %6d %6d %6d\n", stamp, hits, misses, size, entries, drops;
}
'
Run it and you get all the history in the log file, add --update and it adds a new entry.
$ ./cache_stats.sh --update
hits misses size added drops
2024-06-15 16:02:57 8413 42021 1000 1777 216
2024-06-15 20:16:20 11988 90414 1000 9055 1662
2024-06-16 05:29:53 333 2246 4000 899 0
2024-06-16 06:03:08 1390 6332 4000 4404 0
2024-06-16 06:51:06 1707 8020 4000 235 0
2024-06-16 07:58:13 2094 10500 4000 1316 0
2024-06-16 08:45:37 2592 13088 4000 2870 0
2024-06-16 08:56:36 2764 15564 4000 3375 0
2 Likes