Discussion:
[Dnsmasq-discuss] FW: Cachesize
Nathan Downes
2017-04-10 08:41:24 UTC
Permalink
Hi,

I understand this is hardcoded to a limit of 10000 but we use it for a small ISP network and quite often reach this, is it possible to make it 25000 in next release? Everyone has the choice at loading what to set it to, so I can't see how this would cause issues. I would prefer to just use available packages than have to compile my own to adjust this and always have to remember the modification.

Thanks,

Nathan
Petr Mensik
2017-04-10 10:51:16 UTC
Permalink
Hi Nathan.

If you hit a cache limit of 10000 quite often, are you sure dnsmasq is still the best choice for that server? I think dnsmasq focuses on small home routers and end networks. Have you considered other caching resolver, unbound for example? I think if this limit is not enough, maybe your network is not small enough. There is limit for some reason. I hope full cache does not mean recursion will stop working, but I did not validate that assumption.

I think main DNS resolvers of ISP network should use something more heavy than dnsmasq.
How many end hosts are using that server?
Do you require dnsmasq specific features?

Cheers,
Petr

--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: ***@redhat.com PGP: 65C6C973


----- Original Message -----
From: "Nathan Downes" <***@hotmail.com>
To: dnsmasq-***@lists.thekelleys.org.uk
Sent: Monday, April 10, 2017 10:41:24 AM
Subject: [Dnsmasq-discuss] FW: Cachesize



Hi,



I understand this is hardcoded to a limit of 10000 but we use it for a small ISP network and quite often reach this, is it possible to make it 25000 in next release? Everyone has the choice at loading what to set it to, so I can’t see how this would cause issues. I would prefer to just use available packages than have to compile my own to adjust this and always have to remember the modification.



Thanks,



Nathan

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-***@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Nathan Downes
2017-04-10 21:37:53 UTC
Permalink
Hi Petr,

I guess that is totally possible, I had just used it for a few other projects so figured if it works why not use it :) The only things I use are setting minimum cache ttl to 30 mins and max cache size to 10k. There is only about 1000 endpoints of various types, from residential to business.

It only came about because I noticed the quantity of traffic to other resolvers was a lot more than I expected and I guessed caching would improve the experience for the end users.

It functions well at this level as far as I can see, always sub ms responses and almost no load on server. It is just a small VM with Dnsmasq, SMTP relay and STUN server.

I will check out other options then if I am pushing the limits of capability

-----Original Message-----
From: Petr Mensik [mailto:***@redhat.com]
Sent: Monday, 10 April 2017 8:51 PM
To: Nathan Downes <***@hotmail.com>
Cc: dnsmasq-***@lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] FW: Cachesize

Hi Nathan.

If you hit a cache limit of 10000 quite often, are you sure dnsmasq is still the best choice for that server? I think dnsmasq focuses on small home routers and end networks. Have you considered other caching resolver, unbound for example? I think if this limit is not enough, maybe your network is not small enough. There is limit for some reason. I hope full cache does not mean recursion will stop working, but I did not validate that assumption.

I think main DNS resolvers of ISP network should use something more heavy than dnsmasq.
How many end hosts are using that server?
Do you require dnsmasq specific features?

Cheers,
Petr
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: ***@redhat.com PGP: 65C6C973


----- Original Message -----
From: "Nathan Downes" <***@hotmail.com>
To: dnsmasq-***@lists.thekelleys.org.uk
Sent: Monday, April 10, 2017 10:41:24 AM
Subject: [Dnsmasq-discuss] FW: Cachesize



Hi,



I understand this is hardcoded to a limit of 10000 but we use it for a small ISP network and quite often reach this, is it possible to make it 25000 in next release? Everyone has the choice at loading what to set it to, so I can’t see how this would cause issues. I would prefer to just use available packages than have to compile my own to adjust this and always have to remember the modification.



Thanks,



Nathan

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-***@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Eric Luehrsen
2017-04-11 02:26:28 UTC
Permalink
Hi Nathan,
Post by Nathan Downes
There is only about 1000 endpoints of various types, from residential
to business.

Having worked with Unbound and dnsmasq, I would say the proverb "right
tool for the right job applies." I would guess not all 1000 endpoints
are on one subnet, maybe half-dozen, correct? If you had dnsmasq running
an instance for each subnet, then that might be a bit more reasonable.
If you want just one VM and one server, then I might suggest Unbound.
Its as easy to configure, and you can just recurse the global Internet
instead of forward (or forward or both or whatever). If you don't
DHCP-DNS in one, then Unbound is going to work for you.
Post by Nathan Downes
It only came about because I noticed the quantity of traffic to other
resolvers was a lot more than I expected and I guessed caching would
improve the experience for the end users.

That depends on a lot of things. Statistics would need to be collected
to be sure. Compare common cache queries that expire versus unique
queries. If your cache pushes "google.com" out, then that may be a
problem. If its all the click bait on news sites creating unique DNS
lookups to a rotating army of ad-sites, then there isn't much to do.
Post by Nathan Downes
The only things I use are setting minimum cache ttl to 30 mins...
That is pushing the edge for certain cases. Server rotation may make
some clients connectivity go dead for that 30 mins. Small business
customers with small business web-site/email providers can suffer worse
when small business server farm providers make things "difficult."

Hope it helps.
-Eric
Nathan Downes
2017-04-11 09:36:38 UTC
Permalink
Thanks Eric,

Dnsmasq has public ip, allow list limits what can access it. But after reading up on Unbound today it might be a better option.

We don't use DHCP for any of the connections, either subnet allocated or PPP/VPDN/L2TP connection.

Getting about a 90% hit rate on cache over last couple of weeks with a partial rollout so it is definitely helping, I noticed Unbound can do a lookup for expiring cache entries so they are always fresh, will definitely try it out, bandwidth and processing power not really an issue.

Thanks to all for the input.


-----Original Message-----
From: Dnsmasq-discuss [mailto:dnsmasq-discuss-***@lists.thekelleys.org.uk] On Behalf Of Eric Luehrsen
Sent: Tuesday, 11 April 2017 12:26 PM
To: dnsmasq-***@lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] FW: Cachesize

Hi Nathan,
Post by Nathan Downes
There is only about 1000 endpoints of various types, from residential to business.
Having worked with Unbound and dnsmasq, I would say the proverb "right tool for the right job applies." I would guess not all 1000 endpoints are on one subnet, maybe half-dozen, correct? If you had dnsmasq running an instance for each subnet, then that might be a bit more reasonable.
If you want just one VM and one server, then I might suggest Unbound.
Its as easy to configure, and you can just recurse the global Internet instead of forward (or forward or both or whatever). If you don't DHCP-DNS in one, then Unbound is going to work for you.
Post by Nathan Downes
It only came about because I noticed the quantity of traffic to other resolvers was a lot more than I expected and I guessed caching would improve the experience for the end users.
That depends on a lot of things. Statistics would need to be collected to be sure. Compare common cache queries that expire versus unique queries. If your cache pushes "google.com" out, then that may be a problem. If its all the click bait on news sites creating unique DNS lookups to a rotating army of ad-sites, then there isn't much to do.
Post by Nathan Downes
The only things I use are setting minimum cache ttl to 30 mins...
That is pushing the edge for certain cases. Server rotation may make some clients connectivity go dead for that 30 mins. Small business customers with small business web-site/email providers can suffer worse when small business server farm providers make things "difficult."

Hope it helps.
-Eric

Loading...