Maintained by: NLnet Labs

[Unbound-users] Unbound optimal settings.

Simon-Bernard Drolet
Fri Sep 4 01:40:14 CEST 2009


Hi all,

We've been running Unbound in production for some months now.

Currently, I have 1.3.1 runing, getting ready to update to 1.3.3. We 
have three server in prod, each with one unbound running (2 thread each) 
in a zone. When we removed one server, we've started to have some 
problems. When I decided to stop one more server, leaving only one 
running, we had major dns problems. We have a lot of systems, we're 
doing web serving...

Here is how I compile unbound on Solaris 10 x86 5/09 with Sun Studio 12u1...

  export CC=cc
  ./configure \
    --prefix=/opt/unbound \
    --libexecdir=/opt/unbound/lib \
    --sysconfdir=/var/unbound/etc \
    --sharedstatedir=/var/unbound \
    --localstatedir=/var/unbound \
    --with-conf-file=/var/unbound/etc/unbound.conf \
    --with-run-dir=/var/unbound \
    --with-chroot-dir=/var/unbound \
    --with-pidfile=/var/unbound/run/unbound.pid \
    --with-username=nobody \
    --without-pthreads \
    --without-solaris-threads \
    --with-ldns=../ldns-1.6.1

As per the unbound optimize page says. So basically, I'm using the 
Forked operation...

The systems I have are Sun X4100 with a dual opteron :
# psrinfo -pv
The physical processor has 1 virtual processor (0)
  x86 (AuthenticAMD family 15 model 37 step 1 clock 2792 MHz)
    AMD Opteron(tm) Processor 254
The physical processor has 1 virtual processor (1)
  x86 (AuthenticAMD family 15 model 37 step 1 clock 2792 MHz)
    AMD Opteron(tm) Processor 254

and

# prtconf
System Configuration:  Sun Microsystems  i86pc
Memory size: 8064 Megabytes

So the question. What would be the optimal setup/configuration ?

This is currently what I'm using.

       do-ip6: no
        hide-identity: yes
        hide-version: yes
        infra-cache-slabs: 2
        interface: 0.0.0.0
        key-cache-slabs: 2
        msg-cache-size: 256m
        msg-cache-slabs: 2
        num-queries-per-thread: 950
        num-threads: 2
        outgoing-range: 950
        rrset-cache-size: 512m
        statistics-interval: 3600
        verbosity: 1
        access-control: 0.0.0.0/0 refuse
        access-control: 10.0.0.0/8 allow
        access-control: 127.0.0.0/8 allow
        access-control: 172.16.0.0/14 allow
        access-control: 192.168.0.0/16 allow

Base on what I understand, each of my Unbound server can serve 2x950 
request each at the same time, right ?

Each of my dns servers are only running Unbound and nsd, ther are strip 
down. How can I increase drastically the number of request one server 
can process ?

The systems are mostly idle... and almost 4 Gb of ram is never being used.

Thank's.

-- 
Simon-Bernard Drolet, SPecialiste X Inc., 514.247.6741.
SBDrolet<at>gmail(dot)com, Sun Solaris Contractor
Certified Sun Technical Instructor, Sun Certified System Admin (2.5,7,8,9,10),
Network Admin (2.5,7,8,9,10) and Security Admin for Solaris 9 and 10.