DNS timeout weirdness

[Saus]

Hi guys,

Please help me with this weirdness I suffer with DNS timeouts. Background:
- recently migrated from RT-AC86 to AXE-16000
- using AMTM/Diversion, large list

This happens:

rvds@RoutingBakkie:/tmp/home/root# nslookup brazzers.com

Server: 127.0.0.1

Address 1: 127.0.0.1 localhost.localdomain

Name: brazzers.com

Address 1: 66.254.114.234 reflectededge.reflected.net


rvds@RoutingBakkie:/tmp/home/root# nslookup asus.com

Server: 127.0.0.1

Address 1: 127.0.0.1 localhost.localdomain

nslookup: can't resolve 'asus.com'


rvds@RoutingBakkie:/tmp/home/root# nslookup asus.com

Server: 127.0.0.1

Address 1: 127.0.0.1 localhost.localdomain

nslookup: can't resolve 'asus.com'


rvds@RoutingBakkie:/tmp/home/root# nslookup geeksforgeeks.com

Server: 127.0.0.1

Address 1: 127.0.0.1 localhost.localdomain

Name: geeksforgeeks.com

Address 1: 199.59.243.222


rvds@RoutingBakkie:/tmp/home/root# nslookup asus.com

Server: 127.0.0.1

Address 1: 127.0.0.1 localhost.localdomain

Name: asus.com

Address 1: 103.10.4.216 asus.xn--fiq66s

In other words, seems quite random, a domain (repeatedly) can't get resolved, while others can, and after a little while, that one can again, too.

I have tried switching from ISP DNS to others, such as Google, OPENDns etc. and currently running with 8 servers and --all-servers in dnsmasq.conf -- so the upstream servers cannot be the problem I would think.

Also log-async, so DNSMasq should not be choking.

Mem, is huge, have a 10gb swap on usb in addition.

Proc power on this quadcore unit... should not be it either.

Otherwise I don't think I have done anything special in terms of configs.

Also I tested the above straigth on the router via SSH to avoid any client issues.

Whelp!

 

[bbunge]

Your 10 GB swap is too big! Rule of thumb is a swap less than or equal to the system RAM. But that is not the problem.
Eight upstream resolvers? Why? Use two in the WAN DNS settings then two DoT but four if you use IPV6.
And Diversion is not slowing things down....

 

[Saus]

Thanks very much. Ok noted re swap.

Please note that I added the 8 upstreams only after the problems occurred, to test whether that would mitigate. So not the root cause (tried it without to verify).

Not Diversion (why are you sure?) -- what then?

 

[L&LD]

A swap file is either used or not. There is no such thing as swap being 'too big'.

 

[ColinTaylor]

A swap file is either used or not. There is no such thing as swap being 'too big'.

This is incorrect. Applications may adjust their memory usage based on how much virtual memory is available. Having too high a ratio of virtual to real memory encourages the occurrence of thrashing, potentially causing the router to "grind to a halt". The slower the backing storage is the worse the problem becomes. It is therefore important that swap space is sized appropriately for the given environment taking into account the speed of the backing store (e.g. fast SSD vs slow USB flash drive).

Virtual memory - Wikipedia

en.wikipedia.org

 

[dave14305]

Follow the unfiltered dnsmasq log in diversion and see what gets logged when you make the query in another session.

 

[L&LD]

This is incorrect. Applications may adjust their memory usage based on how much virtual memory is available. Having too high a ratio of virtual to real memory encourages the occurrence of thrashing, potentially causing the router to "grind to a halt". The slower the backing storage is the worse the problem becomes. It is therefore important that swap space is sized appropriately for the given environment taking into account the speed of the backing store (e.g. fast SSD vs slow USB flash drive).

Virtual memory - Wikipedia

en.wikipedia.org

What you've stated is correct, in its own context. However, what does that have to do with the OP? Nowhere is it indicated that the swap file is the issue here.

 

[ColinTaylor]

What you've stated is correct, in its own context. However, what does that have to do with the OP? Nowhere is it indicated that the swap file is the issue here.

It has nothing to do with the OP's problem and neither did your post. I was just correcting your statement that "A swap file is either used or not. There is no such thing as swap being 'too big'." which might mislead other readers.

 

[ColinTaylor]

Follow the unfiltered dnsmasq log in diversion and see what gets logged when you make the query in another session.

@Saus Look for NXDOMAIN results.

 

[L&LD]

You don't need to correct my post. I know how I wrote it. It was in response to the posts above mine.

If a swap file can be too big, that is an OS issue and not the size of the swap file.

 

[Saus]

For those quibbling about that: I adjusted the swap to the size of my real mem. So that’s out of the way.

I will look at the log in the way suggested and revert, thanks all!

 

[B255ea006]

This is incorrect. Applications may adjust their memory usage based on how much virtual memory is available. Having too high a ratio of virtual to real memory encourages the occurrence of thrashing, potentially causing the router to "grind to a halt". The slower the backing storage is the worse the problem becomes. It is therefore important that swap space is sized appropriately for the given environment taking into account the speed of the backing store (e.g. fast SSD vs slow USB flash drive).

Virtual memory - Wikipedia

en.wikipedia.org

Hi @ColinTaylor

What does that mean?

And how do i calculate the correct size of an SWAP file?

I do have an ASUS RT-AX86S with 1,8 GHz dual-core processor, 256MB Flash and 512MB RAM.

Are 10 GB for a SWAP file OK?

My SanDisk Ultra Fit 32 GB USB 3.1 Flash-Drive with max. 130 MB/s read speed.

 

[Crimliar]

Umm, depending on how the router is set up isn't what the OP is seeing from nslookup what happens when a domain name is blocked by diversion?

 

[Saus]

Umm, depending on how the router is set up isn't what the OP is seeing from nslookup what happens when a domain name is blocked by diversion?

For the experts, to answer definitively, but I do not think so. Firstly, eventually the domain, does get resolved. Secondly, looking at the dnsmasq log follow, it clearly states when something is blocked.

 

[belleDESiRE]

I am having the same issue on a very similar setup for the past year.
Sometimes dns resolution just stops working for a second or so, happens maybe once every few days. refreshing/retrying will eventually successfully start resolving again

AXE-16000, coming from an AX-88U (which also did this, btw)
Aimesh with 2x Rog Rapture GT6
amtm, diversion (just updated to 5.0, oisd big + hagezi pro), skynet
pagefile 2GB

Did you actually manage to fix this issue?

 

[bbunge]

I am having the same issue on a very similar setup for the past year.
Sometimes dns resolution just stops working for a second or so, happens maybe once every few days. refreshing/retrying will eventually successfully start resolving again

AXE-16000, coming from an AX-88U (which also did this, btw)
Aimesh with 2x Rog Rapture GT6
amtm, diversion (just updated to 5.0, oisd big + hagezi pro), skynet
pagefile 2GB

Did you actually manage to fix this issue?

You might try a different DNS than Quad9. I have experienced delays or lag with Quad9 that I attributed to my ISP and their wonky Anycast settings. I have used Cloudflare with better success but am now using OpenDNS with DoT. All three seem to have resolvers in the same data center but Cloudflare Security and OpenDNS work better for me.

 

[glens]

If DNS is slow for /every/ request it's likely a local problem. For only /some/ requests, the problem lies beyond your reach; allocate your attention elsewhere.

 

[belleDESiRE]

You might try a different DNS than Quad9. I have experienced delays or lag with Quad9 that I attributed to my ISP and their wonky Anycast settings. I have used Cloudflare with better success but am now using OpenDNS with DoT. All three seem to have resolvers in the same data center but Cloudflare Security and OpenDNS work better for me.

I've tried cloudflare alone also for a while and also a mix of quad9 and cloudflare together, same issue.

If DNS is slow for /every/ request it's likely a local problem. For only /some/ requests, the problem lies beyond your reach; allocate your attention elsewhere.

It indeed is only for some requests and for a short duration like mentioned. Just curious if Saus found a solution as he was having the exact same issue.

 

[Treadler]

I've tried cloudflare alone also for a while and also a mix of quad9 and cloudflare together, same issue.


It indeed is only for some requests and for a short duration like mentioned. Just curious if Saus found a solution as he was having the exact same issue.

Maybe try turning DOT off for a bit, & see if the problem goes away?
Ive heard of DOT having intermittent hassles like this for some people.

 

[coxhaus]

You probably do not want to use QUAD9 and cloudflare together. The problem is if QUAD9 blocks an IP address then cloudflare will resolve it and defeat QUAD9 blocking bad IP addresses. This would be bad.