DNS - is this "normal"?

[rhester72]

Running a very standard setup on 75/75 FiOS, using Google Public DNS for my upstream resolvers (IPv4 via Verizon and IPv6 via Hurricane Electric).

I've noticed the following stats:

Nov  1 16:19:33 172.16.0.1 dnsmasq[6461]: server 2001:4860:4860::8844#53: queries sent 27327, retried or failed 2164
Nov  1 16:19:33 172.16.0.1 dnsmasq[6461]: server 2001:4860:4860::8888#53: queries sent 25541, retried or failed 2183
Nov  1 16:19:33 172.16.0.1 dnsmasq[6461]: server 8.8.8.8#53: queries sent 30349, retried or failed 2634
Nov  1 16:19:33 172.16.0.1 dnsmasq[6461]: server 8.8.4.4#53: queries sent 31523, retried or failed 3235

The numbers for "retried or failed" seem rather high to me. I have to believe that my network isn't dropping nearly 10% of the Internet-bound packets, so what else counts as a "failed" query (for instance, if I forward an A-record lookup for doesntexistatall.com, is that a "failure")?

I guess what I'm really asking is whether NXDOMAIN counts (obviously SERVFAIL does, but I *sincerely* doubt that Google produces very many of those).

For the record, I've noticed the same thing even when using unbound internally as a real recursive DNS (and unhooking Google) - at that point, nearly 20% of the total fell under "retried or failed".

It doesn't seem to be that I'm under any performance stress, maximum CPU utilization of the router thus far is around 27%, and memory usage is about 66MB (out of 256MB on my RT-N66U).

Any thoughts?

Rodney

 

[rhester72]

Even more interesting data:

If I enable strict-order, my failure rate drops from ~10% to about 0.25%. :/

Rodney

 

[rhester72]

By the way, if you aren't sure how to generate these stats, you can do so without disruption (on a one-time basis) via ssh by issuing the following:

killall -s USR1 dnsmasq

and then looking at your system log (either via GUI or by issuing "tail /tmp/syslog.log" on the router via SSH).

Rodney