Maintained by: NLnet Labs

[Unbound-users] Resolving Timeouts/Issues

W.C.A. Wijngaards
Wed Oct 8 16:16:13 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Dave,

Ok, the 100s of repeats is because you are running at high verbosity;
and after each query it prints the full requestlist. (it is servicing
100s of other queries). I conclude this is an excerpt of the logfile,
which is probably huge.

The entry:
345RDd mod1 rep <fox.com. A IN>
means:
it was number 345 in the requestlist. This is RD (recursion desired by
client) and 'd' detached (no parent queries). mod1 is the iterator by
default. rep there is a user waiting for reply.

It takes a long time then, and it is:
339RDdc mod1 rep <fox.com. A IN>
the added c means that it has child states.  This means that the fox.com
query is waiting for other queries.  Usually, these are deeper queries
for nameserver addresses.

The only reason it would query for additional nameservers in this manner
is when the current one is not responding.

Sorry for the rambling, I think these timeouts are caused by not having
enough file descriptor space ; it can not keep up and the queue grows
very long, try
	outgoing-range: 900
	outgoing-num-tcp: 30
	incoming-num-tcp: 30

Best regards,
   Wouter

Dave Ellis wrote:
> Hello!
>  
> I'm looking at using unbound as a replacement for Bind9 for our
> datacenters caching nameservers. Bind is overly bloated and complex for
> something as simple as providing a DNS resolver for our customers. So
> far unbound seems streamlined and fast, I like it.
>  
> Earlier this morning, I actually implemented unbound on one of our
> lesser used caching nameservers in order to try it out under some actual
> load. I came across a problem and hopefully you all can give me a hand
> with it. Here is a snippit of the some applicable logs.
>  
> [1223447403] unbound[4318:0] info: validator operate: query <fox.com. A IN>
> [1223447403] unbound[4318:0] info: resolving <fox.com. A IN>
> [1223447403] unbound[4318:0] info: resolving (init part 2):  <fox.com. A IN>
> [1223447403] unbound[4318:0] info: resolving (init part 3):  <fox.com. A IN>
> [1223447403] unbound[4318:0] info: processQueryTargets: <fox.com. A IN>
> [1223447403] unbound[4318:0] info: sending query: <fox.com. A IN>
> [1223447403] unbound[4318:0] info: 345RDd mod1 rep <fox.com. A IN>
> [1223447403] unbound[4318:0] info: 345RDd mod1 rep <fox.com. A IN>
> [1223447403] unbound[4318:0] info: 345RDd mod1 rep <fox.com. A IN>
> [1223447403] unbound[4318:0] info: 345RDd mod1 rep <fox.com. A IN>
> [1223447403] unbound[4318:0] info: 345RDd mod1 rep <fox.com. A IN>
> ...insert 100's of repeats of this log entry...
> [1223447441] unbound[4318:0] info: 339RDdc mod1 rep <fox.com. A IN>
> [1223447441] unbound[4318:0] info: 339RDdc mod1 rep <fox.com. A IN>
> [1223447441] unbound[4318:0] info: 339RDdc mod1 rep <fox.com. A IN>
> [1223447441] unbound[4318:0] info: 339RDdc mod1 rep <fox.com. A IN>
> [1223447441] unbound[4318:0] info: 339RDdc mod1 rep <fox.com. A IN>
> [1223447441] unbound[4318:0] info: iterator operate: query <fox.com. A IN>
> [1223447441] unbound[4318:0] info: scrub for <fox.com. NS IN>
> [1223447441] unbound[4318:0] info: response for <fox.com. A IN>
> [1223447441] unbound[4318:0] info: reply from <fox.com.> 212.187.244.39#53
> ;; fox.com. IN A
> fox.com. 600 IN A 69.10.20.100
> [1223447441] unbound[4318:0] info: finishing processing for <fox.com. A IN>
> [1223447441] unbound[4318:0] info: validator operate: query <fox.com. A IN>
> After 4-5 queries and timeouts with nslookup/dig I eventually get the
> response shown above. Any ideas? Something wrong with my config?
>  
> Thanks!
>  
> Config:
>  
> cache-ns6:/usr/local/etc/unbound# cat unbound.conf 
>        server:
>  directory: "/usr/local/etc/unbound"
>  username: unbound  
>  chroot: "/usr/local/etc/unbound"
>  logfile: "/usr/local/etc/unbound/unbound.log"
>  pidfile: "/usr/local/etc/unbound/unbound.pid"
>  interface: 0.0.0.0
>  access-control: 0.0.0.0/0 allow
>  root-hints: "/usr/local/etc/unbound/named.cache"
>  do-ip6: no
>  outgoing-num-tcp: 100
>  incoming-num-tcp: 100
>  msg-cache-size: 1500m
>  msg-cache-slabs: 8
>  statistics-interval: 30
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjswK0ACgkQkDLqNwOhpPh9dACdEuQQjZtg5vqQNbBHuA/KLIZp
hcwAoLg20ZT9cd2ZFV3u9Mp1CKo6Pf9c
=lRKQ
-----END PGP SIGNATURE-----