Minimizing DNS Connections?

Discussion in 'Tomato Firmware' started by Planiwa, Feb 5, 2009.

  1. Planiwa

    Planiwa Network Guru Member

    Minimizing DNS Connections -- want just 1 connection for 1 query.

    I ran this little experiment (default Tomato 1.23 settings)

    0. stopped all applications on the LAN. monitored connections in CONNTRACK table.
    1. ran ping -c1
    2. here are the CONNTRACK entries, 5 seconds later:

    ADM 50156 SSH ROUTER-I tcp 14399 E a
    -- src= dst= sport=50156 dport=22 tcp 6 14399 ESTABLISHED
    -- src= dst= sport=22 dport=50156 [ASSURED] use=1 mark=0

    ADM 65071 DNS ROUTER-I udp 25
    -- src= dst= sport=65071 dport=53 udp 17 25
    -- src= dst= sport=53 dport=65071 use=1 mark=0
    ADM 65526 DNS ROUTER-I udp 25
    -- src= dst= sport=65526 dport=53 udp 17 25
    -- src= dst= sport=53 dport=65526 use=1 mark=0

    RTR 11909 DNS NS1 udp 25 1
    -- src= dst= sport=11909 dport=53 udp 17 25
    -- src= dst= sport=53 dport=11909 use=1 mark=1
    RTR 24284 DNS NS1 udp 25 1
    -- src= dst= sport=24284 dport=53 udp 17 25
    -- src= dst= sport=53 dport=24284 use=1 mark=1

    As you can see, a single access (by name) of a host on the Net resulted in 2 DNS requests to the router, which then relayed two more requests to the (ISP) name server.

    That's 5 connections for 1 access.

    (The reason this interests me is that I have been studying connection storms.
    One factor in (p2p) connection storms is that when the client tries to solicit connections, for every low priority (?) connection attempt, there may be 5 high priority connections set up before the far side is contacted, if ever. I had observed, when trying to find which of a dozen users was causing a storm, that each storm appeared to involve a high degree of "router complicity".)

    My question is: Have others observed this exploding of DNS traffic?
    Might there be a way to reduce it from 4 connections to 1? (Since the vast majority of all connections are for random, futile peers that never respond, I really don't want DNS caching.)

    I would like the router to set up a single (NATed) connection between the the LAN host and the ISP NS. Then that connection would be LAN-host rule-able, rather than appearing to be router-top-priority!


    P.S. I found that when I uncheck "Use internal caching DNS forwarder", I can no longer reach LAN hosts by hostname.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice