DNSMasq Eating All The Memory

trancekat · February 27, 2022, 2:30pm

Hello All,
I hope you are having a nice day.

I've been having an issue over the last few months that I can't figure out. I have the following setup:

Model  Netgear Nighthawk X4S R7800
Architecture  ARMv7 Processor rev 0 (v7l)
Firmware Version  OpenWrt 19.07.4 r11208-ce6496d796 / LuCI openwrt-19.07 branch git-22.052.50988-1b6c126
Kernel Version  4.14.195

Every day or two, my connectivity dies and when I look at the router, I see this:

So I went looking to see what is eating up all my memory and found this:

DNSMasq is eating up all the memory (as well as several instances of syslog).

Any ideas as to why this is happening or how to fix this, please? Would switching to dnsmasq-full fix this?

If it matters, I also run adblock 4.0.7-9 with ~350k domains blocked from lists.

Thank you!

hnyman · February 27, 2022, 3:07pm

You should update to a more recent, supported, version. E.g. 19.07.9 or 21.02.2. (note that 19.07 is planned to be end-of-life in March.)

Rsyslogd is not part of the core package set.

Sure it matters. 350.000 lines of blocked domains. Let's say 50 bytes per domain in the list, and you would already consume 18MB. Not sure how efficient the domain database list is, but sure your aggressive blocking consumes memory.

trancekat · February 27, 2022, 3:20pm

You should update to a more recent, supported, version. E.g. 19.07.9 or 21.02.2. (note that 19.07 is planned to be end-of-life in March.)

I'd really like to, but every time I try via LuCI, it just doesn't do anything - it reloads the webpage and stays on 19.07.

Rsyslogd is not part of the core package set.

I will remove it. Thank you for pointing this out.

Sure it matters. 350.000 lines of blocked domains. Let's say 50 bytes per domain in the list, and you would already consume 18MB. Not sure how efficient the domain database list is, but sure your aggressive blocking consumes memory.

It looks like this with the full list loaded and running:

Seems OK, and this has been working for a long time.

mercygroundabyss · February 27, 2022, 3:41pm

dnsmasq forks each request and uses up memory.

You may want to consider using AdGuardHome instead. You can install this via opkg or the manual script thread.

frollic · February 27, 2022, 6:54pm

... or set up a pi-hole with some cloud host, they're free of charge, for one year, or forever, depending on which one you choose.

slh · February 28, 2022, 12:25am

As hnyman and mercygroundabyss implied, adblocking with dnsmasq is RAM intensive, so be a bit more conservative with the size of your blocklists (350'000 is too much for dnsmasq). There are two major choke points, fetching/ refreshing blocklists (which involves sorting and de-duplicating), but most of all tcp requests to dnsmasq (not the major mode of operation, but still normal behaviour), which do cause it to fork, to multiply its RAM usage per forked instances. This easily kills off even high-end devices with huge blocklists. There have been -very recent- improvements to this behaviour in dnsmasq following the discussions starting in https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014907.html (and spanning over several months beyond that initial report), improvements, but it's still an issue.

trancekat · March 1, 2022, 1:25am

Thank you all for your help.

I've chosen to move my dns blocking off of the router and to a pihole container on a separate system. So far things are running smoothly.
Thank you again.

system · March 11, 2022, 1:25am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.