[dnsdist] [Pdns-users] dnsdist drops packet

bert hubert bert.hubert at powerdns.com
Mon Jan 4 23:13:31 UTC 2016


On Mon, Jan 04, 2016 at 11:04:12PM +0000, Federico Olivieri wrote:
> Hi,
> 
> Just a question from my side. There is any way to understand, from the
> total count of packet dropped, how many packets have been dropped for
> SERVFAIL?

Hi Federico,

We don't drop queries for servfail. We just pass it along. However, with the
following, you can get stats:

topResponses(10, 2)

This shows the top-10 servfail responses.

If you look with dumpStats():
acl-drops              	          0    latency1-10            	          0
block-filter           	          0    latency10-50           	          0
cpu-sys-msec           	         14    latency100-1000        	          0
cpu-user-msec          	         19    latency50-100          	          0
downstream-send-errors 	          0    no-policy              	          0
downstream-timeouts    	          0    noncompliant-queries   	          0
dyn-block-nmg-size     	          0    queries                	          7
dyn-blocked            	          0    rdqueries              	          7
fd-usage               	         15    real-memory-usage      	    7151616
latency-avg100         	         22.0  responses              	          5
latency-avg1000        	          2.2  rule-drop              	          0
latency-avg10000       	          0.2  rule-nxdomain          	          0
latency-avg1000000     	          0.0  self-answered          	          0
latency-slow           	          0    servfail-responses     	          5
latency0-1             	          5    trunc-failures         	          0
                                       uptime                 	        101

You see 'servfail-responses' counted. The downstream-timeouts metric does
eventually get updated, I just wrote a change that makes this metric react
more quickly.

	Bert



> 
> Thank You
> 
> Federico
> 
> 2016-01-04 18:14 GMT+00:00 bert hubert <bert.hubert at powerdns.com>:
> 
> > On Sat, Dec 19, 2015 at 04:34:11PM +0100, bert hubert wrote:
> > > Could be, we have the infrastructure to give insight into that but we
> > don't
> > > make it easy yet:
> >
> > Hi AleŇ°,
> >
> > As of right now (the packages that are building now), you can do:
> >
> > grepq("3000ms")
> >
> > And get all timeouts. It also shows you which downstream caused the
> > timeout.
> >
> > > grepq("3000ms")
> > Time    Client                                          Server       ID
> > Name                      Type  Lat.   TC RD AA Rcode
> > -67.0   127.0.0.1:44898                                 8.8.4.4:53
> >  1853  ds9a.com.                 A     3433.1    RD    No Error. 1 answers
> > -54.5   127.0.0.1:41892                                 8.8.4.4:53
> >  32463 ezdns.it.                 A     T.O             No Error. 0 answers
> > -49.3   127.0.0.1:41892                                 8.8.4.4:53
> >  32463 ezdns.it.                 A     T.O             No Error. 0 answers
> > -44.2   127.0.0.1:41892                                 8.8.4.4:53
> >  32463 ezdns.it.                 A     T.O             No Error. 0 answers
> >
> > Or use topSlow():
> > > topSlow()
> >    1  ezdns.it.                                   3 75.0%
> >    2  ds9a.com.                                   1 25.0%
> >    3  Rest                                        0  0.0%
> >
> > You can also do topSlow(10, 4000) to get everything slower than 4000
> > milliseconds, or even topSlow(10, 4000, 1) which will group everything by
> > tld.
> >
> > Can you let us know if this is what you need?
> >
> >         Bert
> >
> >
> > >
> > > > grepq(".")
> > > Time    Client                                          ID    Name
> >                 Type  Lat. TC RD AA Rcode
> > > -25.0   127.0.0.1:59117                                 13086 ds9a.nl.
> >                 A             RD    Question
> > > -21.2   127.0.0.1:59117                                 0     ds9a.nl.
> >                 A     0.0           No Error. 0 answers
> > > -20.0   127.0.0.1:59117                                 13086 ds9a.nl.
> >                 A             RD    Question
> > > -16.2   127.0.0.1:59117                                 0     ds9a.nl.
> >                 A     0.0           No Error. 0 answers
> > > -15.0   127.0.0.1:59117                                 13086 ds9a.nl.
> >                 A             RD    Question
> > > -11.2   127.0.0.1:59117                                 0     ds9a.nl.
> >                 A     0.0           No Error. 0 answers
> > >
> > > This "knows" about timeouts to backends, but we don't make it easy to
> > "grep" for them.
> > >
> > > Will add this as a feature.
> > >
> > >       Bert
> > >
> > > >
> > > > Regards
> > > > Ales
> > > >
> > > >
> > > > On Saturday 19 of December 2015 13:20:35 Federico Olivieri wrote:
> > > > > Hi guys,
> > > > >
> > > > > Nobody has any clue for this? I woukd try to understand why dnsdist
> > shows
> > > > > some dropped packets. There is any debug that can help me to
> > understand why
> > > > > it os happen?
> > > > >
> > > > > Thanks and Merry Christmas!!!
> > > > >
> > > > > Federico
> > > > >
> > > > > On 18 Dec 2015 14:22, "Federico Olivieri" <lvrfrc87 at gmail.com>
> > wrote:
> > > > > > Hi all,
> > > > > >
> > > > > > I have a raspberry that is running dnsdist with this configuration:
> > > > > >
> > > > > > newServer{address="192.168.0.3:53"}
> > > > > > newServer{address="127.0.0.1:5300", pool="abuse"}
> > > > > > addPoolRule({"wpad.domain.name"}, "abuse")
> > > > > > webserver("192.168.0.2:8083", "supersecret")
> > > > > > addACL("0.0.0.0/0")
> > > > > > addACL("::/0")
> > > > > > carbonServer('37.252.122.50', 'raspi-836', 30)
> > > > > >
> > > > > > I don't know why, but on webserver I can see some packets dropped
> > from the
> > > > > > primary server and I don't understand the reason why. There is not
> > any
> > > > > > queries rate for that server
> > > > > >
> > > > > >
> > #NameAddressStatusQueriesDropsQPSOutWeightOrderPools0192.168.0.3:53up24108
> > > > > > 6720111127.0.0.1:5300up10100011abuse
> > > > > >
> > > > > > Do you have any idea why there are some dropped packets?
> > > > > >
> > > > > > Also, I added this line of conf. I could see the queries to goolge
> > but I
> > > > > > could see also the queries to a.root server. Seems that the
> > command does
> > > > > > not overwrite the default one. Is it the aspect  behaviour?
> > > > > >
> > > > > > newServer {address="192.168.0.3", checkType="A",
> > > > > > checkName="www.google.com.", mustResolve=true}
> > > > > >
> > > > > > Last question: I added the carbon server. I can see the server on
> > > > > > https://metronome1.powerdns.com/ but no one graph is plotted
> > > > > >
> > > > > > Thank you for your time.
> > > > > >
> > > > > > BTW, dnsdist seems very useful and powerful!!!
> > > > > >
> > > > > > Federico
> > > >
> > >
> > > > _______________________________________________
> > > > Pdns-users mailing list
> > > > Pdns-users at mailman.powerdns.com
> > > > http://mailman.powerdns.com/mailman/listinfo/pdns-users
> > >
> > >
> > > _______________________________________________
> > > dnsdist mailing list
> > > dnsdist at mailman.powerdns.com
> > > http://mailman.powerdns.com/mailman/listinfo/dnsdist
> >
> > _______________________________________________
> > dnsdist mailing list
> > dnsdist at mailman.powerdns.com
> > http://mailman.powerdns.com/mailman/listinfo/dnsdist
> >




More information about the dnsdist mailing list