Open JsBergbau opened 2 years ago
Additional information:
Unbound has a setting jostle-timeout
which defaults to 200ms and thus is much smaller as my suggestion of 5 seconds.
https://nlnetlabs.nl/documentation/unbound/unbound.conf/
[jostle-timeout:]() <msec>
Timeout used when the server is very busy. Set to a value that
usually results in one roundtrip to the authority servers. If
too many queries arrive, then 50% of the queries are allowed to
run to completion, and the other 50% are replaced with the new
incoming query if they have already spent more than their al-
lowed time. This protects against denial of service by slow
queries or high query rates. Default 200 milliseconds. The ef-
fect is that the qps for long-lasting queries is about (num-
queriesperthread / 2) / (average time for such long queries)
qps. The qps for short queries can be about (numqueries-
perthread / 2) / (jostletimeout in whole seconds) qps per
thread, about (1024/2)*5 = 2560 qps by default.
Problem is still relevant
Apologies for the long silence. Yes, this is a feature we should definitely implement.
Sorry for reply old issues, I think this feature request is very necessary to implement. The problem I encountered is that when your ISP is doing maintenance, you lost your wan connection, but the DNS query in your home inter network worked as usual, it will led to the DNS queries amounts in AdGuard Home be explode, and it will also make the statistics not real (Average upstream response time, Average processing time ).
Have a question or an idea? Please search it on our forum to make sure it was not yet asked. If you cannot find what you had in mind, please submit it here.
Prerequisites
Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
Problem Description
When AdGuard is running on a quite slow machine like a Raspberry PI and a lot of DNS-Resolvers are configured and there are a lot of DNS requests AdGuard fills up a internal queue and so slowing down everything even more.
Proposed Solution
There is a configurable timeout like 5 seconds. If queries are not answered / processed within this interval they are dropped.
Alternatives Considered
Additional Information
To reproduce this problem:
Configure AdGuard as DNS-Server on Raspberry PI Zero W with these resolvers
Now go to https://browserleaks.com/dns and start the test.
Watch at the CPU and try to do a dnsquery in parallel like
ping heise.de
This is the log what happened. I did a ping to idealo.de It took 5 seconds until request was answered. In the meantime windows was repeating the request. AdGuard did queue all these requests and they took 13, 14 and even 54 (!) seconds to complete.
After a timeout of about 5 seconds request won't be processed anymore so you can drop it.
Also it makes sense to have a queue "running requests" so that if another dns request for the same name comes in AdGuard sees that it is already processing and thus waiting for the first result to arrive and then serve the answer from the cache. Screenshot from above indicates that if the same request comes in and isn't in cache it is forwarded to upstream multiple times.
PS: Limit of maximum 20 queries per second and client is still set.