11

I looked up the man page and couldn't find how long dnsmasq cache a dns. what's the rule for caching and expiration?

I am having a problem that request send to an external service sometimes takes over 5 or 10 seconds for namelookup. I could save the external service ip to /etc/hosts but I am afraid of ip change. Installing Dnsmasq improves name lookup but slow namelookup still happens with less frequency.

One solution is to setup a simple ping in cron job but I need to find out the expiration time first.

thanks.

UPDATE

added dig output

; <<>> DiG 9.8.1-P1 <<>> api.mch.weixin.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45012
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;api.mch.weixin.qq.com.             IN      A

;; ANSWER SECTION:
api.mch.weixin.qq.com.      0       IN      A       140.207.69.102

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 17 19:24:36 2015
;; MSG SIZE  rcvd: 55

UPDATE 2

the previous dig output contains TTL as 0 which is misleading. I have posted another dig output.

; <<>> DiG 9.8.1-P1 <<>> api.mch.weixin.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60900
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;api.mch.weixin.qq.com.             IN      A

;; ANSWER SECTION:
api.mch.weixin.qq.com.      181     IN      CNAME   forward.qq.com.
forward.qq.com.             181     IN      A       101.226.90.149
forward.qq.com.             181     IN      A       101.226.129.200

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 21 12:01:54 2015
;; MSG SIZE  rcvd: 99
perlwle
  • 141
  • 1
  • 2
  • 8

2 Answers2

10

DNSmasq uses the DNS TTL value for determining the caching period. You can use the dig command to query the current TTL of your DNS server for that domain.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
  • Do you mean that dnsmasq only cache dns within the TTL period? I updated my question with the dig output. – perlwle Jul 17 '15 at 11:21
  • 1
    Yes, only the TTL period is used for caching. And your TTL is 0, so DNSmasq will always make the query to the authorative DNS server. – Tero Kilkanen Jul 17 '15 at 11:28
  • However, as stated in the manual, you can use *--max-cache-ttl* to force lower TTL for cached values (haven't tested it myself). – sam_pan_mariusz Jul 17 '15 at 13:21
  • @TeroKilkanen `Query time: 0msec` means a cache hit to dnsmasq. but how long dnsmasq will keep the dns record in cache? – perlwle Jul 17 '15 at 16:26
  • @sam_pan_mariusz I think you meant the `--max_ttl` flag? I would rather to always get the right IP than miss the external service IP change. – perlwle Jul 17 '15 at 16:29
  • DNSmasq doesn't keep the record in the cache when the TTL is 0. If you set the TTL larger in the authorative DNS server, then DNSmasq will cache it. – Tero Kilkanen Jul 17 '15 at 18:49
  • @perlwle No, I meant *--max-cache-ttl*. The manual could be more detailed on this one. This isn't a real answer for your problem (although may be useful here), rather a supplement to the answer commented. – sam_pan_mariusz Jul 18 '15 at 07:46
  • @TeroKilkanen I am not sure why the TTL is 0. I tried few times later and it's value always decremental. maybe a coincident.. – perlwle Jul 20 '15 at 15:09
  • @sam_pan_mariusz Thanks for bringing that setting to my attention. I am using dnsmasq 2.5.9 from ubuntu 12.04. Doesn't seem to have that setting. – perlwle Jul 20 '15 at 15:12
  • @perlwle TTL will always decrease with time. A fresh lookup will have the TTL which is set by the controller of the domain. It is a number in seconds, and it counts down to zero, once it is zero, it is considered stale, and a fresh query needs to run. It is possible for a third party to interfere in a significant manner with DNS lookups, as is the case with the GFW which is the reason the --min-cache-ttl was introduced to dnsmasq. Increasing the max-[cache-]ttl above the value dnsmasq recieves will have no effect whatsoever. – Phizes Jul 20 '15 at 18:17
  • @perlwle I know it's in 2.71, and `--min-cache-ttl`, as mentioned by @Phizes, is available since in 2.73. – sam_pan_mariusz Jul 21 '15 at 10:40
5

The option you will need to set for dnsmasq is --min-cache-ttl, the value is in seconds.

According to the dig output, the TTL is 0, if you set this to, say --min-cache-ttl=600, then the TTL value which will be returned by dig will be 600. The TTL for api.mch.weixin.qq.com from where I am is 600, so setting it to 600 seconds yourself should be reasonably safe in avoiding missing any IP changes. (I'm guessing you are located in China.)

This will cause all DNS records to be considered valid for 10 minutes.

See the dnsmasq mailing list message detailing the introduction of this feature.

Phizes
  • 151
  • 4
  • I am going to ping every 10 minutes or so and hopefully that will fix the dns lookup lag. As mentioned in previous comment, I am using an older version which doesn't have that setting. Correct me if I am wrong.. However, if it is available, setting it to 600 will be the same as the external service TTL. That won't make any difference, will it? – perlwle Jul 20 '15 at 15:21
  • 1
    @perlwle No, it would not, I had assumed you always received a TTL of zero, increasing it to 1200 would help. I would suggest looking into [DNSCrypt](http://dnscrypt.org/). Without further information as to how long lookups take, your connection speed, and the effects of 3rd parties, I cannot give a clearer answer. If you need a more powerful DNS cache/resolver, I would recommend the basic part of [this tutorial](https://calomel.org/unbound_dns.html) about Unbound, it works on Ubuntu 12.04 perfectly well from the standard repositories. (Note that Google DNS properly handles DNSSEC now.) – Phizes Jul 20 '15 at 18:18
  • 1
    Also note dnsmasq 'local-ttl' for those host file entries – KCD Feb 04 '16 at 08:51