Dear Mukund,
thank you for the excellent reply, really.
In fact, it is very strange.
In the same machine, and same Bind daemon, when incoming queries
increase and bottlenecks become visible, is i try to query an alias IP
it respond immediately.
Bind doesn't seem to be the problem but, as you said, something in
networking/socket/stack environments.
Using "netstat -su", i noticed an appreciable number of UDP packet
receive errors:
netstat -su
IcmpMsg:
InType0: 180
InType3: 7409507
InType8: 103791
InType11: 20541
OutType0: 103791
OutType3: 2839671
OutType8: 185
Udp:
774530039 packets received
11779662 packets to unknown port received.
3602407 packet receive errors
776247231 packets sent
3588125 receive buffer errors
0 send buffer errors
InCsumErrors: 14279
Do you think they could be related to UDP dropped packets?
I think i have already tuned some parameters (nf_conntrack, rmem_max,
wmem_max, ecc)
and i have totally removed connection tracking using "raw" queue on
local iptables.
How could i increase the number of socket on a single IP address,
since Bind is working perfectly on the secondary address,
when the first one is stucked?
Thank you again, very best regards!
FC
Il giorno lun 20 mag 2019 alle ore 15:03 Mukund Sivaraman
<m...@mukund.org> ha scritto:
>
> On Mon, May 20, 2019 at 10:06:09AM +0200, Ict Security wrote:
> > Dear guys,
> >
> > i am experiencing a very strange beahviour of Bind under busy peak time.
> >
> > With a quite important number of incoming DNS queries, response are
> > really, really slow;
> > sometimes they even stuck.
> >
> > If i try to query, in those busy moments, an alias secondary IP
> > address of the same machine, the response is really immediate!
> >
> > I have disabled connection tracking and raised up nf_conntrack_max.
> > In system logs, i do not see any limitations or buffer full.
> >
> > Do i need to balance incoming connection on more alias IP?
> > Or shall i change some other parameters which i am not aware at the moment?
>
> It's not possible to say exactly what's going on without more detailed
> info. It's possible that named has reached its query performance limit
> and so the recv queue is at its max capacity for that listening
> socket. Possibly queries are getting dropped due to this. In that case,
> increasing the recv queue is unlikely to help and possibly just cause
> bloat. See what "netstat -lu" or "ss -lu" tells you, and load of the
> system.
>
> Possibly you can attempt to mitigate this by tuning various knobs, e.g.,
> disable excessive logging and query logging, increase the number of UDP
> listeners and worker threads to match your CPU count, etc. There isn't
> much that can be improved on 9.10 I'm afraid.
>
> You may want to try BIND 9.12+ that has performance optimizations.
>
> Mukund
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
