@L&LD
Yes, as I said it is faster, but the reason to use "No" for Use local caching, is because of possibles issues (and permanent ones for some users) especially with DoT used, as for checking if WAN works or not and for NTP time synchronization.
It newer was an issue if caching on the router would be faster or not, of course it will; but be careful to use on case per case only if certain no issues occur with Network Monitoring or NTP. And they might occur in the future at some point, not instantly (if cache remembers an old resolve no longer valid, breaks, corrupts, dnsmasq or stubby fails...), which is the very reason RMerlin went back to "No" as default.
Then if that ever happens, you will have to use "No" for Use local caching. If all works, stay with "Yes" for speed
It is for local caching on, that would thus in this case be same speed!
Yes i get that; but obviously the dnsmasq is used both here and in DoT, so it might have an impact or correlation? As if one is turned off it erases the cache, ending in impacting the clients?The local caching setting only impacts traffic originating on the router itself. It does not impact clients.
Do you mean set or unset?Yes i get that; but obviously the dnsmasq is uset both here and in DoT, so it might have an impact or correlation? As if one is turned off it erases the cache, ending in impacting the clients?
Sorry I wanted to write set, then went with used, and ended up mixing bothDo you mean set or unset?
Yes i get that; but obviously the dnsmasq is used both here and in DoT, so it might have an impact or correlation? As if one is turned off it erases the cache, ending in impacting the clients?
I can’t think of anything technically that would make sense there. The dnsmasq configuration for DoT does not change at all. All that changes is whether the router makes a call dnsmasq locally or to external DNS servers directly.Sorry I wanted to write set, then went with used, and ended up mixing both
I corrected it to used.
The only question here: is the cache the same for both?I can’t think of anything technically that would make sense there. The dnsmasq configuration for DoT does not change at all. All that changes is whether the router makes a call dnsmasq locally or to external DNS servers directly.
By far, on my Fibre 1Gbps up/down symmetrical connection, the best combination is 'No' and using the CloudFlare DNS servers and 'Yes' for Use local caching.
the real question i have is at what point are you at higher risk of cache corruption, using the local cache or using the upstream?@L&LD
Yes, as I said it is faster, but the reason to use "No" for Use local caching, is because of possibles issues (and permanent ones for some users) especially with DoT used, as for checking if WAN works or not and for NTP time synchronization.
It newer was an issue if caching on the router would be faster or not, of course it will; but be careful to use on case per case only if certain no issues occur with Network Monitoring or NTP. And they might occur in the future at some point, not instantly (if cache remembers an old resolve no longer valid, breaks, corrupts, dnsmasq or stubby fails...), which is the very reason RMerlin went back to "No" as default.
Then if that ever happens, you will have to use "No" for Use local caching. If all works, stay with "Yes" for speed
It is for local caching on, that would thus in this case be same speed!
Well, obviously we can only hope the upstream one is sturdier..?the real question i have is at what point are you at higher risk of cache corruption, using the local cache or using the upstream?
With my ISP and network environment and usage, there is no better combination.
I have already changed a few customers defaults to this and they too see a positive change, overall.
Local caching has no impact on the LAN, it only affects the router itself, and program running locally on the router (and using /etc/resolv.conf).
Placebo effect.
Like others have already pointed out- this setting has zero effect on clients.
@L&LD Hey can you run this TCPDUMP test and tell me if you get "correct" coming on the back and forth traffic.....If the settings make no effect as I showed in the original post here,
https://www.snbforums.com/threads/384-12_alpha-builds-testing-all-variants.56639/page-12#post-493539
Then I will take this 'placebo effect'.
All clients are faster, including when I VPN into my network on my phone. The more powerful and the faster the client is, the more noticeable it is to me. When loading pages with graphics (like the guru3d Asus 2900 review), the pages load in total, not pixel by pixel or line by line.
This is not a placebo effect as far as I'm concerned. Unless there is another setting I use that affects this usage I test with?
good example@L&LD Hey can you run this TCPDUMP test and tell me if you get correct coming on the back and forth traffic.....
tcpdump -vv -x -X -s 1500 -i eth0 port 853
00:21:47.199128 IP6 (class 0x20, flowlabel 0x0a5e9, hlim 60, next-header TCP (6) payload length: 172) one.one.one.one.853 > 2001:558:6043:2a:68eb:dda7:d65f:1456.36708: Flags [P.], cksum 0xe69c (correct), seq 14116:14268, ack 3683, win 48, length 152
0x0000: 6200 a5e9 00ac 063c 2606 4700 4700 0000 b......<&.G.G...
0x0010: 0000 0000 0000 1001 2001 0558 6043 002a ...........X`C.*
0x0020: 68eb dda7 d65f 1456 0355 8f64 b7af cc57 h...._.V.U.d...W
0x0030: 310f 6a0c 5018 0030 e69c 0000 1703 0300 1.j.P..0........
0x0040: 9326 47d4 b061 7b6b 81f1 1900 cfb5 db5f .&G..a{k......._
0x0050: 8c65 7278 c019 d97b 2310 e1bf c017 029e .erx...{#.......
0x0060: caf8 d4fd fad2 931b ba34 b796 2c7e e528 .........4..,~.(
0x0070: 9797 45ad 63f3 1b7d 2ab5 a83a 3e28 4e0c ..E.c..}*..:>(N.
0x0080: ab92 3b46 69a4 e636 0f1d 6d91 7be1 dbc9 ..;Fi..6..m.{...
0x0090: 014f 5bed 6970 367f aefc 8b1f c0b8 af08 .O[.ip6.........
0x00a0: 253a ab70 879e af84 a068 1bbb a08a f3e2 %:.p.....h......
0x00b0: deba 7a35 ffe8 b4b4 db00 7bd6 e391 179a ..z5......{.....
0x00c0: caed 296e a76b 0b47 274e 2221 5e84 76e4 ..)n.k.G'N"!^.v.
0x00d0: d0ea 669d ..f.
00:21:47.199942 IP6 (class 0x20, flowlabel 0x0a5e9, hlim 60, next-header TCP (6) payload length: 172) one.one.one.one.853 > 2001:558:6043:2a:68eb:dda7:d65f:1456.36708: Flags [P.], cksum 0xc4d4 (correct), seq 14268:14420, ack 3683, win 48, length 152
0x0000: 6200 a5e9 00ac 063c 2606 4700 4700 0000 b......<&.G.G...
0x0010: 0000 0000 0000 1001 2001 0558 6043 002a ...........X`C.*
0x0020: 68eb dda7 d65f 1456 0355 8f64 b7af ccef h...._.V.U.d....
0x0030: 310f 6a0c 5018 0030 c4d4 0000 1703 0300 1.j.P..0........
0x0040: 93af 6844 af76 6fe1 708f 8501 a86b e2f4 ..hD.vo.p....k..
0x0050: afd1 add1 7063 9965 90f0 6cd4 c575 b002 ....pc.e..l..u..
0x0060: 631b 5657 a55d 6288 a508 c05a 17e8 9d0b c.VW.]b....Z....
0x0070: 1a62 5f28 ff81 b9c7 61b3 32c2 df25 53aa .b_(....a.2..%S.
0x0080: 2511 b05a 978a 5eb0 d4e6 450d 9b6a 8c49 %..Z..^...E..j.I
0x0090: 6c4d 77da c92c 434f 1c77 3de0 9a37 4089 lMw..,CO.w=..7@.
0x00a0: de5b 7da8 31a9 0970 9ba9 1cff 63a2 5123 .[}.1..p....c.Q#
0x00b0: 56ac aea9 8adf 93cd e696 aa32 382f 2f63 V..........28//c
0x00c0: efca fb9f ae3d b8e7 17f0 36b4 820b de1d .....=....6.....
0x00d0: d633 2a68 .3*h
good example
in the example there is a statement part that says (correct)Code:00:21:47.199128 IP6 (class 0x20, flowlabel 0x0a5e9, hlim 60, next-header TCP (6) payload length: 172) one.one.one.one.853 > 2001:558:6043:2a:68eb:dda7:d65f:1456.36708: Flags [P.], cksum 0xe69c (correct), seq 14116:14268, ack 3683, win 48, length 152 0x0000: 6200 a5e9 00ac 063c 2606 4700 4700 0000 b......<&.G.G... 0x0010: 0000 0000 0000 1001 2001 0558 6043 002a ...........X`C.* 0x0020: 68eb dda7 d65f 1456 0355 8f64 b7af cc57 h...._.V.U.d...W 0x0030: 310f 6a0c 5018 0030 e69c 0000 1703 0300 1.j.P..0........ 0x0040: 9326 47d4 b061 7b6b 81f1 1900 cfb5 db5f .&G..a{k......._ 0x0050: 8c65 7278 c019 d97b 2310 e1bf c017 029e .erx...{#....... 0x0060: caf8 d4fd fad2 931b ba34 b796 2c7e e528 .........4..,~.( 0x0070: 9797 45ad 63f3 1b7d 2ab5 a83a 3e28 4e0c ..E.c..}*..:>(N. 0x0080: ab92 3b46 69a4 e636 0f1d 6d91 7be1 dbc9 ..;Fi..6..m.{... 0x0090: 014f 5bed 6970 367f aefc 8b1f c0b8 af08 .O[.ip6......... 0x00a0: 253a ab70 879e af84 a068 1bbb a08a f3e2 %:.p.....h...... 0x00b0: deba 7a35 ffe8 b4b4 db00 7bd6 e391 179a ..z5......{..... 0x00c0: caed 296e a76b 0b47 274e 2221 5e84 76e4 ..)n.k.G'N"!^.v. 0x00d0: d0ea 669d ..f. 00:21:47.199942 IP6 (class 0x20, flowlabel 0x0a5e9, hlim 60, next-header TCP (6) payload length: 172) one.one.one.one.853 > 2001:558:6043:2a:68eb:dda7:d65f:1456.36708: Flags [P.], cksum 0xc4d4 (correct), seq 14268:14420, ack 3683, win 48, length 152 0x0000: 6200 a5e9 00ac 063c 2606 4700 4700 0000 b......<&.G.G... 0x0010: 0000 0000 0000 1001 2001 0558 6043 002a ...........X`C.* 0x0020: 68eb dda7 d65f 1456 0355 8f64 b7af ccef h...._.V.U.d.... 0x0030: 310f 6a0c 5018 0030 c4d4 0000 1703 0300 1.j.P..0........ 0x0040: 93af 6844 af76 6fe1 708f 8501 a86b e2f4 ..hD.vo.p....k.. 0x0050: afd1 add1 7063 9965 90f0 6cd4 c575 b002 ....pc.e..l..u.. 0x0060: 631b 5657 a55d 6288 a508 c05a 17e8 9d0b c.VW.]b....Z.... 0x0070: 1a62 5f28 ff81 b9c7 61b3 32c2 df25 53aa .b_(....a.2..%S. 0x0080: 2511 b05a 978a 5eb0 d4e6 450d 9b6a 8c49 %..Z..^...E..j.I 0x0090: 6c4d 77da c92c 434f 1c77 3de0 9a37 4089 lMw..,CO.w=..7@. 0x00a0: de5b 7da8 31a9 0970 9ba9 1cff 63a2 5123 .[}.1..p....c.Q# 0x00b0: 56ac aea9 8adf 93cd e696 aa32 382f 2f63 V..........28//c 0x00c0: efca fb9f ae3d b8e7 17f0 36b4 820b de1d .....=....6..... 0x00d0: d633 2a68 .3*h
00:00:00.491488 IP6 (class 0x20, flowlabel 0xf5a7f, hlim 60, next-header TCP (6) payload length: 20) one.one.one.one.853 > 2001:558:6043:2a:68eb:dda7:d65f:1456.37551: Flags [F.], cksum 0x1d6d (correct), seq 3419, ack 516, win 29, length 0
0x0000: 620f 5a7f 0014 063c 2606 4700 4700 0000 b.Z....<&.G.G...
0x0010: 0000 0000 0000 1001 2001 0558 6043 002a ...........X`C.*
0x0020: 68eb dda7 d65f 1456 0355 92af 5199 0378 h...._.V.U..Q..x
0x0030: 5e37 cde5 5011 001d 1d6d 0000 ^7..P....m..
00:32:54.604003 IP6 (hlim 64, next-header TCP (6) payload length: 20) 2001:558:6043:2a:68eb:dda7:d65f:1456.37551 > one.one.one.one.853: Flags [.], cksum 0x7b31 (incorrect -> 0x1b60), seq 516, ack 3420, win 554, length 0
0x0000: 6000 0000 0014 0640 2001 0558 6043 002a `......@...X`C.*
0x0010: 68eb dda7 d65f 1456 2606 4700 4700 0000 h...._.V&.G.G...
0x0020: 0000 0000 0000 1001 92af 0355 5e37 cde5 ...........U^7..
0x0030: 5199 0379 5010 022a 7b31 0000 Q..yP..*{1..
my concern is i have some coming back saying "incorrect"
Code:00:00:00.491488 IP6 (class 0x20, flowlabel 0xf5a7f, hlim 60, next-header TCP (6) payload length: 20) one.one.one.one.853 > 2001:558:6043:2a:68eb:dda7:d65f:1456.37551: Flags [F.], cksum 0x1d6d (correct), seq 3419, ack 516, win 29, length 0 0x0000: 620f 5a7f 0014 063c 2606 4700 4700 0000 b.Z....<&.G.G... 0x0010: 0000 0000 0000 1001 2001 0558 6043 002a ...........X`C.* 0x0020: 68eb dda7 d65f 1456 0355 92af 5199 0378 h...._.V.U..Q..x 0x0030: 5e37 cde5 5011 001d 1d6d 0000 ^7..P....m.. 00:32:54.604003 IP6 (hlim 64, next-header TCP (6) payload length: 20) 2001:558:6043:2a:68eb:dda7:d65f:1456.37551 > one.one.one.one.853: Flags [.], cksum 0x7b31 (incorrect -> 0x1b60), seq 516, ack 3420, win 554, length 0 0x0000: 6000 0000 0014 0640 2001 0558 6043 002a `......@...X`C.* 0x0010: 68eb dda7 d65f 1456 2606 4700 4700 0000 h...._.V&.G.G... 0x0020: 0000 0000 0000 1001 92af 0355 5e37 cde5 ...........U^7.. 0x0030: 5199 0379 5010 022a 7b31 0000 Q..yP..*{1..
does this imply i have insecure connections coming back...
See https://www.wireshark.org/faq.html#_why_am_i_seeing_lots_of_packets_with_incorrect_tcp_checksumsmy concern is i have some coming back saying "incorrect"
Code:00:00:00.491488 IP6 (class 0x20, flowlabel 0xf5a7f, hlim 60, next-header TCP (6) payload length: 20) one.one.one.one.853 > 2001:558:6043:2a:68eb:dda7:d65f:1456.37551: Flags [F.], cksum 0x1d6d (correct), seq 3419, ack 516, win 29, length 0 0x0000: 620f 5a7f 0014 063c 2606 4700 4700 0000 b.Z....<&.G.G... 0x0010: 0000 0000 0000 1001 2001 0558 6043 002a ...........X`C.* 0x0020: 68eb dda7 d65f 1456 0355 92af 5199 0378 h...._.V.U..Q..x 0x0030: 5e37 cde5 5011 001d 1d6d 0000 ^7..P....m.. 00:32:54.604003 IP6 (hlim 64, next-header TCP (6) payload length: 20) 2001:558:6043:2a:68eb:dda7:d65f:1456.37551 > one.one.one.one.853: Flags [.], cksum 0x7b31 (incorrect -> 0x1b60), seq 516, ack 3420, win 554, length 0 0x0000: 6000 0000 0014 0640 2001 0558 6043 002a `......@...X`C.* 0x0010: 68eb dda7 d65f 1456 2606 4700 4700 0000 h...._.V&.G.G... 0x0020: 0000 0000 0000 1001 92af 0355 5e37 cde5 ...........U^7.. 0x0030: 5199 0379 5010 022a 7b31 0000 Q..yP..*{1..
does this imply i have insecure connections coming back...
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!