search

home-assistant / plugin-dns

CoreDNS implementation for Home Assistant
Apache License 2.0
20 stars 14 forks source link

Massive CPU usage when local dns is forced #124

Closed Hobbler7 closed 6 months ago

Hobbler7 commented 11 months ago

Describe the issue you are experiencing

I5 6600t running proxmox with HAOS 2023.10.5 in a supervised vm, enabled DNS over HTTPS on my router a few days ago. This morning I checked proxmox to find the HAOS vm using 75% of the two processors that were dedicated to it, along with 5-10mbit up and down network traffic. I disabled all integrations, tried to track down what was using the resources with no luck. Ended up nuking my proxmox server and installing the latest version, and reinstalling HA. There was no change! Then I happened on a post that obliquely referred to fallback dns. I promptly disabled DNS hijacking on my router. The cpu usage of HAOS promptly dropped down to 1.5 percent. I used the console comand to disable fallback dns. Can you please implement at least some kind of rate limiting to your fallback dns requests? Maybe a certain number of tries to contact other dns servers before disabling the fallback option? This was an entirely (other than the update to proxmox that I had been putting off) wasted afternoon, thinking my HAOS vm had been compromised.

What operating system image do you use?

generic-x86-64 (Generic UEFI capable x86-64 systems)

What version of Home Assistant Operating System is installed?

6.1.59

Did you upgrade the Operating System.

Yes

Steps to reproduce the issue

1.Force HA to connect to only the local dns server in your router 2.Reboot HA 3.High cpu usage and high network traffic to your router ...

Anything in the Supervisor logs that might be useful for us?

no

Anything in the Host logs that might be useful for us?

no

System information

No response

Additional information

No response

agners commented 11 months ago

There have been PRs to mitigate some of the issues we have seen, such as https://github.com/home-assistant/plugin-dns/pull/82.

It seems that there are still situation where things go awry then I guess? :thinking:

I promptly disabled DNS hijacking on my router.

What type of router are you using? Do you know what this DNS hijacking feature exactly does?

Hobbler7 commented 11 months ago

I’m running an Ubiquiti Edgerouter 4, flashed to openwrt 23.05. The https-dns-proxy package handles redirecting all internal dns requests to my router, which is connected via dns over https to cloudflare and quad 9 dns servers. No alternate unencrypted dns requests are allowed to exit my network.

Hobbler7 commented 11 months ago

Thanks for your attention.

Hobbler7 commented 11 months ago

Wh does that have anything to do with the absurd behaviour of HA when alternative dns servers aren’t available?

agners commented 6 months ago

This is most likely fixed with #134.