Drop / Stop queries after configurable timeout

[JsBergbau]

Have a question or an idea? Please search it on our forum to make sure it was not yet asked. If you cannot find what you had in mind, please submit it here.

Prerequisites

Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

• [x] I am running the latest version
• [x] I checked the documentation and found no answer
• [x] I checked to make sure that this issue has not already been filed

Problem Description

When AdGuard is running on a quite slow machine like a Raspberry PI and a lot of DNS-Resolvers are configured and there are a lot of DNS requests AdGuard fills up a internal queue and so slowing down everything even more.

Proposed Solution

There is a configurable timeout like 5 seconds. If queries are not answered / processed within this interval they are dropped.

Alternatives Considered

Additional Information

To reproduce this problem:

Configure AdGuard as DNS-Server on Raspberry PI Zero W with these resolvers

tls://dot.ffmuc.net
tls://dns.digitale-gesellschaft.ch
tls://unicast.uncensoreddns.org
tls://dot1.applied-privacy.net
tls://dns3.digitalcourage.de

Now go to https://browserleaks.com/dns and start the test.

Watch at the CPU and try to do a dnsquery in parallel like ping heise.de

This is the log what happened. I did a ping to idealo.de It took 5 seconds until request was answered. In the meantime windows was repeating the request. AdGuard did queue all these requests and they took 13, 14 and even 54 (!) seconds to complete.

After a timeout of about 5 seconds request won't be processed anymore so you can drop it.

Also it makes sense to have a queue "running requests" so that if another dns request for the same name comes in AdGuard sees that it is already processing and thus waiting for the first result to arrive and then serve the answer from the cache. Screenshot from above indicates that if the same request comes in and isn't in cache it is forwarded to upstream multiple times.

PS: Limit of maximum 20 queries per second and client is still set.

[JsBergbau]

Additional information:

Unbound has a setting jostle-timeout which defaults to 200ms and thus is much smaller as my suggestion of 5 seconds. https://nlnetlabs.nl/documentation/unbound/unbound.conf/

[jostle-timeout:]() <msec>
              Timeout  used when the server is very busy.  Set to a value that
              usually results in one roundtrip to the authority  servers.   If
              too  many queries arrive, then 50% of the queries are allowed to
              run to completion, and the other 50% are replaced with  the  new
              incoming  query  if  they have already spent more than their al-
              lowed time.  This protects against denial  of  service  by  slow
              queries or high query rates.  Default 200 milliseconds.  The ef-
              fect is that the qps for long-lasting  queries  is  about  (num-
              queriesperthread  /  2)  /  (average time for such long queries)
              qps.  The qps  for  short  queries  can  be  about  (numqueries-
              perthread  /  2)  /  (jostletimeout  in  whole  seconds) qps per
              thread, about (1024/2)*5 = 2560 qps by default.

[JsBergbau]

Problem is still relevant

[ainar-g]

Apologies for the long silence. Yes, this is a feature we should definitely implement.

[leo15dev]

Sorry for reply old issues, I think this feature request is very necessary to implement. The problem I encountered is that when your ISP is doing maintenance, you lost your wan connection, but the DNS query in your home inter network worked as usual, it will led to the DNS queries amounts in AdGuard Home be explode, and it will also make the statistics not real (Average upstream response time, Average processing time ).