Custom encrypted DNS upstream servers configured for a client are 4-5 times slower #7769
Comments
|
I have the same observation and problem with lag (actually 50-100 times more lag than standard encrypted requests) in v0.108.0-b.68 and edge as of today (v0.108.0-a.1088+61a1403e), and I think it may be related to this issue, because that's the error I also get in my syslog. But as OP reports it seems to only affect configured persistent clients with custom upstreams, as per the response times visible in the query log (disregarding cached responses). So as I layman I would suggest there is something in the code for the persistent clients´ custom upstreams that handles quic (and encrypted dns requests) different from the standard upstreams. |
This commit fixes a critical performance issue with custom encrypted DNS upstreams configured for persistent clients. The bug caused connections to be unnecessarily closed and rebuilt on every DNS request, making custom DoH/DoT/DoQ upstreams 4-5 times slower than global upstreams. The root cause was that after rebuilding a client's upstream connection, the timestamp (commonConfUpdate) used for detecting configuration changes was never updated. This resulted in an endless cycle of detecting "changes" and rebuilding connections on every request, particularly impacting encryption protocols with expensive connection establishment. This PR updates the client's configuration timestamp after rebuilding the connection in upstreamManager.customUpstreamConfig(). Fixes: AdguardTeam#7739, AdguardTeam#7769
|
I may have a fix for this but it's still unconfirmed. Please give it a try if you'd like: #7789 |
|
Thanks @fbernier I'll make the team aware of this. |
I run adguard home with a certain complicated installer on my router so I think I have to wait for it to get merged into edge unfortunately... |
I thought it would be a hassle too but turns out that cloning the repo on a linux desktop, running a single command to cross-compile to a single arm64 binary ( Here's an arm64 binary in case anyone's interested: https://drive.google.com/file/d/1NeGDB0tyX6A523Cp0GHC-M-Mqjturwcj/view |
Thanks, but my router uses armv7 architecture for most binaries, so it would really be much quicker and easier if maintainers would just merge this one-liner PR, which also actually fixes something that made the persistent client part of agh quite unusable since forever. |
|
ping @ainar-g |
|
I've made the AGH team aware of this already - no need to @ people. |
|
Thanks for reporting! We've found that bug as well, and we're aiming to fix it in the next beta. Assigning to @schzhn, who is currently working on the fix. |
|
The fix is already in the edge release. You can download the binary for your platform from this page. |
|
Did the fix for this in edge somehow negate the fix for the custom caches that was just merged days ago...? |
|
@bohtho, I'm not sure what you mean. Do you see any issues on the edge channel currently? |
|
Docker edge version |
|
@bohtho, I cannot reproduce that on the current edge release. There is a separate issue where disabling the global cache also disables custom caches, and we're working on that at the moment, and it should be fixed by the next beta release. |
|
Leaving the global and custom caches at the same level (and turned on) the custom persistent clients definitely misses a lot in the cache even after several days. But suddenly some things are taken from cache too so I can't figure it out or pin it down. Same edge v0.108.0-a.1089+2c46bc92 |
|
Anyone else still seeing that the custom client caches are not working (perhaps after the custom client upstream timeout fix) ? |
|
@bohtho, ensure that the custom client upstream DNS server list is not empty. |
Prerequisites
I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to report a bug and not ask a question or ask for help
I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)
Platform (OS and CPU architecture)
Linux, ARM64
Installation
GitHub releases or script from README
Setup
On a router, DHCP is handled by the router
AdGuard Home version
v0.108.0-b.66
Action
If custom encrypted DNS servers are configured for a client, the resolution times for this client are 4-5 times higher than the same standard configured encrypted DNS servers. If legacy DNS via IP is used instead, the problem does not occur.
Settings > Client Settings > Add/Edit Client
Tab Upstream DNS servers > Configure encrypted DoT or DoH Servers for the Client > Save > Test
Expected result
Same resolution times as with the standard configured encrypted upstream DNS servers.
Actual result
Resolution times are 4-5 times higher than the same standard configured encrypted DNS servers.
Additional information and/or screenshots
No response
The text was updated successfully, but these errors were encountered: