Caching DNS in pfSense

hoba

Not sure but this will break any dyndns urls (especially if they are run in germany where providers usually drop your line every 24 hours to get you a new IP).

ptaylor

That is true for some users..

This doesn't appear to be much of an issue though, considering the number of replies I've gotten so far.

ptaylor

Perhaps I've found the answer…

According to this page:
http://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

Dnsmasq only caches 150 names by default:

-c, --cache-size= <cachesize>Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.

So, would anyone else be interested in adding an option to increase this?

If not, if I added the option, could it be added to pfSense?  (I'm can commit to the monowall repository, if it helps me qualify to submit code)

Paul</cachesize>

sullrich

Would be a fine option.  Can you submit a diff against head?

ptaylor

Give me a few days to get up to speed.. I haven't even downloaded the developer edition yet…

I'll have to look through the docs to get started.

sullrich

http://www.pfsense.com/~sullrich/RC2a/pfSense-Developers.iso is the latest version.

Good luck!

ptaylor

Poked around a bit more and I'm not sure that this option will help me…  By sending a SIGUSR1 signal to dnsmasq, it puts stats for the cache in the syslog (though they are not very verbose)..

From the previously sited man page:

When it receives a SIGUSR1, dnsmasq writes cache statistics to the system log. It writes the cache size, the number of names which have had to removed from the cache before they expired in order to make room for new names and the total number of names that have been inserted into the cache.

So, a kill -USR1 for my dnsmasq process gets me:

dnsmasq[2588]: cache size 150, 0/2391 cache insertions re-used unexpired cache entries.

If I'm reading this right, it looks like 2391 dns names have been cached since my last restart, and of those 0 have been removed before they expired…  So, I take it that they are all expiring, possibly based on TTL.

I'm thinking that adding this option wouldn't buy me anything, though it may be useful for people who have large and very busy pfSense machines.

Another thing that I was considering adding to pfSense is my State table from Monowall.  I'd just have to parse pftop instead of ipfstat.  The big advantage to using it over pftop is that you could also do statistics snapshots, then do a delta, so you can see who is using the most bandwidth at that moment...  (Of course, you may be able to do something similar with pftop, not sure)

I'll grab the Dev ISO and see if I can install it in a VM and get started with something, probably this weekend.

sullrich

Once your in pftop, run ? to see all of the options.  You can sort by rate, bytes, etc.

ptaylor

In looking at pftop closer, it looks like the only advantage my states page has is that you can view delta values.  So, if you have long-lived connections, you can view the delta value of how much data has been transfered since you took the snapshot.  So, that would let you see who was using the most bandwidth since taking the stats snapshot…

Plus, it's a nice interface that is convenient to see via the webgui.

sullrich

I am all for it.  Thats something that could be included in 1.0 immediately as a package, too.