Maintained by: NLnet Labs

[Unbound-users] Unbound stops answering after ADSL-line bounce

W.C.A. Wijngaards
Tue Jan 24 17:06:04 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

Nice that the performance looks good :-)

If you are running unbound under windows, there are some things to be
aware of.  On windows, unbound has reduced capacity because it cannot
open a lot (thousands) of file descriptors.  Windows simply lacks an
API that makes this possible, unless you spawn thousands of threads or
something similar.  So, if the performance you see is based on
recursion, then using Linux (or FreeBSD) on a similar box should have
more capacity (you can configure unbound to have extra capacity).  If
the performance you see is based on cache-responses, then the move to
Linux makes less of a difference.  With capacity I mean recursing a
lot of user queries at the same time, with thousands of sockets open.

The capacity on windows today is more relevant to small workgroups or
desktop environments.  With some code changes it could be improved,
e.g. with polling behaviour the number of sockets can be increased to
very large numbers.  Today unbound sleeps the process nicely when not
busy in WSAWaitForMultipleEvents.

The easiest way today to get more capacity on windows, by the way, is
to increase the number of workers (num-thread) to 4 (or so).

You note unbound was down for a lengthy time, can you upgrade or if
this was a recent version get me more details?  It should really fully
recover after 15 minutes from anything, I believe.

Best regards,
   Wouter

On 01/23/2012 07:40 PM, Paul Taylor wrote:
> Wouter,
> 
> 
> 
> Hi – I’m the DAP user that JP mentioned.
> 
> 
> 
> As a side note, I’m extremely impressed with the performance of 
> Unbound.  We are looking at using Unbound at my job and have been
> doing a bit of testing.  Using ResPerf to stress test with a
> cleared cache resulted in a peak of about 23,500 queries per second
> with Unbound doing DNSSEC.  This was on a Dell 2850 server with two
> dual core Xeon’s running at 2.8 Ghz under Ubuntu 12.04 alpha.  We
> also tested Unbound with DNSSEC disabled and got over 35,000
> queries per second.  A 3^rd party Windows DNS server (not
> performing DNSSEC validation) peaked at around 1250 queries per
> second under Windows 2003 on similar hardware.
> 
> 
> 
> Back to my home issue, though.  The first time I experienced this
> issue, my internet connection had gone down for about an hour
> around 2 AM.  It was about 7AM before I noticed the problem (sleep
> has to happen sometime).  I restarting Unbound, and it recovered.
> 
> 
> 
> The 2^nd time this happened, I had about 3 bounces in about 10
> minutes during the afternoon.  I believe each bounce took a minute
> or so to recover  I was at work at the time and my wife and kids
> couldn’t get anywhere on the Internet.  I got home a few hours
> later and DNS resolution was not working until I restarted
> Unbound.
> 
> 
> 
> So, in these two cases I’ve had outages of various lengths, but
> hours have passed without DNS resolution working.
> 
> 
> 
> Since most people using Unbound are probably using it for the
> DNSSEC capability, perhaps my configuration has to do with the
> issue I’m having recovering?  In my environment, Unbound isn’t
> configured to go direct, but rather forward to various DNS servers.
> I have about 10-12 domains (mostly CDNs) that I’m forwarding to my
> ISP’s DNS servers so I get DNS replies directing me to close
> servers.  Theoretically, this should help me have a better
> experience with Netflix at home.  After the forwarder definitions
> for all the CDNs, I have a forwarder defined for “.” to send 
> everything else to OpenDNS.  This is to help keep my family from
> getting to websites I don’t want little eyes to run across.
> 
> 
> 
> Is it possible that with this type of config that it might cause
> Unbound to recover differently?
> 
> 
> 
> Thanks,
> 
> Paul
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPHtbsAAoJEJ9vHC1+BF+N6msP/A9JPPPEXONq6ydJcXO96fYS
lo65RK8CKe6aalmDIHjQcYyBXh0ge/j1cEs/RZv282yB9QeEEX3azwnAsF1zeaO0
xroqFKJRH9GA9RYnTJpzyOWV2JCH0krWMxSBKnwA6MKAhQwFr8OTSjH1X4KnZ8HZ
0QDotn6G+6vntK8Ar0tA7LEvuHw6IGFW65prRpJfD0SrjMDcOIULTDVWh+rAxhjp
Zxkuo22ZUTxzddNxoKy6LyeE0jvyjNaXNkSNTBLDyWfpdZfibfvSj3CYQ2FAy1mA
q3ucrvXr3OQdovdz8nybN5K86ysJqHr63ZaG9hnJIEadYcta6ZEnxtc2NmWuvTcE
jJR5NybwCZrclx7U7alT3i4Djo3CkqWKMKRj0L+2tpN3bFOjWWmuj9gOxJrqpVKx
pj9QbIGpTS6ew+AhFWKLtTj/+xnphxj7tI9hFpNZWCPd3W+lij/KQptGSE8+L+zs
ZfdSUGWhpEk9VE9famS1FrUuINU8jS05VbaBFLXziXQcWF2x/j+hGsd8DzxQR0GC
/oRVQBQAi6u237HdnKurFVLQlovJJcjcKKsrc56bpMead+scQa7z1c+DkfVXLT93
E5b0mnIWroBs2zwQGpDoIOEvUq9kuc5JIt+KTowS/oae89CqnZIqJB6TLR/hCy3T
RvD0TmFTQqTj+GNudTEN
=OZta
-----END PGP SIGNATURE-----