Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    dnsmasq defaults to a cache size of 150 names.

    That's probably why you're seeing upstream queries. But really, DNS response times are generally in the millisecond range and your end user PCs are caching all the queries as well.

    In general, every device that is involved with the DNS chain caches responses. That's why we have a very well defined TTL (time to live) entry for every DNS record.

    You're not going to see much visible improvement here no matter how much time you spend.

    For example:

    Code:
    bigboy:~ mrunkel$ dig www.untangle.com
    
    ; <<>> DiG 9.6.0-APPLE-P2 <<>> www.untangle.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60350
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;www.untangle.com.              IN      A
    
    ;; ANSWER SECTION:
    www.untangle.com.       89      IN      CNAME   untangle.com.
    untangle.com.           89      IN      A       74.123.28.10
    
    ;; Query time: 244 msec
    ;; SERVER: 192.168.1.254#53(192.168.1.254)
    ;; WHEN: Sun May  1 23:06:59 2011
    ;; MSG SIZE  rcvd: 64
    
    bigboy:~ mrunkel$ dig www.untangle.com +ttlid
    
    ; <<>> DiG 9.6.0-APPLE-P2 <<>> www.untangle.com +ttlid
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 272
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;www.untangle.com.              IN      A
    
    ;; ANSWER SECTION:
    www.untangle.com.       300     IN      CNAME   untangle.com.
    untangle.com.           300     IN      A       74.123.28.10
    
    ;; Query time: 21 msec
    ;; SERVER: 192.168.1.254#53(192.168.1.254)
    ;; WHEN: Sun May  1 23:07:26 2011
    ;; MSG SIZE  rcvd: 64
    You can see the 2nd query was 10 times faster, but frankly, I'm not going to notice a quarter of a second delay when I first call up the page.
    Last edited by mrunkel; 05-01-2011 at 11:09 PM.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  2. #12
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    Finally got some usable data on this. You are right that Windows does cache DNS, and dnsmasq does also, but the entries are very short lived in both places.

    For instance, there's a browser open to a buy.com page. It creates a query at relative times 108, 347, and 587 (seconds). Clearly it's not finding the name on the PC's cache, nor is it hitting the cached name in dnsmasq. Each one of these results in a query to OpenDNS. That means that a resolved name entry persists less than four minutes in both places.

    I have lots of similar examples, but this is pretty much typical. Frankly, the cache in dnsmasq seems pretty useless in this configuration. With a table size of only 150 names, it's not going to accomplish much of anything at all in even a lightly loaded environment like here.

    OpenDNS replies to queries in 18-30 msec. judging from the samples I see here. dnsmasq, when it has one of its (very rare) cache hits, replies in under 200usec. which is about the same amount of time it takes to reply to a query about one of the internal addresses.

    I suppose there's a way to tell dnsmasq to increase the size of its table from the 150 you mentioned. But from what I see in the way its configuration files are created, any change would be eventually overwritten by Untangle's startup process. IMO, it wouldn't hurt anything to make the table size configurable, or at least set to a large enough value that it might actually do something useful -- something in the range of 1000-2500 entries, maybe.


    My network here is very small compared to the average Untangle application, I assume. When you start adding up the overhead from all those DNS queries from a couple of hundred workstations, it begins looking a lot less negligible. Seems to me that revisiting this setting could be a very good idea, especially for those with a lot of users on a very full pipe.

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,093

    Default

    Actually, advanced mode has a DHCP & DNS feature. This feature is nothing more than a text box that allows you to insert custom directives into dnsmasq.conf. So yeah, you can tweak those settings if you want.

    DNSMasq appears to load commands sequentially from top down, but here's the thing... statements that appear later in the file override earlier statements. The advanced mode feature appends itself to the file, so your custom statements will always override the inbuilt statements.

    So in this particular case, you're free to customize at will, and be perfectly safe with the UVM maintaining settings.

    The issue you're describing to be honest is a non-issue. Larger networks almost always use their DCs as DNS caches. Untangle isn't even involved in resolution for those networks.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #14
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    Granted. But that's sort of missing my point. The default setting is worthless. It may as well be set to 0 and use those clock cycles for something else because it does no effective caching AT ALL. For everyone else who doesn't have a DNS-caching domain controller, it ought to be set to a much larger value, especially people whose connections are already maxed out. I realize that DNS transactions are small, but they're not nothing and they take time -- not a lot, but some. If someone's connection is already up against it, freeing up even a little bit is worth it, since it costs nothing but a minute of your time.

    Thanks for the tip about that mystery box. I've wondered more than once about what one might put in there. I entered "cache-size 2500", saved it, and a moment later it appeared at the end of dnsmasq.conf, as expected.

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,093

    Default

    Exactly, that's why we have that feature.

    Now, if DNSMasq had half decent documentation...

    Untangle's defaults are very similar to a normal SOHO router. So I don't see it as worthless, it's simply there for convenience. I'd much rather have a LAN using the router as a DNS server than having to adjust the entire network when the ISP decides to renumber. I like one change, once, and everything else just falls in line.

    Anyway don't forget about that box, you can work some serious magic with DCHP in there.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    Quote Originally Posted by sky-knight View Post
    Now, if DNSMasq had half decent documentation...
    Jeez, if that ain't the truth! Typical Linux documentation is just horrible. But then, so is 90% of all documentation. It's not difficult at all to spend hours with Google researching something and coming up with page after page of incomplete and/or conflicting information.

    That's one thing about the Untangle forums, nearly everything you find here works. The s/n ratio is about as high here as you'll ever find, anywhere.

    I tried, just for example, to get VNC viewer (on Windows) to interface with the Untangle box. In theory, it's do-able, all you have to do, according to a few dozens of authors, is "apt-get install vncserver" which, naturally, results in an error message saying "I don't know what you're talking about". Or words to that effect. Also tried the reference to your discussion about X and got it mostly working, except that the window wouldn't take input from the remote display. I pushed that onto the back burner at that point.

    Anyway, to summarize, I think the Untangle default for dnsmasq ought to be either 0 or some useful value like 2000. The current default is worse than useless. Not only does it not do what it's intended to to, it but it wastes resources in the process of not doing anything useful. IMO, this is worth at least a checkbox on the DNS setup screen. Disabled for those with other DNS caches, or specify a value that's going to yield useful caching for everyone else.

  7. #17
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,093

    Default

    That post regarding the x redirect was meant more as a brain dump than a how to. So while I know it's working information, I'm sure it's lacking.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2