search

lancachenet / lancache-dns

DNS Docker service for a lancache.
https://hub.docker.com/r/lancachenet/lancache-dns/
MIT License
280 stars 73 forks source link

setting max-cache-ttl to 0 causes slowdown problems #137

Open markkundinger opened 1 year ago

markkundinger commented 1 year ago

Describe the issue you are having

with the change from last that set max-cache-ttl to 0, the lancache DNS service is now quite slow. each lookup can take one or two full seconds, and subsequent checks are not cached at all so they also take a second or two. Further more, even a downstream pihole will not cache the hits because the TTL was set to zero.

The change was made with commit #131

of the three changes to the options file: 'forward-only' seems fine, and it accomplishes the goal of that commit. 'max-ncache-ttl' doesn't seem to break anything, although the default bind value is 10800 'max-cache-ttl' of 0 is the problem. Per the docs, the default value is 604800, and zero should not be used because it may cause SERVFAIL errors.

https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-max-ncache-ttl

I've personally modified it to 10,000 and it works well.

my recommendation is to leave in the forward only line and strip out the other two. (barring an enhancement to let the user set the cache values)

How are you running the container(s)

docker compose, pulled latest.


### DNS Configuration

version: '2.1'

services: dns: image: lancachenet/lancache-dns:latest env_file: .env

restart: unless-stopped

ports:
  - ${DNS_BIND_IP}:53:53/udp
  - ${DNS_BIND_IP}:53:53/tcp

and in .env

IP address on the host that the DNS server should bind to

DNS_BIND_IP=192.168.3.204

DNS Resolution for forwarded DNS lookups

UPSTREAM_DNS=149.112.112.11;9.9.9.11


### Output of container(s)

I have nothing.

lmginfra commented 1 year ago

yeah would be really nice to have it configurable via env variable. +1

VibroAxe commented 1 year ago

@MathewBurnett ?

AranVink commented 9 months ago

+1 for making this configurable.

I also found this one while doing some testing. What I don't get is this is not just for the content domains that are 'poisoned'/'enriched' for caching, it's for all of them. I can imagine the content domains have to have a low TTL to ensure traffic is captured quickly, but for regular domains this really slows down normal internet/browsing tasks. Having this set makes any client OS level DNS caching worthless AFAIK.

If I find some time next week I will create a PR for this :)

stale[bot] commented 5 months ago

This issue has been automatically marked as inactive because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.