Home |  Electronics |  Toolbox |  Gini and Karl's world |  E-cards |  Photos |  Online-Shop


story time | science club | math blog | computer corner | penguin page | Antoin's blog

Speeding up the web experience with a dnsmasq DNS cache (ubuntu 16.04)

DNS name resolution is often what causes "the internet" to appear "slow". Name resolution in Ubuntu 16.04 works such that /etc/resolv.conf points to 127.0.1.1 and dnsmasq is listening at that address. dnsmasq itself is dynamically configured by network manager through dbus messages. If you change your upstream network connection (e.g from wifi to Ethernet) then both the dnsmasq process and /etc/resolv.conf remain unchanged. Instead network manager sends messages to dnsmasq to let it know that the upstream DNS server has changed.

You can monitor that communication between network manager and dnsmasq with the command:
dbus-monitor --system

If you check how the dnsmasq process was started then you will see something like that:
# ps axuw | grep dnsm
nobody    5591  0.0  0.0  60492  4300 ?        S    22:13   0:00 /usr/sbin/dnsmasq --no-resolv 
--keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid 
--listen-address=127.0.1.1 --cache-size=0 --proxy-dnssec 
--enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d


Somebody decided to put "--cache-size=0" which is just slowing down everything. They will tell you probably that this is for security reasons but on a laptop that is just used by one user at a time there is really no reason to disable caching.

How do we turn it back on?

vi /etc/NetworkManager/dnsmasq.d/cache.conf

and put inside:

cache-size=1000
neg-ttl=900
log-queries

After that run "systemctl restart network-manager" 
or just restart the computer.

You will see that the dnsmasq process is still started with "--cache-size=0" but there is dynamic configuration between network manager and dnsmasq and that may overwrite things.

How do we know that caching is working? The "log-queries" will log all request in /var/log/syslog and you will see which requests are answered from cache:
Dec 17 10:58:38 lenie dnsmasq[2256]: query[A] www.fastmail.com from 127.0.0.1
Dec 17 10:58:38 lenie dnsmasq[2256]: cached www.fastmail.com is 66.111.4.148
Dec 17 10:58:38 lenie dnsmasq[2256]: cached www.fastmail.com is 66.111.4.147
Dec 17 10:58:40 lenie dnsmasq[2256]: query[A] www.fastmail.com from 127.0.0.1
Dec 17 10:58:40 lenie dnsmasq[2256]: cached www.fastmail.com is 66.111.4.147

You can also test it using a domain that you have not used yet today:
# dig @127.0.1.1 lwn.net
...
;; ANSWER SECTION:
lwn.net.		3281	IN	A	45.33.94.129

;; Query time: 122 msec

Now repeat the dig-query and the query time should go down:

# dig @127.0.1.1 lwn.net
...
;; ANSWER SECTION:
lwn.net.		3179	IN	A	45.33.94.129

;; Query time: 0 msec

Now we know for sure that the cache is making a difference. You could remove the "log-queries" from /etc/NetworkManager/dnsmasq.d/cache.conf if you don't want to fill up system logs with DNS queries.

How do we know which up-stream DNS server is used by our dnsmasq cache? The easiest way to see that (besides monitoring the communication between network manager and dnsmasq) is to print the configuration with nmcli:
# nmcli device show
...
GENERAL.DEVICE:                         wls1
GENERAL.TYPE:                           wifi
GENERAL.HWADDR:                         00:1E:65:C6:42:8C
GENERAL.MTU:                            0
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     homewifi
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/1
IP4.ADDRESS[1]:                         10.0.0.3/24
IP4.GATEWAY:                            10.0.0.2
IP4.DNS[1]:                             10.0.0.1

...

Near the name of your connection (homewifi in the above example) you should see one or more IP4.DNS... entries. This is what dnsmasq will be using as up-stream servers.

Besides the above cache which will work according to the specified TTL (time to live) of the domain owner there is as well a rather short lived fixed time cache in Firefox. Open "about:config" and search for dnsCache. The network.dnsCacheExpiration time is in seconds. So firefox caches entries for 60 seconds by default.
firefox dns cache


Back to: "No preservatives added"



Copyright © 2004-2018 Guido Socher