Maintained by: NLnet Labs

[Unbound-users] Unbound 1.5.1 release

Larry Havemann
Wed Dec 10 00:57:52 CET 2014


Hi Wouter,

I have 2 servers behind a VIP each receiving about 120k queries per
second.  One server is running 1.4.22 and is reporting
"total.recursion.time.avg=1.901364".  The second server I upgraded this
morning to 1.5.1 and is reporting "total.recursion.time.avg=4.192130".
Both version were built with the same options(--with-libevent
--with-pthreads) on the same build host.  Is there a reason the new version
is about 2 seconds slower than the last stable release?

Thanks,
Larry

Config is the same on both servers:
server:
    verbosity: 1
    interface: 0.0.0.0
    interface: ::/0
    interface-automatic: yes
    do-ip4: yes
    do-ip6: yes
    do-udp: yes
    do-tcp: yes
    do-daemonize: yes
    prefetch: yes

    num-threads: 22
    num-queries-per-thread: 15360
    statistics-interval: 0
    extended-statistics: yes
    statistics-cumulative: yes
    outgoing-range: 30720

    # slabs
    msg-cache-slabs: 16
    infra-cache-slabs: 16
    key-cache-slabs: 16
    rrset-cache-slabs: 16

    msg-cache-size: 2g
    rrset-cache-size: 4g

    so-rcvbuf: 409m
    so-sndbuf: 409m

    chroot: ""
    logfile: "/var/log/unbound.log"
    use-syslog: yes
    log-time-ascii: yes
    log-queries: no
    module-config: "validator iterator"


-Larry

On Mon, Dec 8, 2014 at 8:04 AM, W.C.A. Wijngaards <wouter at nlnetlabs.nl>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi,
>
> The unbound-1.5.1 release
> http://unbound.net/downloads/unbound-1.5.1.tar.gz
> sha 5606c2246e7394bce88cc4f16edbd6b964237ea2
> sha256 0ff82709fb2bd7ecbde8dbdcf60fa417d2b43379570a3d460193a76a169900ec
>
> This unbound release consists of 1.5.1rc2 patched for CVE-2014-8602.
> The 1.5.1 release date and the cve date conveniently lined up, hence
> the fix is included in the 1.5.1 release.
>
> CVE details: http://unbound.net/downloads/CVE-2014-8602.txt
>
> Best regards,
>    Wouter
>
> On 02/12/14 02:10, Wouter Wijngaards wrote:
> > Hi,
> >
> > This is the unbound-1.5.1rc2 prerelease
> > http://unbound.net/downloads/unbound-1.5.1rc2.tar.gz sha1
> > a8383b37458c8642a08e6cca1b70563143708003 sha256
> > 6f12977d7915db28f7f5dc2f46911c9605e3e2f6c8d0eaa91e1ce7a81f0819ef
> >
> > Also http://unbound.net/downloads/unbound_setup_1.5.1rc2.exe and
> > http://unbound.net/downloads/unbound-1.5.1rc2.zip for windows
> >
> > This RC2 release fixes Linux build errors.  It is otherwise
> > identical to the 1.5.1rc1.
> >
> > - Fix makefile for build from noexec source tree. - Add include to
> > getentropy_linux.c, hopefully fixing debian build. - Fix bug#632:
> > unbound fails to build on AArch64.
> >
> > Best regards, Wouter
> >
> > On 11/27/2014 09:58 AM, W.C.A. Wijngaards wrote:
> >> Hi,
> >
> >> This is the unbound-1.5.1rc1 prerelease.
> >> http://unbound.net/downloads/unbound-1.5.1rc1.tar.gz sha1
> >> aef2fd7d2410b6fa96b3509dbaf10d15447f7c10 sha256
> >> f188760b74b6ad7eaf403c9a96a546c937f547024df691f7e4eb064c0ebf0d37
> >
> >> Also http://unbound.net/downloads/unbound_setup_1.5.1rc1.exe and
> >>  http://unbound.net/downloads/unbound-1.5.1rc1.zip for windows.
> >
> >> This is the release candidate, and is released for package
> >> maintainers.  Please report port and build issues.
> >
> >> This release has crash fixes on the new randomness code from
> >> 1.5.0. And DNS64 CD flag support.
> >
> >> Features - Patch from Stephanie Lapie that implements
> >> aaaa-filter, added to contrib/aaaa-filter-iterator.patch.
> >
> >> Bug Fixes - Fix that CD flag disables DNS64 processing,
> >> returning the DNSSEC signed AAAA denial. - Fix
> >> compat/getentropy_win.c check if CryptGenRandom works and no
> >> immediate exit on windows. - Fix crash on multiple thread random
> >> usage on systems without arc4random. - Fix log at high verbosity
> >> and memory allocation failure. - Fix libunbound undefined symbol
> >> errors for main. - Patch from Robert Edmonds to build pyunbound
> >> python module differently. No versioninfo, with -shared and
> >> without $(LIBS). - Patch from Robert Edmonds fixes hyphens in
> >> unbound-anchor man page. - Removed 'increased limit open files'
> >> log message that is written to console. It is only written on
> >> verbosity 4 and higher. This keeps system bootup console cleaner.
> >> - Patch from James Raftery, always print stats for rcodes 0..5. -
> >> Fix #627: SSL_CTX_load_verify_locations return code not properly
> >> checked.
> >
> >> Best regards, Wouter
> >> _______________________________________________ Unbound-users
> >> mailing list Unbound-users at unbound.net
> >> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> >
> > _______________________________________________ Unbound-users
> > mailing list Unbound-users at unbound.net
> > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJUhcwiAAoJEJ9vHC1+BF+NW8EQALF6nybt5Nn6znhzb7SPGK4r
> 7N7palmXmWccDVXfPBMvQ9mpTA3wbxnSKi6IyV/B632lmnSib9v0Qlu4iScz0mES
> dxSgMLuzLaklIDZ1K+vcgvEhOuYRQYIy2mgo217W/DpPCBwICFEWMM4Y/XIgGvNv
> OGe9PRdSRiimmHdk76SImbCgfhJBvRlHTAwbClQJWiWtLjbUxvaDcrRpva2xi2K0
> aM2lot0KpWWaQt+kO6LC/l29HkkX0puTYiwxbrPc1xIXG4GjXT2KwwKK7K7Y+7zP
> RFgb0zKEvF0hZgju/JY/fifIIbL04JBKXHX6PdCLUwuDRPH7viNifOcTMFq5d6WU
> 5K/+crw95mkKwwUjAO3IUM9YA6wqepZVdif9eR8idUQOHoVQEAvYRr+tuzseRVDK
> dElMZT8TF6IRWUnjh0fdPRIwYvjjsZP3jIYxa52qBdOyAyTEV+PI4/8e+nj4PMfr
> dJzMW8rcW0DG9j5vwNtnBtOPRmtBEDgk4mo2zvZ/ZP//IWavw14MnccYGMRX4cFX
> zAfeXvThTjHLipEsbe4sMeedXZBVbOlehO33pc+QQYUzhg81FSUEJcZlVFEEVIay
> 0vSULXRduNYFv0v8UKTj5I/earpKGwJSFcGxdnMRgrdKRXRe8QRCWDCsK0Mzf0Uu
> Wy1P2Z9I4VGEvqVaNqez
> =Ulol
> -----END PGP SIGNATURE-----
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20141209/a52232d8/attachment.html>