socket buffers
^
203382 delivered
212059 datagrams output
187019 missed PCB cache
Unfortunately I see no real difference in BIND's performance with the
values I tested (262144, 131072).
--
Kostas Zorbadelos
twitter:@kzorbade
Stuart Henderson writes:
> On 2013-04-19, Kostas Zorbadelos wrote:
>> root@dmeg-dns1 ~ # /usr/local/sbin/named -V BIND 9.9.2-P2 built with
>> --enable-shared' '--enable-threads'
>
> You could try rebuilding the port without --enable-threads and see if it&
hy stable and decently performant should be contradictory.
Regards
> //mxb
--
Kostas Zorbadelos
twitter:@kzorbadeloshttp://gr.linkedin.com/in/kzorba
() www.asciiribbon.org - against HTML e-mail & proprietary attachments
/\
D developments. I guess all the threading work is happening
to give a performance boost and not the other way round, correct?
Either way I am willing to test.
--
Kostas Zorbadelos
twitter:@kzorbadelos
Kostas Zorbadelos writes:
Here is the missing dmesg:
OpenBSD 5.3-current (GENERIC.MP) #40: Tue Mar 26 10:25:59 MDT 2013
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17082220544 (16290MB)
avail mem = 16619790336 (15849MB)
mainbus0 at root
bios0 at mainbus0
20 -d ~/recorded_queries) while only ~9K queries / sec
on OpenBSD (this is less than the current load on our nameservers).
Is there anything I could be missing or a configuration I should try,
before giving up? The thing is that the performance on OpenBSD was worse
than the last time I check
that I have a working quagga configuration but I can
declare there that the ethernet interface is point-to-point.
Thanks in advance,
Kostas
--
Kostas Zorbadelos
twitter:@kzorbadeloshttp://gr.linkedin.com/in/kzorba
Claudio Jeker writes:
> I see no need to support it, I would first consider
> ISIS
Do you have thoughts or plans on producing an ISIS implementation on
OpenBSD?
--
Kostas Zorbadelos
twitter:@kzorbadeloshttp://gr.linkedin.com/in/
-OS_Bof_Summary.pdf
https://ripe65.ripe.net/archives/video/136
Regards,
Kostas
--
Kostas Zorbadelos
twitter:@kzorbadeloshttp://gr.linkedin.com/in/kzorba
() www.asciiribbon.org - against HTML e-mail
"Peter J. Philipp" writes:
> I did this rather fast hoping to get it in for someone I know who is being
> used for a DNS amplifier attack but the final tests broke the hope of
> stopping it with this.
Also have a look at this:
http://www.redbarn.org/dns/ratelimits
Regards,
Kostas
Kapetanakis Giannis writes:
> On 09/06/12 18:58, Kostas Zorbadelos wrote:
>
> Hi,
>
Hi Giannis,
> My understanding so far is that the queries hit your DNS servers from
> your ISP network/clients
Yes.
> and are not spoofed.
I didn't say that.
> Also those quer
Rudolf Leitgeb writes:
> Am Samstag, den 09.06.2012, 14:11 +0300 schrieb Kostas Zorbadelos:
>> The situation is similar but not the same as the one discribed here:
>>
>> https://isc.sans.edu/diary.html?storyid=13261
>>
>> We used IPtables and the string module
Hi, will try to comment to many posts at once :)
> Kostas Zorbadelos writes:
>
>> there is a need to restrict a specific type of DNS queries (ANY queries)
>> in our nameservers. We faced a DDoS attack in our resolvers and the
>> thing is that we could not simply cut acc
Hello all,
there is a need to restrict a specific type of DNS queries (ANY queries)
in our nameservers. We faced a DDoS attack in our resolvers and the
thing is that we could not simply cut access to DNS resolution to
specific client IPs, the queries came from our own unsuspecting
customers.
Th
Theo de Raadt writes:
>> If you are not a member of the ACM, you can read it in ACM
>> Queue, in which it
>> was published in January:
>> http://queue.acm.org/detail.cfm?id=2090149
>
> Yes, and people can even comment there, too. Looks like a few already
> have. However, it is unlikely that the
David Diggles writes:
> On Tue, May 29, 2012 at 01:44:51PM +0300, Kostas Zorbadelos wrote:
>> Henning Brauer writes:
>>
>> > if it is really thread related and not sth small & stupid - try it.
>
> For testing purposes, do you have pf turned off, or a 1 lin
Henning Brauer writes:
> if it is really thread related and not sth small & stupid - try it.
> http://your.favorite.mirror/pub/OpenBSD/snapshots/$arch/
>
Will do.
> also, you'd do yourself much of a favor by using real hardware and not
> some crappy emulation of garbage.
This is what I have fo
Greetings to all,
here is a followup of an older thread [1] regading the use of OpenBSD in
a large scale DNS anycast setup. To make the long story short, OpenBSD
fails to meet our resolving perfomance needs for the time being. The
main issue (from my understanding) is the lack of kernel-level thre
Stuart Henderson writes:
> On 2012-05-25, Kostas Zorbadelos wrote:
>> The question is, is there an interest in developing relevant ports? Is
>> someone working on this?
>
> There are searchable mailing list archives, you know...
>
A quick search showed nothing but t
Simon Perreault writes:
> Unbound is replacing BIND in OpenBSD for increased betterness. Stay tuned...
>
Yes, I have understood that. The question remains: what do you think of
ports for recent BIND versions?
I am trying to make a case for OpenBSD in a demanding resolving setup of
a conservative
Simon Perreault writes:
> Le 12-05-25 06:24, Kostas Zorbadelos a icrit :
>> Henning Brauer writes:
>>
>>> * Kostas Zorbadelos [2012-05-25 10:06]:
>>>> from all relevant discussions I have seen it seems that BIND in base
>>>> will not be updated
Henning Brauer writes:
> * Kostas Zorbadelos [2012-05-25 10:06]:
>> from all relevant discussions I have seen it seems that BIND in base
>> will not be updated to a newer version and unbound has a good chance to
>> be the replacement. The thing is, we need a newe
Hello,
from all relevant discussions I have seen it seems that BIND in base
will not be updated to a newer version and unbound has a good chance to
be the replacement. The thing is, we need a newer version of BIND for
resolving (at least 9.7, preferably 9.8 or in the future 9.9).
The question is,
%MEM COMMAND
>> 31077 S 277:43.57 0 127 15 608272 610340 8145988 1292 10.6 7.3
>> /usr/sbin/named
>
> lim is "memory" not "datasize".
>
> Considering the amount of memory this process is actually using, it
> looks to me more like it's
Stuart Henderson writes:
> On 2012-04-20, Kostas Zorbadelos wrote:
>> Just discovered that under Linux bind seems to use 5 threads (2
>> processors). Under the same VM config on OpenBSD bind seems to have
>> no threads (using T under top(1)).
>
> In 5.0 and 5.1 t
:maxproc-cur=128:\
:openfiles-cur=128:\
:stacksize-cur=4M:\
:localcipher=blowfish,6:\
:ypcipher=old:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
could it be that datasize-max prevails from "default"?
I think I will add a "named" section in login.conf after I study its man
page ;-)
What do you think?
Regards,
Kostas
--
Kostas Zorbadelos
twitter:@kzorbadeloshttp://gr.linkedin.com/in/kzorba
() www.asciiribbon.org - against HTML e-mail & proprietary attachments
/\
Stuart Henderson writes:
> On 2012/04/20 22:44, Kostas Zorbadelos wrote:
>> Stuart Henderson writes:
>>
>> > On 2012-04-20, Kostas Zorbadelos wrote:
>> >>> Also, per process limits play a role.
>> >>>
>> >>
>> >> Do
Just discovered that under Linux bind seems to use 5 threads (2
processors). Under the same VM config on OpenBSD bind seems to have
no threads (using T under top(1)).
Is this part of the patches in the OpenBSD version of BIND?
Regards,
Kostas
--
Kostas Zorbadelos
twitter
Stuart Henderson writes:
> On 2012-04-20, Kostas Zorbadelos wrote:
>>> Also, per process limits play a role.
>>>
>>
>> Does named has such a limit by default?
>
> OpenBSD has a limit by default, see login.conf(5). Daemons started
> when the system is b
.
> 6. If #3 and #5 differ, you're good. ;)
>
> Simon
Regards,
Kostas
--
Kostas Zorbadelos
twitter:@kzorbadeloshttp://gr.linkedin.com/in/kzorba
() www.asciiribbon.org - against HTML e-mail & proprietary attachments
/\
Simon Perreault writes:
> On 2012-04-20 07:43, Kostas Zorbadelos wrote:
Hi Simon,
>> I understand the kernel VM layers are completely different, but how come
>> the named process on OpenBSD for the same load consumes so low resident
>> memory? Also, why VZS< RSS on
0k used, 5486188k free, 219112k cached
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND
19542 named 20 0 5062m 4.7g 2564 S 7.9 61.5 232:57.98 named
Regard
en I order the servers).
I understand I need reading. Any pointers to documentation or hints are
highly welcome.
Regards,
Kostas
--
Kostas Zorbadelos
twitter:@kzorbadeloshttp://gr.
Lately, I have found an ISP here in Germany who hands out free native
>> >> IPv6 access, which is to be used on top of the existing DSL line. And I
>> >> already have an account with t
:)
Regards,
Kostas
[1] http://www.kernel-panic.it/openbsd/vpn/index.html
[2] http://www.daemonforums.org/showthread.php?t=2610
--
Kostas Zorbadelos
twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba
g the
company buys some 12G Dell servers) I can arrange for remote access to a
dedicated machine for a period of time to interested developers.
Thanks,
Kostas
--
Kostas Zorbadelos
twitter:@kzorbadelos
releases will have been made. What do you think?
Will the hardware be supported by then?
As you can tell I do not control the procurement procedure, but I can
ask for specific DELL hardware.
Regards,
Kostas
--
Kostas Zorbadelos
twitter:@kzorbadelos http
Kostas Zorbadelos writes:
I want to thank anyone who contributed info both on and off-list.
Regards,
Kostas
--
Kostas Zorbadelos
twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba
an article on Undeadly, or when they
have the time and interest :)
Thanks,
Kostas
--
Kostas Zorbadelos
twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba
() www.asciir
n understatement from my behalf. What I have in mind is
more ambitious than just monitoring/alerting. For moniting and graphs, our
cacti/nagios solution will do just fine. But storing and analysing DNS
query data is a whole different story...
Regards,
Kostas
--
Kostas
ld you consider Java support on OpenBSD "production quality"? Seems
irrelevant but we might utilize some Java tools for
measurement/statistics
Thanks for the very good and hard work on the system.
I would be interested to hear any thoughts even off-list.
Regards,
On Monday 15 December 2008 02:41:59 Owain Ainsworth wrote:
> On Thu, Dec 11, 2008 at 07:52:47PM +0200, Kostas Zorbadelos wrote:
> > Owain Ainsworth wrote:
> >> On Wed, Dec 10, 2008 at 03:21:21PM +0200, Kostas Zorbadelos wrote:
> >>> On Sunday 30 November 2008 04:02:33
Owain Ainsworth wrote:
On Wed, Dec 10, 2008 at 03:21:21PM +0200, Kostas Zorbadelos wrote:
On Sunday 30 November 2008 04:02:33 Paco Esteban wrote:
On Sat, Nov 29, 2008 at 17:43, Kostas Zorbadelos wrote:
On Tuesday 11 November 2008 22:55:49 Brynet wrote:
I just wanted
On Sunday 30 November 2008 04:02:33 Paco Esteban wrote:
> On Sat, Nov 29, 2008 at 17:43, Kostas Zorbadelos <[EMAIL PROTECTED]> wrote:
> > On Tuesday 11 November 2008 22:55:49 Brynet wrote:
I just wanted to tell you that I opened a bug report for this issue identified
by
system/60
On Tuesday 11 November 2008 22:55:49 Brynet wrote:
> Hi Ed,
>
> I've also seen this behaviour on a OptiPlex GX240, it has a ATI Rage
> 128 Pro TF card, the only solution I've found is to change the depth
> to 16 instead of the default 24.
>
> Just add "DefaultDepth 16" to your Screen section.
>
> I
On Tuesday 19 August 2008 11:29:53 Kostas Zorbadelos wrote:
Just an update about this.
In a 4.4 OpenBSD snapshot (the one of 10 Sep) the Xorg font problem is
resolved. I can now clearly see both anti-aliased and standard (bitmap) X
fonts.
Kostas
> Hello to everyone.
>
> This is my f
On Tuesday 19 August 2008 22:32:34 Nick Guenther wrote:
> On Tue, Aug 19, 2008 at 5:05 AM, Kostas Zorbadelos <[EMAIL PROTECTED]> wrote:
> > On Tuesday 19 August 2008 11:58:34 Karl Sjodahl - dunceor wrote:
> >> On Tue, Aug 19, 2008 at 10:29 AM, Kostas Zorbadelos <[EMAI
On Tuesday 19 August 2008 11:58:34 Karl Sjodahl - dunceor wrote:
> On Tue, Aug 19, 2008 at 10:29 AM, Kostas Zorbadelos <[EMAIL PROTECTED]>
wrote:
> > Hello to everyone.
> >
> > This is my first post here and I should be considered a "new user" in
> > Ope
On Tuesday 19 August 2008 11:58:34 Karl Sjodahl - dunceor wrote:
> On Tue, Aug 19, 2008 at 10:29 AM, Kostas Zorbadelos <[EMAIL PROTECTED]>
wrote:
> > Hello to everyone.
> >
> > This is my first post here and I should be considered a "new user" in
> > Ope
le (pretty much the one generated by X -configure
with few additions). Another hint is that if I connect the laptop to an
external monitor (using the mini DVI-to-DVI connector of Apple) I can see the
fonts just fine. If you need any other input please let me know.
Thanks in advance,
KOstas Zor
50 matches
Mail list logo
