OPNsense Forum

I've switched from ISC DHCP to dnsmasq a few weeks ago. Followed the instructions thoroughly, and all seems to work fine. But twice since the switch the dnsmasq service has just stopped witch of course leads to clients not getting their IP-addresses.

After manually giving my main work computer a fixed address, I can connect with OPNsense server and start the service again. I see nothing in the logs.

Got any weird settings on like strict interface binding (dnsmasq general settings, advanced)? If interfaces drop out I can imagine dnsmasq not liking that.

Interesting

Early yesterday I switched from kea to dnsmasq

I imported my static mappings. (It missed one). And it worked all day yesterday.

I just got home from work and connected my iPhone to wireless.  I couldn't view any websites. I have been using a controld apple mobile profile...l I thought maybe the service was down so moved to quad 9 https over dns.  Phone still said no network access, but had a valid ip address?..    I ended up turning off dnsmasq and enabling kea and all was good again


Should you reboot thevfirewall after going from one service to the other?

Next morning edit.
I enabled dnsmasq again and turned off kea and rebooted the firewall..
Devices are still not working.  Unbound is enabled and has been working fine forwarding to quad 9


Another edit.   I found the issue it was on my end

Quote from: Monviech (Cedrik) on November 03, 2025, 08:54:03 AMGot any weird settings on like strict interface binding (dnsmasq general settings, advanced)? If interfaces drop out I can imagine dnsmasq not liking that.

No it is very straight forward. Activated on LAN only. Nothing extra. Just a simple DHCP span from 101 to 200. about ten fixed addresses. DNS via Unbound as suggested.

I went away two days, when I come home DNSmasq has stopped again. So I gove a fixed address to my iMac, start Dnsmasq again. Tomorrow I'll activate KEA instead

Well, at least check if dmesg says dnsmasq segfaulted with would mean you're running into an upstream bug... I get that it can be inconvenient, but it's also a normal software thing that can happen and you can help solve it.  ;)


Cheers,
Franco

dmesg says nothing about dnsmasq! no segfaults shown

So Dnsmasq is still running but not responding?

Quote from: franco on November 11, 2025, 07:55:19 AMSo Dnsmasq is still running but not responding?

It works when running, but is stopped without notification three times, causing trouble. I turned it off and am back to ISC DHCP witch never fails.

I'm having the same problem.  I transitioned from ISC to dnsmasq as part of my upgrade to 25.7.  When dnsmasq works, it works extremely well.  But I've just run into my 4th occurrence this morning where I found that most of my network was down because the devices could not renew their ip addresses.  I have a desktop with a static IP and I used that to log into the firewall.  I found the gateway monitor service, ddclient and dnsmasq all "off".  I restarted dnsmasq plus the other services and my network is working again.  I've checked the logs and it doesn't show anything meaningful (see attached), and my dmesg entries only show arp proxy ignoring request entries.  Attached is also my configuration... I love the simplicity of dnsmasq and don't want to switch.  Any help would be appreciated.

TIA

I switch to Kea when it was available on OPNsense and used it soley.

i converted my static mappings to dnsmasq when it was available.    i honestly i tried it for a few weeks,  didn't have any issues that i could see, or errors in the log viewer.

my main finding was memory usage for 25 devices was very sporadic.  would run it for a week at a time and compare it with kea

kea never changed memory usage like dnsmasq does
i have been using it for DHCP only.    unbound for DNS
back to kea

I just had another outage... so I switched to a combination of unbound and kea. 

Welp, KEA stopped working this morning and I had to fail back to dnsmasq to get the network up and running again... can I provide additional logs to identify why dnsmaq stops randomly?

It could be assumed its some sort of memory leak.

Can you check how much RAM dnsmasq takes and if it increases steadily?

Sure thing.  I'm running this:
sh -c 'while true; do ps -o pid,rss,command -p 45263; date; sleep 3600; done >> dns_mem_usage.out' &

and will post it in a few days

Let me know if you want the mem usage captured differently.

One difference is that I'm still using Unbound for DNS and using dnsmasq only for DHCP and DHCPv6

this morning I found the pid changed... so I updated the monitor loop to pick up the new PID if it changes again...

sh -c 'while true; do ps -o pid,rss,command -p `cat /var/run/dnsmasq.pid`; date; sleep 3600; done' >> dns_mem_usage.out &

Hi!  It looks like the memory is usage is increasing.  See attached log file.

Here are the last few lines...
  PID    RSS COMMAND
27052 862192 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Tue Jan 13 10:02:59 EST 2026
  PID    RSS COMMAND
27052 875284 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Tue Jan 13 11:02:59 EST 2026
  PID    RSS COMMAND
27052 888480 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Tue Jan 13 12:02:59 EST 2026
  PID    RSS COMMAND
27052 902784 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Tue Jan 13 13:02:59 EST 2026

It looks like it increases indeed. What features are you using? Can you share the /usr/local/etc/dnsmasq.conf

How stable is your WAN connection, do you have any churn in the files or folders referenced in dnsmasq.conf?

E.g very fast lease churn by some aggressive clients, or lots of hostname changes etc... It would be great if we can find the exact feature in the dnsmasq.conf that causes this.

Would be great if this is somehow reproducible.

Hi.  I don't see a lot of churn on the files referenced in the conf file
root@OPNsense:/usr/local/etc/dnsmasq.conf.d # ls -l
total 16
-rw-r--r--  1 root wheel  85 Dec 18 08:13 README
-rw-r--r--  1 root wheel  41 Sep 15 15:21 jdownloader.conf
-rw-r--r--  1 root wheel 211 Sep 14 21:26 lucid.conf
-rw-r--r--  1 root wheel  31 Sep 14 19:41 plex.conf

I'm attaching my dnsmasq.conf.  I don't think I'm doing anything special with my installation. 

My WAN connection is stable.  I don't see instability in it but if you tell me what to look for then I can validate the logs to be certain. 

You are indeed not doing anything strange (other than having some custom config files but that can be found out).
Can you try some of these things:

- 1. comment these out, one by one, see if anything changes. If we know the exact folder/file that would be great:
(Go to /usr/local/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf and just put a "#" before these lines one by one. Then restart dnsmasq via Apply in the GUI each time and monitor for a while)
# addn-hosts=/var/etc/dnsmasq-hosts
# addn-hosts=/var/etc/dnsmasq-leases
# conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf

- 2. Random guess, can you try to disable Router Advertisements/DHCPv6 in the GUI and see if that changes anything?

Try these one by one and see if it changes anything.


PS: Just make sure to mask your dhcp-host entries in that prior dnsmasq.conf file attached to your post, so not everyone knows your network.

Sounds good.  I'll start today and will post my results incrementally.  :-)

#addn-hosts=/var/etc/dnsmasq-hosts
  PID   RSS COMMAND
33508 13588 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Wed Jan 14 22:03:00 EST 2026
  PID   RSS COMMAND
33508 25680 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Wed Jan 14 23:03:00 EST 2026
  PID   RSS COMMAND
33508 34596 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 00:03:00 EST 2026
  PID   RSS COMMAND
33508 45100 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 01:03:00 EST 2026
  PID   RSS COMMAND
33508 54300 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 02:03:00 EST 2026
  PID   RSS COMMAND
33508 66420 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 03:03:00 EST 2026
  PID   RSS COMMAND
33508 73424 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 04:03:00 EST 2026
  PID   RSS COMMAND
33508 80200 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 05:03:00 EST 2026
  PID   RSS COMMAND
33508 90912 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 06:03:00 EST 2026

I just found out that each time I hit apply in the GUI, opnsense overwrites the dnsmasq.conf file and removes my "#" entries... :-(. Any ideas on how I can continue to troubleshoot?

yeah give my initial post another look, I especially provided the template path.

My bad... Thank you for reorienting me.  I'm testing again.

No problem it would be really helpful if you can find something. Thanks for testing :)

#addn-hosts=/var/etc/dnsmasq-hosts
  PID   RSS COMMAND
48348 20328 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 15:03:00 EST 2026
  PID   RSS COMMAND
48348 36056 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 16:03:00 EST 2026
  PID   RSS COMMAND
48348 54044 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 17:03:00 EST 2026
  PID   RSS COMMAND
48348 77012 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 18:03:00 EST 2026
  PID   RSS COMMAND
48348 91060 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 19:03:00 EST 2026
  PID    RSS COMMAND
48348 106724 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 20:03:00 EST 2026
  PID    RSS COMMAND
48348 129852 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Thu Jan 15 21:03:00 EST 2026

addn-hosts=/var/etc/dnsmasq-hosts
#addn-hosts=/var/etc/dnsmasq-leases
  PID  RSS COMMAND
63604 5000 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Fri Jan 16 14:03:01 EST 2026
  PID   RSS COMMAND
63604 19156 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Fri Jan 16 15:03:01 EST 2026
  PID   RSS COMMAND
63604 39708 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Fri Jan 16 16:03:01 EST 2026
  PID   RSS COMMAND
63604 66068 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Fri Jan 16 17:03:01 EST 2026
  PID   RSS COMMAND
63604 90212 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Fri Jan 16 18:03:01 EST 2026
  PID    RSS COMMAND
63604 109960 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Fri Jan 16 19:03:01 EST 2026
  PID    RSS COMMAND

addn-hosts=/var/etc/dnsmasq-hosts
addn-hosts=/var/etc/dnsmasq-leases
#conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf
  PID   RSS COMMAND
51305 14916 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 09:03:01 EST 2026
  PID   RSS COMMAND
51305 31912 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 10:03:01 EST 2026
  PID   RSS COMMAND
51305 50476 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 11:03:01 EST 2026
  PID   RSS COMMAND
51305 66684 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 12:03:01 EST 2026
  PID   RSS COMMAND
51305 80724 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 13:03:01 EST 2026
  PID   RSS COMMAND
51305 99828 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 14:03:01 EST 2026
  PID    RSS COMMAND
51305 118236 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 15:03:01 EST 2026

Very similar to the issue I have with dnsmasq.  Continually growing memory region until it consumes all the available memory.

I created a cron entry to restart dnsmasq every morning at 1am; that has gotten me 'over the hump' so to speak.

But there is for sure a memory leak somewhere in dnsmasq; unfortunately we don't have the right bits turned on to enable dtrace in the freebsd base... it would help narrow this down for sure.  (Long live Sun Microsystems!)

disable RA advertisement
  PID  RSS COMMAND
97469 7124 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 18:03:01 EST 2026
  PID  RSS COMMAND
97469 9884 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 19:03:01 EST 2026
  PID   RSS COMMAND
97469 14064 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 20:03:01 EST 2026
  PID   RSS COMMAND
97469 16096 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 21:03:02 EST 2026
  PID   RSS COMMAND
97469 17256 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 22:03:02 EST 2026
  PID   RSS COMMAND
97469 21000 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 23:03:02 EST 2026
  PID   RSS COMMAND
97469 22664 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 00:03:02 EST 2026
  PID   RSS COMMAND
97469 24208 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 01:03:02 EST 2026
  PID   RSS COMMAND
97469 27100 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 02:03:02 EST 2026
  PID   RSS COMMAND
97469 29020 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 03:03:02 EST 2026
  PID   RSS COMMAND
97469 30472 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 04:03:02 EST 2026
  PID   RSS COMMAND
97469 31488 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 05:03:02 EST 2026
  PID   RSS COMMAND
97469 32776 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 06:03:02 EST 2026
  PID   RSS COMMAND
97469 34176 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 07:03:02 EST 2026
  PID   RSS COMMAND
97469 34896 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 08:03:02 EST 2026

It looks dnsmasq's memory consumption is greatly reduced by turning off RA advertisement... I'm going to turn on the radvd and leave RA off to see if dnsmasq's memory consumption stabilizes.  So to recap my dnsmasq configuration will only serve dhcpv4/v6.  DNS is handled by unbound and RA will be handled by radvd.

Thanks for testing, if this is indeed the result and others can verify this as well, we could ask in the dnsmasq mailing list.

Here's something interesting... it looks like there is a problem with serving DHCPv6... so after turning on radvd memory consumption started increasing substantially...

97469 34896 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 08:03:02 EST 2026
  PID   RSS COMMAND
97469 49720 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 09:03:02 EST 2026
  PID   RSS COMMAND
97469 65652 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 10:03:02 EST 2026
  PID   RSS COMMAND
97469 92148 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 11:03:02 EST 2026
  PID    RSS COMMAND
97469 121672 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 12:03:02 EST 2026
  PID    RSS COMMAND
97469 139552 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 13:03:02 EST 2026
  PID    RSS COMMAND
97469 154424 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 14:03:02 EST 2026

Could you post your findings to the dnsmasq mailing list to see if you get a response from the author? It would be great if you could do it, since you are affected directly by the issue.

https://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Message sent to the list.  Will keep everyone posted.

Thank you, if you need any help or do not know how to get specific information that is requested, let me know.

Backreference: https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg18211.html

HI!  Simon from dnsmasq is asking me to adjust the dnsmasq config as follows:

add
log-queries=extra
log-dhcp
log-facility=/path/to/file

and remove the quiet-* options that are there now.

How do I do this?  The template seems to have a lot of logic in it and I don't want to break anything.

Hello,

the quiet options are a small bug in the template, please execute the following in the shell:

opnsense-patch https://github.com/opnsense/core/commit/664c80e7cab26725872c5b6f3ce2a2b6c0f566e5


Afterwards in the Dnsmasq general settings in the GUI select the following (enable advanced mode toggle):

- Log the results of DNS queries
- Log DHCP options and tags

I dont think you need a log facility, dnsmasqs log output is redirected to syslog-ng. You can find all logs in

- /var/log/dnsmasq/...

You can find events like interface up/down events with this command:

- dmesg

Other interesting logs are redirected here:

- /var/log/system/...
- /var/log/configd/...

I would suggest you only run dnsmasq features and not use radvd since that will tighten the scope.

If you need something else let me know.

All patched and logging turned on. :-). I also turned on RA in dnsmasq and turned off radvd.

Patching file opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf using Plan A...
Hunk #1 succeeded at 152.
No such line 354 in input file, ignoring
Hunk #2 succeeded at 347 (offset -8 lines).
done
All patches have been applied successfully.  Have a nice day.

I sent Simon the information.  And for fun I asked Claude to take a stab.. below is its analysis...

Analysis Complete
Your dnsmasq memory issue is caused by unbounded DHCP lease tracking combined with a high volume of client activity. Here's what's happening:
The Problem
Over 16.6 hours, your dnsmasq process grew from 9.8 MB to 208 MB (a 2,017% increase). This steady growth at ~11.9 MB/hour is driven by:
355 unique MAC addresses generating continuous DHCP traffic, with dnsmasq storing lease history for:

Both IPv4 and IPv6 addresses (dual-stack)
Lease renewals and hostname resolution attempts
123 IP addresses being reused across multiple MACs

The cache is configured at size 10000, but dnsmasq doesn't automatically expire old DHCP lease data from memory, causing indefinite accumulation.
Key Contributors

High client volume: 355 unique devices is substantial for a home network
Peak activity spikes: 103-114 unique MACs active at 6 AM
Hostname conflict: Your mac-mini-server generates 740 warnings/day due to IPv6 address mismatch (DHCP trying to assign ::1863 while static entry uses ::bbc2)

Recommended Fix Priority
Immediate (today):

Restart dnsmasq to clear memory
Fix the mac-mini-server IPv6 conflict in your static host entries

Short-term (this week):
3. Monitor memory post-restart to confirm the pattern repeats
4. Enable dhcp-leasefile to persist leases to disk instead of RAM
Long-term:
5. Set up weekly automated dnsmasq restart via cron
6. Review your 355 MAC addresses - are they all legitimate/active devices?
7. Consider reducing cache-size if you don't need 10000 DNS entries
8. If the issue persists, consider dedicated DHCP server software
This is a known behavior with dnsmasq under high DHCP load rather than a bug - it simply needs periodic restarts or better lease file management.

How about testing Dnsmasq 2.92 instead?

# opnsense-revert -z dnsmasq

if this is no workie you can go back to the latest with

# opnsense-revert dnsmasq


Cheers,
Franco

Hi Franco,
I tried to revert and received the following error message...
root@OPNsense:~ #  opnsense-revert -z dnsmasq
Fetching dnsmasq.pkg: ... done
No trusted fingerprint found matching file's certificate
 failed

I assume you're still on 25.7.11? You can add "-i" to the command line to skip signature verification or at least update to 25.7.11_9 which ships the new signature.


Cheers,
Franco

Hi Franco,
Reverted.  Will keep you posted on memory consumption.

root@OPNsense:~ # opnsense-revert -zi dnsmasq
Fetching dnsmasq.pkg: .. done
dnsmasq-2.91_1,1: already unlocked
Installing dnsmasq-2.92,1...
package dnsmasq is already installed, forced install
Extracting dnsmasq-2.92,1: 100%
=====
Message from dnsmasq-2.92,1:

Hi Franco,
No change in behavior with the older version...

root@OPNsense:~ # cat dns_mem_usage.out
Fri Jan 30 06:40:33 EST 2026
  PID %CPU  RSS   VSZ COMMAND
80630  0.0 6176 17772 dnsmasq
Fri Jan 30 07:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 19236 33644 dnsmasq
Fri Jan 30 08:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 31632 46956 dnsmasq
Fri Jan 30 09:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 47600 65388 dnsmasq
Fri Jan 30 10:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 64412 92012 dnsmasq
Fri Jan 30 11:40:34 EST 2026
  PID %CPU   RSS    VSZ COMMAND
80630  0.0 79216 108396 dnsmasq
Fri Jan 30 12:40:34 EST 2026
  PID %CPU   RSS    VSZ COMMAND
80630  0.0 91224 128876 dnsmasq
Fri Jan 30 13:40:34 EST 2026
  PID %CPU    RSS    VSZ COMMAND
80630  0.0 107776 128876 dnsmasq
Fri Jan 30 14:40:34 EST 2026
  PID %CPU    RSS    VSZ COMMAND
80630  0.0 124400 153452 dnsmasq

Hi Cedrik,
Can you answer Simon's questions?

I just sent SIGHUP twice in succession to the dnsmasq process in my
OpenWRT router, with the new malloc-logging feature enabled.

HUP frees a load of configuration and the re-reads it and I correlated
all the memory freed by the second HUP with what was allocated in the
first HUP.

It's perfect. Every block is freed.


This is a fairly old installation, so old libraries, etc, but the very
latest dnsmasq code.

The configuration it's re-reading is pretty small.

I then tried your technique of hitting dnsmasq hard with many HUPs.

I had to go up to half a million to see much effect, but I guess most of
those were dropped since they will have arrived before the previous one
was cleared.

In any case I could see a reproducible rise of a few percent in the VSZ
of the process each time.

What's clear is that the configuration is stored in a _lot_ of small
allocations, so re-reading a substantial configuration  will free a lot
of small blocks and then malloc a lot of small blocks.

A quick Google produces some complaints about the fragmentation
performance of musl, which may be significant.

Is your installation using musl as the C library, and is it possible to
build dnsmasq against, say glibc to test?

Nearly all of the memory management on dnsmasq that gets hit by
answering DNS or DHCP requests avoid hammering the malloc system by
building pools of free data structures that get re-cycled as needed.
Once the pools have grown to equilibrium size, even a very busy server
hardly uses the heap. I guess the configuration code to use the same
policy, but it's a big re-write, and re-reading configuration on a
sub-second timescale is an unlikely use-case.




Cheers,

Simon.

Im not sure what to answer there, since it relates to another email in the same mailing list thread. And its about OpenWRT which is linux based. We don't even know if the issue reported there, and the issue you have are the same.

Yours is more clearly scoped around DHCPv6 and/or RA as it seems, and less likely  around configuration reloads (just going from heuristics, I don't know for sure).

Als you didnt test with an older version, you tested with 2.91 and 2.92 now.

If you must use a devel built with the --log-malloc option we can probably try to help offering something, but could you send your other logs yet that were requested earlier in the mailing list?

For reference Im following it here:
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/

> No change in behavior with the older version...

Well, it's a newer version.  Did you restart Dnsmasq to be sure?

We can always try the latest development version, but it looks a bit like chasing ghosts at the moment.


Cheers,
Franco

Yup.  I restarted dnsmasq after the update. 

Here are the log files I sent Simon

https://drive.google.com/file/d/1N16fclaKNR6PaC3_f82hPn-mGaoRsuzI/view?usp=sharing

I couldn't post them directly here.

Message from Simon

That's quite the memory leak!

Are you using dnsmasq for DNS, or just for DHCP?

If you can arrange to run dnsmasq 2.92test2 from FreeBSD ports as
Matthias suggests in
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q1/018395.html
then that would be really useful with the log-malloc option.


Cheers,

Simon.

Hi!
Any chance the build Simon is referring to can be added to the repo so I can install it?

Hello, we can offer something soon. To track this better, could you maybe open an issue here:

https://github.com/opnsense/ports/issues

Our port is located here:

https://github.com/opnsense/ports/tree/master/opnsense/dnsmasq