WNR3500L v2 Dnsmasq problem

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3  Next
Author Message
thommy181
DD-WRT User


Joined: 16 Mar 2019
Posts: 353
Location: Szczecin, Poland EU

PostPosted: Tue Oct 12, 2021 10:40    Post subject: WNR3500L v2 Dnsmasq problem Reply with quote
I'm user of Netgear WNR3500L v2. It stay on the newest DD-WRT build from 10/10/21. I have dnsmasq server on router. Option WAN DNS Ignore is active. I'm use one server 8.8.8.8 for resolving. Since 2 - 3 last builds I see problem with dnsmasq. During open websites my web browser inform me about DNS problem (DNS_Probe_Started, DNS_Bad_Config). I'm start to check this problem and after login to router GUI I see 100% cpu usage. Probably that's problem with Dnsmasq packet. I'm kill dnsmasq via ssh and restart it. Sometimes device start working good, but sometimes 100% usage is still and I must totally reboot router via ssh. I try reboot with black button on case and unplug power and then restart device. Periodically that problem is exist. Rather I won't to restore factory default, I think it's problem with this one packet. I know the Dnsmasq was recently updated. Could you check the Dnsmasq correctly work. ? It may be some memory leaks. I have connected 2 devices - 1 computer with gigabit rj-45, Voip gateway on 100 mbit (cord), WIFI actually is unused, but turn on. On WAN is rj-45 gigabit technology with 300 mbit speed from ISP. ISP modem is restored and problem with Netgear is still.
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Tue Oct 12, 2021 12:56    Post subject: Reply with quote
Please post screenshots of your configuration and your additional dnsmasq configuration information. This topic has been well discussed and is more likely to be user error in configuration.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
thommy181
DD-WRT User


Joined: 16 Mar 2019
Posts: 353
Location: Szczecin, Poland EU

PostPosted: Tue Oct 12, 2021 15:46    Post subject: Reply with quote
I have enabled:
Dnsmasq service and use Dnsmasq as DNS, Ignore WAN DNS
- Cache DNSSEC data
- Validate DNS Replies (DNSSEC)
- Check unsigned DNS replies
- No DNS Rebind
- Query DNS in Strict Order

Additional configuration
- no resolv
- server=8.8.8.8
- domain-needed
- expand-hosts
- no-negcache

Options Add Requestor MAC to DNS Query and RFC4039 Rapid Commit support and DNS Encryption are disabled. In setup site DHCP server for LAN is totally disabled and all DNS fields have 0.0.0.0 IPs. DNS on workstations is configured to DD-WRT device IP and finally I use Google Public DNS service with only one server 8.8.8.8 Until Dnsmasq packet wasn't update that problem isn't appear. CPU have OC to 500 MHz, because it works better for fast internet (300 mbit+ plan from ISP). Device have applied radiators with termal past on mainboard. Temperature is 40 - 50 Celsiuss depend of system load. In normal enviroment I have max system load ~40 % when I'm strong use internet connection.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Tue Oct 12, 2021 16:38    Post subject: Reply with quote
Using only one DNS resolver is not going to give you 100% reliability. You should at least add server=8.8.4.4 to your additional dnsmasq configs, among other things.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
thommy181
DD-WRT User


Joined: 16 Mar 2019
Posts: 353
Location: Szczecin, Poland EU

PostPosted: Wed Oct 13, 2021 13:51    Post subject: Reply with quote
Today the same problem is again. Suddenly DNS based on Dnsmasq stop working, errors in web browser. Login to GUI and I see 100% cpu usage. After restart dnsmasq service via ssh, usage drop to 5 - 8 %. DNS working again. That problem is burdensome and I'm restart ISP modem for test. That not solve this problem, in my opinion it's problem with Dnsmasq after update it in DD-WRT project. Could somebody to check DD-WRT code. It's rather not DDOS, because I don't see any suspicious events in connections list.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed Oct 13, 2021 15:29    Post subject: Reply with quote
If you're going to rely on only one DNS server, you are going to shoot yourself in the foot. This is a configuration issue. You should have at least two DNS servers, if not six.

https://en.wikipedia.org/wiki/Google_Public_DNS
https://public-dns.info/
https://en.wikipedia.org/wiki/Public_recursive_name_server

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Sun Oct 17, 2021 8:07    Post subject: Reply with quote
wright...i can report similar issues ...and i also consolidate it with some other forum members, although im still observing/gathering more data...i can report similar issues...im using stub resolver (stubby) via Entware...and it stalls on random occasions...on my R7800 mainly...

I do have a multiple revolvers, round robin 1, there is nothing in stubby debug, nor in the DDWRT syslog that could point me out to anything..., solves the problem...I was restarting stubby, but desided to see if DNSmasq restart helps too...so i guess as it helps its more linked to it...
It happens very likely after second day of use..and no clients connected to the router for a bit of a time...
It started to be more obvious after DSNmasq update...
I wont deny that, there was a GetDNS and Stubby update recently too, so it could be down to those...that's why i'm still investigating...
I'm using primary quad9 and nextdns...as well some other with filtering..all DNS's i use have filtering capabilities...
I do not have a heavy DNS use to overrun the DNS default concurrent requests of 100...but just to test it...i tried to increase it up to 200

I also used to use SmartDNS via jffs script and it happened as well... DNS stalls on random occasions...and this was the reason i left it and moved to good old Stubby and its the same...I also see some similar reports regarding SmarDNS recently on the forum too...

do notice DNSmasq still shows duplicate BR1

interface=br0,vlan3,br1,br1
resolv-file=/tmp/resolv.dnsmasq
strict-order
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=56
dhcp-option=br0,3,192.168.1.1
dhcp-option=br1,3,192.168.2.1
dhcp-authoritative
dhcp-range=br0,192.168.1.100,192.168.1.103,255.255.255.0,360m
dhcp-range=br1,192.168.2.100,192.168.2.149,255.255.255.0,1440m
dhcp-host=xx:xx:xx:xx:xx:xx,Doom-PC,192.168.1.100,infinite
dhcp-host=xx:xx:xx:xx:xx:xx,BoomROG,192.168.2.101,infinite
bogus-priv
conf-file=/etc/rfc6761.conf
conf-file=/etc/trust-anchors.conf
dnssec
dnssec-check-unsigned
proxy-dnssec
stop-dns-rebind
dhcp-option=252,"\n"
cache-size=1000
addn-hosts=/tmp/dlhosts
no-negcache
domain-needed
filterwin2k
dhcp-option=43,01:04:00:00:00:02
no-poll
no-ping
dns-loop-detect
no-resolv
server=127.0.0.1#1213
ipset=/piratepublic.com/PIRATEPUBLIC

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sun Oct 17, 2021 10:53    Post subject: Reply with quote
I'm using essentially the same config as the OP with a few variations and more than one dns server and haven't noticed any issues. Same config for quite some time. Don't know, but it's not DD-WRT as far as I am concerned.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Evengard
DD-WRT Novice


Joined: 03 Jul 2021
Posts: 15

PostPosted: Sun Oct 17, 2021 13:18    Post subject: Reply with quote
Actually, I stumbled upon that problem with recent DD-WRT builds. After I reverted back to a "known working" (for me 47097) it all went away.
I'm using 3 DNS servers (one relayed from my WAN, two - Google public DNS 8.8.8.8 and 8.8.4.4). Surprisingly this seems to happen only when using Windows, and never happened through Android usage.
Sometimes a DNS query fails immediately, and if I press "refresh" in my browser with the said error it is immediately successful. It never happens using nslookup, but may happen when using consecutive "ping" calls.
Code:
interface=br0
resolv-file=/tmp/resolv.dnsmasq
strict-order
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=102
dhcp-option=br0,3,192.168.3.1
dhcp-authoritative
dhcp-range=br0,192.168.3.100,192.168.3.199,255.255.255.0,1440m
dhcp-host=48:A4:72:D3:AA:4A,TriOpPower,192.168.3.2,5m
dhcp-host=30:F7:72:76:ED:F9,Printer,192.168.3.3,5m
bogus-priv
conf-file=/etc/rfc6761.conf
stop-dns-rebind
dhcp-option=252,"\n"
cache-size=1500
all-servers
no-negcache

That's my (generated) dnsmasq. The same bugs out with builds 47528 and 47495, but works totally fine 47097.
My router - R7000.
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 764
Location: Pittsburgh, PA USA

PostPosted: Sun Oct 17, 2021 17:18    Post subject: Reply with quote
I am seeing the same behavior on both a Linksys EA6700 and a (non-Broadcom) WRT1900AC. My configuration is as identical as possible on both routers, which includes Stubby in a manner very similar to Alozaros. From advice in another thread, I took the IPV6 server addresses out of stubby.yml and just left the IPV4 addresses (I use Cloudflare 1.1.1.1). It has only been a couple of days, but I haven't seen the same intermittent failures to resolve DNS names.

My ISP does not have native IPV6, so I'm using Hurricane Tunnelbroker for IPV6. Hopefully this will help someone else.

_________________
__________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sun Oct 17, 2021 19:12    Post subject: Reply with quote
Is this with browser-based secure DNS *disabled* or *enabled*?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 764
Location: Pittsburgh, PA USA

PostPosted: Sun Oct 17, 2021 19:45    Post subject: Reply with quote
kernel-panic69 wrote:
Is this with browser-based secure DNS *disabled* or *enabled*?



DNSMASQ.jpg
 Description:
 Filesize:  27.27 KB
 Viewed:  3411 Time(s)

DNSMASQ.jpg



_________________
__________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sun Oct 17, 2021 22:39    Post subject: Reply with quote
That doesn't look like your browser's settings...
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
dpp3530
DD-WRT Guru


Joined: 12 Dec 2007
Posts: 764
Location: Pittsburgh, PA USA

PostPosted: Sun Oct 17, 2021 23:03    Post subject: Reply with quote
kernel-panic69 wrote:
That doesn't look like your browser's settings...


Misunderstood the question. I turned off Secure DNS in Chrome, Edge, and Firefox.

_________________
__________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sun Oct 17, 2021 23:34    Post subject: Reply with quote
Some of your settings don't make sense to me. You're validating DNS replies, but not caching them or encrypting DNS.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum