[dnsdist] [Pdns-users] dnsdist drops packet
Federico Olivieri
lvrfrc87 at gmail.com
Mon Jan 4 23:21:43 UTC 2016
That is useful! Thanks for that!
Federico
On 4 Jan 2016 23:13, "bert hubert" <bert.hubert at powerdns.com> wrote:
> On Mon, Jan 04, 2016 at 11:04:12PM +0000, Federico Olivieri wrote:
> > Hi,
> >
> > Just a question from my side. There is any way to understand, from the
> > total count of packet dropped, how many packets have been dropped for
> > SERVFAIL?
>
> Hi Federico,
>
> We don't drop queries for servfail. We just pass it along. However, with
> the
> following, you can get stats:
>
> topResponses(10, 2)
>
> This shows the top-10 servfail responses.
>
> If you look with dumpStats():
> acl-drops 0 latency1-10 0
> block-filter 0 latency10-50 0
> cpu-sys-msec 14 latency100-1000 0
> cpu-user-msec 19 latency50-100 0
> downstream-send-errors 0 no-policy 0
> downstream-timeouts 0 noncompliant-queries 0
> dyn-block-nmg-size 0 queries 7
> dyn-blocked 0 rdqueries 7
> fd-usage 15 real-memory-usage 7151616
> latency-avg100 22.0 responses 5
> latency-avg1000 2.2 rule-drop 0
> latency-avg10000 0.2 rule-nxdomain 0
> latency-avg1000000 0.0 self-answered 0
> latency-slow 0 servfail-responses 5
> latency0-1 5 trunc-failures 0
> uptime 101
>
> You see 'servfail-responses' counted. The downstream-timeouts metric does
> eventually get updated, I just wrote a change that makes this metric react
> more quickly.
>
> Bert
>
>
>
> >
> > Thank You
> >
> > Federico
> >
> > 2016-01-04 18:14 GMT+00:00 bert hubert <bert.hubert at powerdns.com>:
> >
> > > On Sat, Dec 19, 2015 at 04:34:11PM +0100, bert hubert wrote:
> > > > Could be, we have the infrastructure to give insight into that but we
> > > don't
> > > > make it easy yet:
> > >
> > > Hi Aleš,
> > >
> > > As of right now (the packages that are building now), you can do:
> > >
> > > grepq("3000ms")
> > >
> > > And get all timeouts. It also shows you which downstream caused the
> > > timeout.
> > >
> > > > grepq("3000ms")
> > > Time Client Server ID
> > > Name Type Lat. TC RD AA Rcode
> > > -67.0 127.0.0.1:44898 8.8.4.4:53
> > > 1853 ds9a.com. A 3433.1 RD No Error. 1
> answers
> > > -54.5 127.0.0.1:41892 8.8.4.4:53
> > > 32463 ezdns.it. A T.O No Error. 0
> answers
> > > -49.3 127.0.0.1:41892 8.8.4.4:53
> > > 32463 ezdns.it. A T.O No Error. 0
> answers
> > > -44.2 127.0.0.1:41892 8.8.4.4:53
> > > 32463 ezdns.it. A T.O No Error. 0
> answers
> > >
> > > Or use topSlow():
> > > > topSlow()
> > > 1 ezdns.it. 3 75.0%
> > > 2 ds9a.com. 1 25.0%
> > > 3 Rest 0 0.0%
> > >
> > > You can also do topSlow(10, 4000) to get everything slower than 4000
> > > milliseconds, or even topSlow(10, 4000, 1) which will group everything
> by
> > > tld.
> > >
> > > Can you let us know if this is what you need?
> > >
> > > Bert
> > >
> > >
> > > >
> > > > > grepq(".")
> > > > Time Client ID Name
> > > Type Lat. TC RD AA Rcode
> > > > -25.0 127.0.0.1:59117 13086
> ds9a.nl.
> > > A RD Question
> > > > -21.2 127.0.0.1:59117 0
> ds9a.nl.
> > > A 0.0 No Error. 0 answers
> > > > -20.0 127.0.0.1:59117 13086
> ds9a.nl.
> > > A RD Question
> > > > -16.2 127.0.0.1:59117 0
> ds9a.nl.
> > > A 0.0 No Error. 0 answers
> > > > -15.0 127.0.0.1:59117 13086
> ds9a.nl.
> > > A RD Question
> > > > -11.2 127.0.0.1:59117 0
> ds9a.nl.
> > > A 0.0 No Error. 0 answers
> > > >
> > > > This "knows" about timeouts to backends, but we don't make it easy to
> > > "grep" for them.
> > > >
> > > > Will add this as a feature.
> > > >
> > > > Bert
> > > >
> > > > >
> > > > > Regards
> > > > > Ales
> > > > >
> > > > >
> > > > > On Saturday 19 of December 2015 13:20:35 Federico Olivieri wrote:
> > > > > > Hi guys,
> > > > > >
> > > > > > Nobody has any clue for this? I woukd try to understand why
> dnsdist
> > > shows
> > > > > > some dropped packets. There is any debug that can help me to
> > > understand why
> > > > > > it os happen?
> > > > > >
> > > > > > Thanks and Merry Christmas!!!
> > > > > >
> > > > > > Federico
> > > > > >
> > > > > > On 18 Dec 2015 14:22, "Federico Olivieri" <lvrfrc87 at gmail.com>
> > > wrote:
> > > > > > > Hi all,
> > > > > > >
> > > > > > > I have a raspberry that is running dnsdist with this
> configuration:
> > > > > > >
> > > > > > > newServer{address="192.168.0.3:53"}
> > > > > > > newServer{address="127.0.0.1:5300", pool="abuse"}
> > > > > > > addPoolRule({"wpad.domain.name"}, "abuse")
> > > > > > > webserver("192.168.0.2:8083", "supersecret")
> > > > > > > addACL("0.0.0.0/0")
> > > > > > > addACL("::/0")
> > > > > > > carbonServer('37.252.122.50', 'raspi-836', 30)
> > > > > > >
> > > > > > > I don't know why, but on webserver I can see some packets
> dropped
> > > from the
> > > > > > > primary server and I don't understand the reason why. There is
> not
> > > any
> > > > > > > queries rate for that server
> > > > > > >
> > > > > > >
> > >
> #NameAddressStatusQueriesDropsQPSOutWeightOrderPools0192.168.0.3:53up24108
> > > > > > > 6720111127.0.0.1:5300up10100011abuse
> > > > > > >
> > > > > > > Do you have any idea why there are some dropped packets?
> > > > > > >
> > > > > > > Also, I added this line of conf. I could see the queries to
> goolge
> > > but I
> > > > > > > could see also the queries to a.root server. Seems that the
> > > command does
> > > > > > > not overwrite the default one. Is it the aspect behaviour?
> > > > > > >
> > > > > > > newServer {address="192.168.0.3", checkType="A",
> > > > > > > checkName="www.google.com.", mustResolve=true}
> > > > > > >
> > > > > > > Last question: I added the carbon server. I can see the server
> on
> > > > > > > https://metronome1.powerdns.com/ but no one graph is plotted
> > > > > > >
> > > > > > > Thank you for your time.
> > > > > > >
> > > > > > > BTW, dnsdist seems very useful and powerful!!!
> > > > > > >
> > > > > > > Federico
> > > > >
> > > >
> > > > > _______________________________________________
> > > > > Pdns-users mailing list
> > > > > Pdns-users at mailman.powerdns.com
> > > > > http://mailman.powerdns.com/mailman/listinfo/pdns-users
> > > >
> > > >
> > > > _______________________________________________
> > > > dnsdist mailing list
> > > > dnsdist at mailman.powerdns.com
> > > > http://mailman.powerdns.com/mailman/listinfo/dnsdist
> > >
> > > _______________________________________________
> > > dnsdist mailing list
> > > dnsdist at mailman.powerdns.com
> > > http://mailman.powerdns.com/mailman/listinfo/dnsdist
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20160104/c122d6ba/attachment.html>
More information about the dnsdist
mailing list