Dnsmasq often at 50 % cpu and dosn't answer any more

Hello,

all few weeks the dnsmasq service will not further answer.
I saw the dnsmasq process claim on whole CPU with 50 % of the system ressource.
A hangup signal of the process does not help but pressing kill button restart the process and then it works again.

Kernel-Version:5.15.148
Modell:Turris Omnia
Architektur:ARMv7 Processor rev 1 (v7l)
Firmware-Version:TurrisOS 7.0.2 4e1d1b7df0ce6fa96d7462dc883917682f428046

Cheers.

On Turris, dnsmasq does no DNS. At least in default settings.

Which process then is normally doing the dns service if not dnsmasq normally do it?
I have configured the omnia so that I have an internal resolving of all of my network devices.
All other should go to an external resolver.

Ah, I see, knot-resolver should do the resolving stuff. I will check it by the way that dnsmasq has a problem is still not good.

Yes. The process is called kresd.

Ok, maybe dnsmasq is used because I run the Omnia for years now with upgrading regulary only the os so knot was not used in the beginning.
I see that dnsmasq-full is installed. Only knot-libs and knot-libzscanner pkg is installed.
Is there a path known to migrate to knot? Is dnsmasq still used for the dhcp stuff?
A kresd is not running.

No, Turris never used dnsmasq for DNS. Original blue powerpc Turris 1.x used Unbound.

Ok, than maybe I used dnsmasq because of the well known documentation and the luci modules.
I cannot find a luci knot package. Not any available?

Ok, found now Knot resolver over Dnsmasq page. Will check it how to go (back) to knot.
Thank you for the fast answer.

No. Only for (Re)Foris.

Maybe you could try factory reset or something like that, depending on your situation.

ReForis is not really usefull for my config. Would be nice I can use it in luci too.

luci is only meant to be used if you really know what you’re doing.

Like… the DNS tab in luci will set up dnsmasq but Turris only uses it for DHCP, so people get confused easily and break their configs.

Yea, as I did. By the way all is working well but only sometimes dnsmasq is hanging by using 100% of one CPU core. And this looks like could be a bug.

Maybe I can replace dnsmasq by odhcpd. Than knot should do the dns stuff.
I never recommended the use of one proc for different services :wink: so dnsmasq was never my first friend. Each service should have there own software so all can be replaced by each other.

I think that’s also used by default. For DHCPv6 I think, not sure if server or client

Looks like there is a bug in dnsmasq allready known. Don’t know at the momen when it will fixed.
By the way it is not exactly a turris problem but should be fixed by an upgrade of dnsmasq after the problem has to been solved by the dnsmasq developers. It is on my watchdog list for the moment.

1 Like

There exitst a problem in dnsmasq befor 2.90 which could is affected by CVE-2023-50387 and CVE-2023-50868 (extreme CPU consumption in the DNSSEC validator).
With 2.90 it is possible to break this problem.
The current version used is 2.86 so I suggest that dnsmasq should be updated.
With migration of OpenWRT 23.05 the new dnsmasq version should be ugraded so hopefully the problem will be cleared later. :smiley: