Messages

Hi!
Any chance the build Simon is referring to can be added to the repo so I can install it?

Message from Simon

That's quite the memory leak!

Are you using dnsmasq for DNS, or just for DHCP?

If you can arrange to run dnsmasq 2.92test2 from FreeBSD ports as
Matthias suggests in
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q1/018395.html
then that would be really useful with the log-malloc option.


Cheers,

Simon.

Here are the log files I sent Simon

https://drive.google.com/file/d/1N16fclaKNR6PaC3_f82hPn-mGaoRsuzI/view?usp=sharing

I couldn't post them directly here.

Yup.  I restarted dnsmasq after the update. 

Hi Cedrik,
Can you answer Simon's questions?

I just sent SIGHUP twice in succession to the dnsmasq process in my
OpenWRT router, with the new malloc-logging feature enabled.

HUP frees a load of configuration and the re-reads it and I correlated
all the memory freed by the second HUP with what was allocated in the
first HUP.

It's perfect. Every block is freed.


This is a fairly old installation, so old libraries, etc, but the very
latest dnsmasq code.

The configuration it's re-reading is pretty small.

I then tried your technique of hitting dnsmasq hard with many HUPs.

I had to go up to half a million to see much effect, but I guess most of
those were dropped since they will have arrived before the previous one
was cleared.

In any case I could see a reproducible rise of a few percent in the VSZ
of the process each time.

What's clear is that the configuration is stored in a _lot_ of small
allocations, so re-reading a substantial configuration  will free a lot
of small blocks and then malloc a lot of small blocks.

A quick Google produces some complaints about the fragmentation
performance of musl, which may be significant.

Is your installation using musl as the C library, and is it possible to
build dnsmasq against, say glibc to test?

Nearly all of the memory management on dnsmasq that gets hit by
answering DNS or DHCP requests avoid hammering the malloc system by
building pools of free data structures that get re-cycled as needed.
Once the pools have grown to equilibrium size, even a very busy server
hardly uses the heap. I guess the configuration code to use the same
policy, but it's a big re-write, and re-reading configuration on a
sub-second timescale is an unlikely use-case.




Cheers,

Simon.

Hi Franco,
No change in behavior with the older version...

root@OPNsense:~ # cat dns_mem_usage.out
Fri Jan 30 06:40:33 EST 2026
  PID %CPU  RSS   VSZ COMMAND
80630  0.0 6176 17772 dnsmasq
Fri Jan 30 07:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 19236 33644 dnsmasq
Fri Jan 30 08:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 31632 46956 dnsmasq
Fri Jan 30 09:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 47600 65388 dnsmasq
Fri Jan 30 10:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 64412 92012 dnsmasq
Fri Jan 30 11:40:34 EST 2026
  PID %CPU   RSS    VSZ COMMAND
80630  0.0 79216 108396 dnsmasq
Fri Jan 30 12:40:34 EST 2026
  PID %CPU   RSS    VSZ COMMAND
80630  0.0 91224 128876 dnsmasq
Fri Jan 30 13:40:34 EST 2026
  PID %CPU    RSS    VSZ COMMAND
80630  0.0 107776 128876 dnsmasq
Fri Jan 30 14:40:34 EST 2026
  PID %CPU    RSS    VSZ COMMAND
80630  0.0 124400 153452 dnsmasq

Hi Franco,
Reverted.  Will keep you posted on memory consumption.

root@OPNsense:~ # opnsense-revert -zi dnsmasq
Fetching dnsmasq.pkg: .. done
dnsmasq-2.91_1,1: already unlocked
Installing dnsmasq-2.92,1...
package dnsmasq is already installed, forced install
Extracting dnsmasq-2.92,1: 100%
=====
Message from dnsmasq-2.92,1:

Hi Franco,
I tried to revert and received the following error message...
root@OPNsense:~ #  opnsense-revert -z dnsmasq
Fetching dnsmasq.pkg: ... done
No trusted fingerprint found matching file's certificate
 failed

I sent Simon the information.  And for fun I asked Claude to take a stab.. below is its analysis...

Analysis Complete
Your dnsmasq memory issue is caused by unbounded DHCP lease tracking combined with a high volume of client activity. Here's what's happening:
The Problem
Over 16.6 hours, your dnsmasq process grew from 9.8 MB to 208 MB (a 2,017% increase). This steady growth at ~11.9 MB/hour is driven by:
355 unique MAC addresses generating continuous DHCP traffic, with dnsmasq storing lease history for:

Both IPv4 and IPv6 addresses (dual-stack)
Lease renewals and hostname resolution attempts
123 IP addresses being reused across multiple MACs

The cache is configured at size 10000, but dnsmasq doesn't automatically expire old DHCP lease data from memory, causing indefinite accumulation.
Key Contributors

High client volume: 355 unique devices is substantial for a home network
Peak activity spikes: 103-114 unique MACs active at 6 AM
Hostname conflict: Your mac-mini-server generates 740 warnings/day due to IPv6 address mismatch (DHCP trying to assign ::1863 while static entry uses ::bbc2)

Recommended Fix Priority
Immediate (today):

Restart dnsmasq to clear memory
Fix the mac-mini-server IPv6 conflict in your static host entries

Short-term (this week):
3. Monitor memory post-restart to confirm the pattern repeats
4. Enable dhcp-leasefile to persist leases to disk instead of RAM
Long-term:
5. Set up weekly automated dnsmasq restart via cron
6. Review your 355 MAC addresses - are they all legitimate/active devices?
7. Consider reducing cache-size if you don't need 10000 DNS entries
8. If the issue persists, consider dedicated DHCP server software
This is a known behavior with dnsmasq under high DHCP load rather than a bug - it simply needs periodic restarts or better lease file management.

All patched and logging turned on. :-). I also turned on RA in dnsmasq and turned off radvd.

Patching file opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf using Plan A...
Hunk #1 succeeded at 152.
No such line 354 in input file, ignoring
Hunk #2 succeeded at 347 (offset -8 lines).
done
All patches have been applied successfully.  Have a nice day.

HI!  Simon from dnsmasq is asking me to adjust the dnsmasq config as follows:

add
log-queries=extra
log-dhcp
log-facility=/path/to/file

and remove the quiet-* options that are there now.

How do I do this?  The template seems to have a lot of logic in it and I don't want to break anything.

Message sent to the list.  Will keep everyone posted.

Here's something interesting... it looks like there is a problem with serving DHCPv6... so after turning on radvd memory consumption started increasing substantially...

97469 34896 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 08:03:02 EST 2026
  PID   RSS COMMAND
97469 49720 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 09:03:02 EST 2026
  PID   RSS COMMAND
97469 65652 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 10:03:02 EST 2026
  PID   RSS COMMAND
97469 92148 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 11:03:02 EST 2026
  PID    RSS COMMAND
97469 121672 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 12:03:02 EST 2026
  PID    RSS COMMAND
97469 139552 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 13:03:02 EST 2026
  PID    RSS COMMAND
97469 154424 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 14:03:02 EST 2026

It looks dnsmasq's memory consumption is greatly reduced by turning off RA advertisement... I'm going to turn on the radvd and leave RA off to see if dnsmasq's memory consumption stabilizes.  So to recap my dnsmasq configuration will only serve dhcpv4/v6.  DNS is handled by unbound and RA will be handled by radvd.

disable RA advertisement
  PID  RSS COMMAND
97469 7124 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 18:03:01 EST 2026
  PID  RSS COMMAND
97469 9884 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 19:03:01 EST 2026
  PID   RSS COMMAND
97469 14064 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 20:03:01 EST 2026
  PID   RSS COMMAND
97469 16096 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 21:03:02 EST 2026
  PID   RSS COMMAND
97469 17256 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 22:03:02 EST 2026
  PID   RSS COMMAND
97469 21000 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 23:03:02 EST 2026
  PID   RSS COMMAND
97469 22664 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 00:03:02 EST 2026
  PID   RSS COMMAND
97469 24208 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 01:03:02 EST 2026
  PID   RSS COMMAND
97469 27100 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 02:03:02 EST 2026
  PID   RSS COMMAND
97469 29020 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 03:03:02 EST 2026
  PID   RSS COMMAND
97469 30472 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 04:03:02 EST 2026
  PID   RSS COMMAND
97469 31488 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 05:03:02 EST 2026
  PID   RSS COMMAND
97469 32776 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 06:03:02 EST 2026
  PID   RSS COMMAND
97469 34176 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 07:03:02 EST 2026
  PID   RSS COMMAND
97469 34896 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 08:03:02 EST 2026