Tomato includes Dnsmasq, a lightweight DNS forwarder and DHCP server. By default Dnsmasq is configured to only cache 150 DNS lookups; a very small number that can easily be exceeded by a typical home network. I decided to share my research and write this simple howto if you want to enable and use dnsmasq within Tomato. 1. First consider using OpenDNS as your dns provider. OpenDNS servers are faster and have a larger DNS lookup cache than your typical ISP provider DNS server. OpenDNS by default protects you from phising sites and auto-corrects mistyped urls. If you sign up for an account at opendns.com you will also get the benefit of network shortcuts, stat gathering, and website blocking. But you do not need an account to use the OpenDNS servers. Go to: Basic ->Network And in the LAN section, under Static DNS, enter the OpenDNS servers IP addresses. 208.67.222.222 208.67.220.220 Click Save. 2. Now we are going to enable dnsmasq and add some options. Go to: Advanced ->DHCP / DNS Use Internal Caching DNS Forwarder: This option enables the dnsmasq DNS lookup caching. Use Received DNS With Static DNS: This option configures dnsmasq to use your ISP's DNS server in addition to any Static DNS entries you have specified. I turn this off since my ISP's DNS server can be slow at peak hours. Upon startup Dnsmasq sends a query to all configured DNS servers in /etc/resolv.dnsmasq. The first server to reply back becomes the primary DNS server. If the server stops responding then Dnsmasq sends out another request and reassigns the primary server. Intercept DNS Port (UDP 53): This option may be helpful when used with OpenDNS for parental control. When enabled, anything going out to UDP port 53 is redirected to Dnsmasq. e.g. A client on your network can still configure their own DNS server for lookups to bypass the dnsmasq server on your router. By enabling this option their DNS lookup will get always get redirected if they are going over port 53. Dnsmasq Custom Configuration: The options and comments are taken directly from the Dnsmasq man page. Enter the following options into the text box: Code: cache-size=2048 log-async=5 #strict-order cache-size: Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching. log-async: Enable asynchronous logging and optionally set the limit on the number of lines which will be queued by dnsmasq when writing to the syslog is slow. Dnsmasq can log asynchronously: this allows it to continue functioning without being blocked by syslog, and allows syslog to use dnsmasq for DNS queries without risking deadlock. If the queue of log-lines becomes full, dnsmasq will log the overflow, and the number of messages lost. The default queue length is 5, a sane value would be 5-25, and a maximum limit of 100 is imposed. extra: (commented out with a #) strict-order: By default, dnsmasq will send queries to any of the upstream servers it knows about and sets the server that is first to respond as the primary server. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.dnsmasq (which is the order of the Static DNS list). Click Save. Finally, check your logs to make sure your changes and options took effect: Code: Oct 7 00:27:26 tomato user.warn kernel: nvram_commit(): init Oct 7 00:27:27 tomato user.warn kernel: nvram_commit(): end Oct 7 00:27:28 tomato daemon.info dnsmasq[1124]: exiting on receipt of SIGTERM Oct 7 00:27:28 tomato daemon.info dnsmasq[1242]: started, version 2.40 cachesize 2048 Oct 7 00:27:28 tomato daemon.info dnsmasq[1242]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP Oct 7 00:27:28 tomato daemon.info dnsmasq[1242]: asynchronous logging enabled, queue limit is 5 messages Oct 7 00:27:28 tomato daemon.info dnsmasq[1242]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d Oct 7 00:27:28 tomato daemon.info dnsmasq[1242]: reading /etc/resolv.dnsmasq Oct 7 00:27:28 tomato daemon.info dnsmasq[1242]: using nameserver 208.67.220.220#53 Oct 7 00:27:28 tomato daemon.info dnsmasq[1242]: using nameserver 208.67.222.222#53 Oct 7 00:27:28 tomato daemon.info dnsmasq[1242]: read /etc/hosts - 0 addresses Oct 7 00:27:28 tomato daemon.info dnsmasq[1242]: read /etc/hosts.dnsmasq - 1 addresses Impact on lookup speed and memory: FYI, dnsmasq uses a hash function to store and lookup DNS names, which means it can find any name in its cache at a constant time. The practical application is that we can set a high limit on dnsmasq cache size and it won't slow down. The hard limit is 10000 if you have enough ram to store it. So far I have not exhausted my free RAM on my WRT54GLv1.1, but since I just changed the dnsmasq settings I haven't had time to stress the higher limits. Criticism and comments are welcome. I want to improve this guide. I will finish up commenting on all the options later. EDIT - Update: I just wanted to say that I have been using 8192 as my cache-size for a long time now without any issues, I have plenty of free ram left. 10000 isn't a problem either, at least on my configuration. Just make sure that you aren't running out of ram and you should be ok.
Bump. Just updated this with more info and clearer language. I think I'll leave the "lease time" explanation out since it's self explanatory. The reduce packet size option doesn't have anything to do with Dnsmasq either.
Definitely FAQ material. It is good to have some of the finer details of DNS explained and to have a way to optimize it. When it comes to DNS, I always stop messing with it when my PC resolves, which is usually somewhere in the neighborhood of 4.2.2.4, but with your instructions I may fiddle around with it to see what happens ! Thanks.
Just to add my 2p The option dhcp-authoritative seems to be the default for Tomato - it is already added. busybox udhcp is used to obtain the WAN side IP address, it is called with the option "-m" to reduce packet size.
Indeed, dhcp-authoritative is the default option. I will remove it from the guide. Here is proof with only the cache-size and async set: Code: #cat /tmp/etc/dnsmasq.conf interface=br0 resolv-file=/etc/resolv.dnsmasq addn-hosts=/etc/hosts.dnsmasq expand-hosts dhcp-range=192.168.1.100,192.168.1.149,255.255.255.0,1440m dhcp-option=3,192.168.1.1 dhcp-authoritative dhcp-host=01:02:03:04:05:06,66.75.250.222 cache-size=2048 log-async=5 I haven't found the "-m" option however for udhcp in any documentation. Can you point me to it?
You don't need an account for those two things. Those come by simply using them as your DNS provider. It's the parental controls and other things where the ability to adjust settings (because they depend on the individual) is needed that you have to have an OpenDNS account for. In my case, OpenDNS is significantly slower than the DNS servers of my ISP (AT&T Yahoo), but my family still uses them for the LAN-wide anti-phishing and parental controls.
I changed the guide to better reflect what OpenDNS accounts provide. Thanks. You also have to set up Tomatos DDNS option for OpenDNS for the account settings to be effective. I'll probably add that to the guide later. For me opendns servers are farther away, and hence have a slightly higher ping, but they return DNS lookups much faster than my ISP (RoadRunner) which has a slow to respond DNS server during peak hours. The OpenDNS server has a distributed DNS server system that when combined offer more direct DNS hits. Most ISP's DNS servers aren't as big, and have to ask the .com root for most uncommon or new sites. Though I imagine some ISP's do it right.
Nor me, busybox udhcp seems an old mature package - but this has been added to the version in the Tomato source code, it sets a "minpkt" flag which is used in packet.c. Also to keep this thread authoritative:- dnsmasq can be used for host and/or domain ad blocking:- http://www.linksysinfo.org/forums/showthread.php?t=53133 http://www.linksysinfo.org/forums/showthread.php?t=53904 dnsmasq can be configured to hand out different gateways and dns servers based on on machine MAC address http://www.linksysinfo.org/forums/showthread.php?t=53835
I have v1.07 installed on my wrt54gv2 and I do not have the Intercept DNS Port (UDP 53) option. Is this something new in the 1.10 release? tx.
In the static DNS server IP section, we enter them in order of our preference.. but in the tomato log, it seems to display the dns ips bottom up.. Does this mean we should be entering them as line1-server3,line2-server2,line3-server1 instead of the opposite ? *.222 is entered first in the example given, but in the log *.220 is displayed first.
maybe... in my example I do not have the "strict-order" option set, so the first server is simply the first one to respond. but yeah, I see your point. Try it out and let us know.
I did set strict-order on mine because I was doing ping time tests, and dig tests (pretty interesting actually, try man dig sometime), so I ordered them like-so. If I telnet into the router and do: cat /etc/resolv.conf the servers are listed in the order I entered them in, in Tomato, but as mentioned, in the syslog they appear from the bottom up. I guess I have to take the following on faith: "By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers to are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf"
what are the advantages/disadvantages of using dnsmasq as opposed to letting the opendns servers do everything? do you get faster resolution by allowing dnsmasq to cache some addresses on the router? also -- does it only act as a dns forwarder for those addresses that are dhcp clients? does it also do it for those with static leases?
Indeed. That's because your router is right on your LAN, while OpenDNS isn't even on your ISP's servers. Your router would respond almost immediately.
Not everyone lives in a place where there is much choice, and OpenDNS has anti-phishing and optional parental controls. That's why my family uses it even though it's slower than our ISP's DNS servers. It's nice having it centralized for the entire LAN, and it's nice having that functionality on devices that otherwise wouldn't have it (my brother's Wii). *shrug*
I take it your web browser is set to not cache web pages? Caching web pages on your machine seems like a bizarre workaround, get an ISP that doesn't suck instead.
Just to add something I found out recently. After having ISP DNS troubles I added the Opendns servers and ticked the box "use dynamic in addition to static DNS', but by examining the log I found only 1 dynamic dns was added. It seems Tomato only supports a total of 3 DNS servers to be defined (I'm sure dnsmasq can handle more)
What an uninsightful comment. Less then half of folks in North America even have access to high speed (by local standards) service. Of those only about half have access to more then a single high speed service. So for most North Americans there isn’t a doesn’t-suck alternative (assuming the local monopoly does suck.) Furthermore as others have noted OpenDNS offers additional functionality. It can be set to not serve up addresses of categories of sites. It can be set to provide DNS-shortcuts. It can provide customized error pages. It offers an ad-funded alternative address lookup, which I have found useful upon occasion. And in my experience OpenDNS has been far more reliable, both in uptime and honoring cache expirations, then either of my two ISPs. It is also consistently faster then Comcast’s doggy DNS servers & competitive with Verizon’s residential Fios ones. I don’t rely on my ISPs for time services. I don’t rely on them for any email services. I don’t rely on them for Usenet access or photo sharing or whatnot. So why get all tetchy about using an alternative, arguably better, DNS service? Let the ISP get the bits to me fast & reliably; I’ll then pick the best-of-category for my other needs.
That makes absolutely no sense at all. But yes, I could browse at close to the same speed without a cache as long as the web server is responsive, it’s not like my connection is a bottleneck on the web. I do however fail to see what it has to do with DNS-servers responsiveness. You don’t need a fast connection to do DNS lookups, the only reason your ISPs DNS-server would be slow or even offline is that they are cheap, not necessarily the price you pay but the price the pay. Of course if no alternative is very good at all then I can see that OpenDNS could be an alternative but I would still argue that the ISP in question really do sucks if their own DNS-server, on their own network, is slower than external ones like OpenDNS. Its just something wrong with that.
I follow this guide which I thank the OP. I have a question regarding the setting up DDNS. I chose OPendDNS w/my login and password. I see a check box that says "force next update". WHen I choose this and save, I get an error message "invalid hostname". What does this mean? Do I need to change the hostname of my router to my pc hostname? Another question, since I already use opendns as my static dns in Tomato, do I even need to use the DDNS option???? thxs dr
When I use force update it just says "Update successful." Make sure your using OpenDNS as your DNS. Also check if you enabled the "Enable dynamic IP update" in the OpenDNS control panel. I'm not sure what could be causing this. No. My WRT54GL is configured to have "tomato" as its hostname. I don't think you would want two devices to have the same hostname, otherwise they will conflict upon name resolution. DDNS provides your IP address to OpenDNS so that OpenDNS can enable Parental Controls, Network Shortcuts, Stats, and Website Blocking based on the IP address. You don't have to configure this if you don't plan on using any of the above features.
Just to be clear, are you confirming that this DNS caching and the use of DNSmasq for host ad blocking can be used concurrently? I have both set up but I am not totally sure that they are working together. Thanks, Kev
I think they are integrated, dnsmasq can do domain blocking because it does the DNS caching an lookups on your behalf. For things in your blocklist it just never looks them up!
Hmmm... that part I understand. I was wondering if the ad blocking scripting will work with the DNS caching in that sites that are not blocked should still get cached by the DNSmasq, right? For example, will the script that caches the DNS requests so the the lookup doesn't need to go further than the router still function if the hosts file is scripted for ad blocking? Can the two co-exist, or will using the ad blocking script make the DNS caching not function? I would have tested this myself, but I'm not sure how I can test it. Thanks!
Note we are not using the "hosts" file - for that you need every sub-site referenced. I'm pretty sure the dnsmasq domain blocking works by adding permanent references in the cache, so it doesn't go out to the internet to find out things it has already been told.
First off I want to thank the OP (rcordorica) for putting together this wonderfully informative thread... I run am the administrator for a small business network, and we've caught out employees on MySpace and Facebook hours on end when they could be doing better things with their time. I recently upgraded to Tomato v1.11 so that I could setup OpenDNS to work with the network, and I've been keeping my eye on the STATS and it's amazing to see all the sites these employees are trying to go to that are being blocked by OpenDNS, what a great tool. I've printed out the whole thread and read it all the way thru... But I still have a few questions: Will the "Use Received DNS With Static DNS" setting force DNS lookup with OpenDNS (since it is set to my primary and secondary dns), or should this be turned off so that it won't use my ISP's DNS servers and force OpenDNS? Does the "Intercept DNS Port (UDP 53)" function FORCE OpenDNS? Meaning if a employee sets IE or FireFox to use another DNS server, it will still force OpenDNS? "Static Lease Time" ? What is it, what does it do? Should the "Reduce Packet Size" function be checked? What does it do exactly? Thanks again, -BassKozz
Will the "Use Received DNS With Static DNS" setting force DNS lookup with OpenDNS (since it is set to my primary and secondary dns), or should this be turned off so that it won't use my ISP's DNS servers and force OpenDNS? As far as I know you want this turned OFF so the only DNS servers being used are those of OpenDNS Does the "Intercept DNS Port (UDP 53)" function FORCE OpenDNS? Meaning if a employee sets IE or FireFox to use another DNS server, it will still force OpenDNS? Correct; if this option is NOT set then a person could override their PC's DNS setttings to another (non OpenDNS) server. Enabling this option ensures that the ONLY DNS server your client PC's can use is that of the Tomato Router, and that the router in turn will use OpenDNS. "Static Lease Time" ? What is it, what does it do? If you have entries in the Basic/Static DHCP screen, this will ensure that the leases to the client machines will have the same Lease Time as you set in the Basic/Network Lease Time field. This has the advantage of ensuring that any settings supplied by DHCP to the clients are consistently supplied, and also that if you ever wish to change a statically assignged DHCP client to a new IP address, it will happen without the client having to reboot. Should the "Reduce Packet Size" function be checked? What does it do exactly? This appears to control the size of the DHCP packet that is exchanged with your ISP that obtains an IP address for your router. If everything is working without it set, don't bother changing it.
Moving this info which may get lost in the Tomato 1.17 release thread Tomato only supplies 3 DNS servers to dnsmasq, via resolv.dnsmasq, so if you specify 3 static dns the "use supplied dns in addition to static" has no effect. I get 2 dns servers via dhcp, so can only add one additional opendns server via the web gui. The 3 servers limit is a Tomato restriction, not dnsmasq, so a workaround is to not enter your additional (open)dns servers in the static dns fields, but to add them to the web gui "Dnsmasq Custom Configuration" with Code: server=208.67.222.222 server=208.67.220.220 for example, then my log reports on wan dhcp renews:- Code: Feb 28 12:23:56 wrt54gs daemon.info dnsmasq[2114]: exiting on receipt of SIGTERM Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: started, version 2.41 cachesize 2048 Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: asynchronous logging enabled, queue limit is 5 messages Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: DHCP, IP range 192.168.0.100 -- 192.168.0.149, lease time 1d Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: using nameserver 208.67.220.220#53 Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: using nameserver 208.67.222.222#53 Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: read /etc/hosts - 0 addresses Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: read /etc/hosts.dnsmasq - 13 addresses Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: using nameserver 194.168.8.100#53 Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: using nameserver 194.168.4.100#53 Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: using nameserver 208.67.220.220#53 Feb 28 12:23:57 wrt54gs daemon.info dnsmasq[2161]: using nameserver 208.67.222.222#53 The .100 dns servers are obtained by dhcp and passed to dnsmasq via resolv.dnsmasq Doing it this way you can also add restrictions to what use is made of these servers see manpage for more details -S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
Peter, I've been using this information for a while now, but I never thanked you for it... So, Thank You
added question I have searched and cant seem to find info on this exact question. Seems like when using dnsmasq you no longer need the dnscache service enabled under XP. I have disabled mine and still am surfing the web super quick. Is there a downside to doing this, letting the router handle all DNS actions? Id like to hear others opinions / tweaks regarding this.. thanks..
well thats the thing... XP has a cache, Firefox has a cache, the router has a cache, and opendns acts like a cache.... i think you should be fine disabling xp's cache, but i don't see how leaving it on could hurt either (besides using up some ram). XP probably uses the service to cache local names, so it may affect performance there, but since its local, it' only like 1 hop anyways.
That's right, between the actual website on the Internet and your browser, everybody and their cousins have a DNS cache. What you want to do is put a cache before the major bottleneck. In this case, the major bottleneck is the network beyond your router, so a DNS cache at the router makes sense. The status of any other DNS caches is probably immaterial as some are out of your control, and the rest is not a bottleneck to begin with.
cache-size=2048 log-async=5 #strict-order ? Do we need the #strict-order ? I'm confused. The example does not show it but the text/explanation does. Fixed previous problem. What do we set DDNS to, WAN or Exterrnal IP address every 10 minutes?
The hash-mark acts as a "comment" for the whole line; ie ignore the rest of the line, so #strict-order is the same as not even having that line in the config. file.
I was just reading the man page, and found this interesting option: Seems like it should help if the servers are unreliable in their response times since by default dnsmasq already chooses the fastest to respond server on startup. Although it may be considered a bad network practice... EDIT: i added it to my options, but I don't see any change in the logs: I wonder if tomato's version supports this option. Maybe it just works silently.
rc... Thanks but I guess I didn't ask my question very well. The explanation includes the reason why we would use the strict order, it shows in the example at the beginning of the posts, yes I understand its commented out with the #. I'm not dissing the information just saying its a bit confusing. One place it looks like we could be using it, explains it, etc., but then we don't use it? Why would I want to use or or why not? What does strict order do in terms of how it works so that I would want to use it? Also what about that setting for WAN to use?
I don't use it because I want the fastest server to handle my dns requests. Strict order forces dnsmasq to contact the servers in the order listed under the "Static DNS" list. Some people use it because they want to strictly define what dns servers to use, and in what order. Somebody else in this thread talked about how they pinged each server and set up the order strictly based on the pings. In theory dnsmasq already does this for you. Do you mean on the DDNS page for Dynamic DNS IP Address? I use the recommend default there. The WAN (Wide Area Network) IP should be the IP address that your ISP gives you assuming tomato is doing the log-in. If you have a dsl or cable modem that gets the IP address and then hands a private address to your router (i.e. 192.168.1.1) then you would need to specify to check for an External IP since the WAN will be 192.168.1.1. An external checker is like: http://whatismyip.com
rc.... Thanks. So given the fastest one is the one you end up using is it better to leave the setup with the default dns server numbers getting passed from the ISP and then add the OpenDNS ones into the manual setup/dnsmasq options? And then select the option to use both provided and static dns numbers? Or even the other way around, static in the setup, the IP's from the ISP in the dnsmasq setup?
Well, if your ISP is always the fastest to respond then its unlikely that OpenDNS will be assigned as the primary server. At least that is what happens in my case. My ISP's DNS servers are closer to me, so of course the ping is better. But that doesn't mean their DNS cache is as big as OpenDNS. If you want to take advantage of OpenDNS' account based features then you should only use OpenDNS as your DNS servers. If you want the fastest possible DNS then you should probably use your ISP DNS and enter the OpenDNS IP's into the dnsmasq options, as well as any other fast DNS providers. Then you can set the "all-servers" option and request a DNS lookup to all servers simultaneously; the first to respond becomes the DNS reply. Right now I am using OpenDNS servers exclusively with the "all-servers" option and a cache size of 8192. After about a week the router caches most names and requests to OpenDNS for lookups goes way down. That is the best behavior in terms of performance, but maybe not for stat gathering since OpenDNS doesn't get queried. But right now OpenDNS has disabled their website monitoring stats, so that is kind of useless anyways (until they turn it back on).
What's the command to check the status of my nameservers when I telnet into the router? I do a "cat /etc/resolv.dnsmasq" and all I see is 127.0.0.1 which is my loopback address. Why doesn't it list my OPENDNS servers? I did a reboot and same thing.... What am I missing?
Quick question and one of those where I think I know the answer but just want to double check. For setups where we are using one router to be the dhcp server, one slave wds, one pure wireless AP, only the dhcp server needs these tweaks?
Hi If you run my Adblock script it will automatically optimise DNSmasq for you. http://www.linksysinfo.org/forums/showthread.php?t=57556
i have Code: cache-size=2048 log-async=5 address=/biatche/192.168.0.11 im trying to setup some hostnames.. how do i do that? above dont seem to work
Since the tweaks I saw above are all dnsmasq related then the answer must be yes I think. FYI, for what it's worth, I played around with this stuff a while back and ended up doing: >Set up an OpenDNS account (already had DynDNS acct) and defined my perferred filtering rules there >Configured OpenDNS in addition to DynSDNS on Tomato basic/ddns tab, ticked "Use as DNS" for OpenDNS >In Tomato advanced DHCP / DNS tab under Dnsmasq Custom Configuration, set Code: strict-order cache-size=2048 log-async=5 >Ticked "Use Received DNS With Static DNS" on for some redundancy
I see a new option which is "Maximum Active DHCP Leases" Maybe you could update your post on the best values for 10000 cache size? Would it still chose 10000 if i set it to 11000?
A "DHCP lease" is a lease of a dynamic assigned IP to a client. This has nothing to do with DNS cache.
One question regarding dnsmasq cache on the router... I have mine set at a 5120 cache size. The WAN connection is a cable modem, with a 2 day DHCP lease. Naturally, when the WAN DHCP renews, dnsmasq restarts. What I'm trying to find out is if that dnsmasq cache is wiped out during the restart. If yes, then it's clear to say that the 5120 cache is only good for a 48hr period, clearing out and restarting anew at every WAN lease renewal. Can anyone clarify?
And a good thing that is! When the system runs out of memory, the first thing it does is kill dnsmasq, to free up the memory that it may be hogging. viz: Sep 23 20:27:04 ROUTER user.err kernel: Out of Memory: Killed process 13163 (dnsmasq). I have just read all 56 messages in this thread -- no one seems to know or care how much memory is consumed per DNS cache entry. Anyone know? The OP seems to place a strong emphasis on 1. using OpenDNS 2. a small (conventional) home network (with no P2P applications) 3. a situation where there is no shortage of memory. There are also networks with heavy P2P use and constant router crashes due, ultimately, to memory allocation failures. Some of these P2P applications generate 100's of (throwaway) DNS queries in a few seconds. Caching them would be worse than pointless, and would only aggravate the memory problem. Slowing down DNS queries, along with reducing UDP timeouts to 10s or even 5s, ad, of course, limiting total connections to 2048, may be the most effective way to keep routers from crashing. I don't want to detour this thread, and would ask that we only focus on the memory implications of DNS options. When I monitor free memory, it seems to jump up and down by 500k constantly. When the kernel catches "Out of Memory", it does so even with a Free of .5MB and a Cache of 4.5MB. Have others tracked "free" memory to find out what leads to router crashes?
Yes I have seen this on ram challenged ADSL routers too, there must be an issue with memory fragmentation (easy to do in the /var ram disk) and the router being unable to allocate big enough contiguous blocks. I think an issue may be that dnsmasq 'forks' creating clone child processes to deal with each connection, each getting a copy of the workspace, but monitoring memory use using "top" for example is very imprecise - the sum of all the "virtual memory" used is often greater than 100% due to double counting and the OS cleverly re-using common code space etc.
That just happend to me two days ago. Just 27 connections were being tracked so that wasn't the problem. I had 200-300k of free memory and had no special software running on my machines that could have filled up the routers' memory.
Does anyone know how to add secure lists start with https. For example: https://adversity.googlecode.com/hg/Adversity.txt My router, which is Asus RT-N66U run tomato Shibby version, always say can't read from https address. Any solutions are welcome.
Holy zombie thread batman. I would post your question in "ALL-U-NEED Ad Blocking" since its got far more in common with what you want to accomplish. And it's not a 3 year old thread that was pages back and almost completely unrelated to what you want. Or perhaps the "Auto DL Hosts File and Install..." thread would be closer. I dunno, either one is current and are certainly more related than this one.
