[dnsdist] Drops in dnsdist showServer stats
Kai Storbeck
kai at xs4all.net
Tue Aug 28 07:43:31 UTC 2018
Hello Frank,
On 27/08/18 21:27, Frank Even wrote:
> I know this topic has come up a few times but I can't seem to find
> much in the way of clear information on exactly what dnsdist
> classifies as a "Drop." I've got an instance running to a local
> nameserver and I have a number of drops that I don't necessarily feel
> I should have considering it's a local nameserver. I'm also starting
> to get reports that some people are having trouble on occasion
> resolving some things that magically start working again. I'm trying
> to figure out if the site is having a general issue, if it's a client
> issue, or if there is some weird disconnect from DNSDIST to the local
> named instance.
>
As far as I know, dnsdist does not do a complete validation of dns
packets, so any invalid combination that would make the backend drop a
packet would be considered a drop by dnsdist.
Further, we run pdns_recursor on localhost at XS4ALL on linux, and we've
had to give more buffers for udp sockets:
> resolver:~ # sysctl -a|grep net.core.[rw]mem
> net.core.rmem_default = 6815744
> net.core.rmem_max = 16777216
> net.core.wmem_default = 6815744
> net.core.wmem_max = 16777216
For debugging drops on your server, have a look this perl script:
https://gist.github.com/giganteous/daa416a4498d7940dac31acb27b78b4d
It assumes you're running the DNS processes on port 53 and 5300, you
might need to adjust it if you're running on different ports.
Regards
Kai
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20180828/9f82b362/attachment.sig>
More information about the dnsdist
mailing list