Maintained by: NLnet Labs

[Unbound-users] No answers from unbound occasionally

W.C.A. Wijngaards
Wed Jun 3 11:02:34 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Attila,

Attila Nagy wrote:
>>> Are those replies from authority servers? That arrive just after unbound
>>> times out and closes the socket?
>>>   
>> I'm not sure I understand this correctly. What we do is the following:
> During trying to figuring out why does the "dropped due to no socket"
> counter grows, I turned on net.inet.udp.log_in_vain, which logs what
> connections couldn't find a socket.
> And I quickly understood the above. :)
> Yes, they are the answers from authoritative servers.

Ok.

> I don't know how long unbound waits for an answer, but I see about 10-30
> lines per second per server from this. Do you think it's normal? (there
> are about 4k qps currently)

Well, unbound normally sets its smoothed roundtrip time timeout that it
calculated as the time out, and when that timer expires, it closes the
socket.  It can then re-use the socket to open another (random) port to
send the next query on.  This next query could well be the retry for the
just failed one, with exponential backoff on the timer.

So, it is normal that some authority servers are slow.  Thus produce
timeouts.  20 / 4000 is 0.5% of cases for you, this looks very
reasonable to me.

> May 30 14:25:21 ns Connection attempt to UDP m.y.i.p:42849 from
> 193.230.161.4:53
> May 30 14:25:21 ns Connection attempt to UDP m.y.i.p:29188 from
> 202.103.224.70:53
> May 30 14:25:21 ns Connection attempt to UDP m.y.i.p:6351 from
> 202.67.10.90:53
> May 30 14:25:21 ns Connection attempt to UDP m.y.i.p:10611 from
> 202.67.10.90:53
> 
> Thanks,

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkomPCoACgkQkDLqNwOhpPi+UACeJaa3HY98tRilgwJu95a62Cv5
U9cAnR3M0JZUsXGbpz94m7nNEZVSpikR
=TxzT
-----END PGP SIGNATURE-----