AdGuard Home v0.106.1 high CPU usage and slow DNS response #3064
Comments
ainar-g
added
needs investigation
|
We don't see anything like that on our side. Probably, we'll need to see the Here's how you can get them:
Now if you open Also, if you have |
Followed your steps to download the dump but it couldn't connect to I took 2 screenshots for htop one with v0.105.2 and one with v0.106.2 v0.105.2 |
|
Can confirm was also experiencing this issue on v0.106.1 and v0.106.2 on a Raspberry Pi 4 4GB. Rolled back to v0.105.2 and this issue was no longer present. I first noticed this issue when checking my Adguard Home Dashboard and noticed the average processing time for queries had jumped up from 20-30ms to several 100s of milliseconds. A quick look through the query logs showed a lot of Reverse DNS lookups taking on the order of 700-900ms to complete. My top queried domain had quickly become 1.0.28.172.in-addr.arpa the address of the adguard container with almost 5000 queries in a 24 hour period. Having reverted about 12 hours ago, queries to that address have already halved, I've also followded your steps to download the dumps, but was also unable to connect. I'm not using macvlan so I'm sure its not that. I'll keep trying a few other configs and update if I get it working. |
Hmm, I don't think this port is exposed from the container. You need to run the container with |
|
@DeuceCode @N1ghtshad0w could you please record verbose-level log? Maybe we can figure something from it.
|
You are right port 6060 is not exposed from the container.
macvlan is an overlay network that assigns an IP address to your container, all declared expose ports are accessible on the assigned IP and nothing needs to be forwarded to the host. Port 6060 need to be added to the dockerfile EXPOSE command, adding it to the docker run command doesn't do anything. |
|
Well, the difference is rather huge, hopefully, we'll be able to figure it out from the verbose log. |
|
I have this issue on v0.106.2 (and v0.106.1). As a temporary measure I have disabled almost all filtering lists. This has helped to reduce latency from 18k ms to 100 ms. |
|
@CaesarRulezzz what's your config? Is it docker as well? Could you please reproduce the issue and record the verbose-level logs #3064 (comment) ? @ all - if you want to share logs privately, please send them to |
Yes, I use it in a docker container. |
I've sent logs to |
|
Received, thank you! |
|
Hello again, @N1ghtshad0w, @DeuceCode and @CaesarRulezzz! We've got some assumptions about the issue. Could you please find the |
Didn't work for me. Back to v0.105.2 again for now. |
|
This just means that your local DNS server is rather slow to respond to PTR queries, it does not mean that there's any performance issue with AdGuard Home. However, I don't understand where this high load comes from. @N1ghtshad0w could you please collect verbose logs for us? I doubt we can figure out what's causing this without your logs. |
I don't think so, going back to v0.105.2 I don't have that issue anymore.
The problem is that I can't keep v0.106.2 running cause it cripples all the other services and eventually drag the whole server down, that's why I keep going back to v0.105.2 to keep the server running. |
Well, we only need logs for a short period of time, 5 minutes would be enough. |
|
I ran it for like 20min with verbose logging on and it generated insane amount of logs around 600+ MBs in log files I checked some of the files it goes on and on like this |
|
What's hosted on |
|
@N1ghtshad0w, can you please try to enter the address of your network's router into the “DNS settings” → “Private DNS servers”? Or uncheck the “Enable reverse resolving of clients' IP addresses” check mark? |
ainar-g
added
bug
docker
@ameshkov, 127.0.0.11 is the internal docker DNS address, which normally forwards to the host’s DNS. |
@ainar-g, that did it I think. So far so good. |
It looks like the fix is working for me... |
Issue is fixed for me without changing anything in the configuration file. @CaesarRulezzz, did you enter the address of your network's router into the “DNS settings” → “Private DNS servers”? |
Updates #3064. Squashed commit of the following: commit 2cfeb83 Author: Ainar Garipov <[email protected]> Date: Thu May 13 14:02:08 2021 +0300 all: imp code, expose pprof port commit a22656a Author: Ainar Garipov <[email protected]> Date: Thu May 13 13:34:05 2021 +0300 all: imp code, dockerfile commit 35e2145 Author: Ainar Garipov <[email protected]> Date: Thu May 13 12:34:09 2021 +0300 dnsforward: exclude docker dns
|
@N1ghtshad0w, @CaesarRulezzz, @DeuceCode, we've pushed a possible fix to the edge channel in revision 1b789b5. Could you please check if the solution works for you? |
@ainar-g, using edge Version: v0.107.0-a.23+c890f5c1. Everything seems as expected so far. |
I'm using Edge version v0.107.0-a.23+c890f5c1 (docker container). So far so good |
|
Apologies for not being able to get back to you. |
|
It seems like the Docker fix worked for most people. We're going to release it with v0.106.3 in the nearest days. |
Updates #3064. Squashed commit of the following: commit 2cfeb83 Author: Ainar Garipov <[email protected]> Date: Thu May 13 14:02:08 2021 +0300 all: imp code, expose pprof port commit a22656a Author: Ainar Garipov <[email protected]> Date: Thu May 13 13:34:05 2021 +0300 all: imp code, dockerfile commit 35e2145 Author: Ainar Garipov <[email protected]> Date: Thu May 13 12:34:09 2021 +0300 dnsforward: exclude docker dns
|
I upgraded to v0.106.3 the initial issue is solved, but still why does it send PTR requests to all my clients though my router is listed under “Private DNS servers” and "Upstream DNS servers" → "[/x.x.in-addr.arpa/]x.x.x.x"? below is an image of the top queried domains over a period of 29 hours: |
|
The bug isn't fixed for me. My log is still spammed with thousands of PTR requests. I don't use docker by the way.
|
It is cached, but the TTL is just 10 minutes. We might need to increase it. |
I disabled "Enable of reverse resolving of clients IP addresses". It's still spamming those requests. I use Adguard Home since the first release and never had this issue before. I started to experience this issue 1 or 2 releases ago on both of my Raspberry Pi's. |
@ameshkov, I have been setting "Override minimum TTL" → "3600" and "Override maximum TTL" → "68400" since I started using AGH. Unless there is an internal setting for rDNS TTL that I am not aware of. |
Worked for me, thanks! (Using v0.106.3)
|
Updates AdguardTeam#3064. Squashed commit of the following: commit 2cfeb83 Author: Ainar Garipov <[email protected]> Date: Thu May 13 14:02:08 2021 +0300 all: imp code, expose pprof port commit a22656a Author: Ainar Garipov <[email protected]> Date: Thu May 13 13:34:05 2021 +0300 all: imp code, dockerfile commit 35e2145 Author: Ainar Garipov <[email protected]> Date: Thu May 13 12:34:09 2021 +0300 dnsforward: exclude docker dns
Issue Details
Expected Behavior
AGH should run with minimal CPU usage.
Actual Behavior
AGH runs with high CPU usage dragging the whole system down resulting in a slow DNS response.
Additional Information
AGH was running fine using v0.105.2.
Upgraded to v0.106.1 over the previous version without changing any settings.
Slow DNS responses noticed immediately.
Running DNS benchmark revealed that AGH was running slower than external DNS.
Further investigation revealed that AGH is using high CPU %.
Clean installed v0.106.1 and reconfigured from scratch and still problem exists (high CPU usage and slow DNS response).
Rolling back to v0.105.2 fixes the problem.
The text was updated successfully, but these errors were encountered: