[dnsdist] [Pdns-users] dnsdist drops packet

Federico Olivieri lvrfrc87 at gmail.com
Mon Jan 4 23:21:43 UTC 2016


That is useful! Thanks for that!

Federico
On 4 Jan 2016 23:13, "bert hubert" <bert.hubert at powerdns.com> wrote:

> On Mon, Jan 04, 2016 at 11:04:12PM +0000, Federico Olivieri wrote:
> > Hi,
> >
> > Just a question from my side. There is any way to understand, from the
> > total count of packet dropped, how many packets have been dropped for
> > SERVFAIL?
>
> Hi Federico,
>
> We don't drop queries for servfail. We just pass it along. However, with
> the
> following, you can get stats:
>
> topResponses(10, 2)
>
> This shows the top-10 servfail responses.
>
> If you look with dumpStats():
> acl-drops                         0    latency1-10                        0
> block-filter                      0    latency10-50                       0
> cpu-sys-msec                     14    latency100-1000                    0
> cpu-user-msec                    19    latency50-100                      0
> downstream-send-errors            0    no-policy                          0
> downstream-timeouts               0    noncompliant-queries               0
> dyn-block-nmg-size                0    queries                            7
> dyn-blocked                       0    rdqueries                          7
> fd-usage                         15    real-memory-usage            7151616
> latency-avg100                   22.0  responses                          5
> latency-avg1000                   2.2  rule-drop                          0
> latency-avg10000                  0.2  rule-nxdomain                      0
> latency-avg1000000                0.0  self-answered                      0
> latency-slow                      0    servfail-responses                 5
> latency0-1                        5    trunc-failures                     0
>                                        uptime                           101
>
> You see 'servfail-responses' counted. The downstream-timeouts metric does
> eventually get updated, I just wrote a change that makes this metric react
> more quickly.
>
>         Bert
>
>
>
> >
> > Thank You
> >
> > Federico
> >
> > 2016-01-04 18:14 GMT+00:00 bert hubert <bert.hubert at powerdns.com>:
> >
> > > On Sat, Dec 19, 2015 at 04:34:11PM +0100, bert hubert wrote:
> > > > Could be, we have the infrastructure to give insight into that but we
> > > don't
> > > > make it easy yet:
> > >
> > > Hi AleŇ°,
> > >
> > > As of right now (the packages that are building now), you can do:
> > >
> > > grepq("3000ms")
> > >
> > > And get all timeouts. It also shows you which downstream caused the
> > > timeout.
> > >
> > > > grepq("3000ms")
> > > Time    Client                                          Server       ID
> > > Name                      Type  Lat.   TC RD AA Rcode
> > > -67.0   127.0.0.1:44898                                 8.8.4.4:53
> > >  1853  ds9a.com.                 A     3433.1    RD    No Error. 1
> answers
> > > -54.5   127.0.0.1:41892                                 8.8.4.4:53
> > >  32463 ezdns.it.                 A     T.O             No Error. 0
> answers
> > > -49.3   127.0.0.1:41892                                 8.8.4.4:53
> > >  32463 ezdns.it.                 A     T.O             No Error. 0
> answers
> > > -44.2   127.0.0.1:41892                                 8.8.4.4:53
> > >  32463 ezdns.it.                 A     T.O             No Error. 0
> answers
> > >
> > > Or use topSlow():
> > > > topSlow()
> > >    1  ezdns.it.                                   3 75.0%
> > >    2  ds9a.com.                                   1 25.0%
> > >    3  Rest                                        0  0.0%
> > >
> > > You can also do topSlow(10, 4000) to get everything slower than 4000
> > > milliseconds, or even topSlow(10, 4000, 1) which will group everything
> by
> > > tld.
> > >
> > > Can you let us know if this is what you need?
> > >
> > >         Bert
> > >
> > >
> > > >
> > > > > grepq(".")
> > > > Time    Client                                          ID    Name
> > >                 Type  Lat. TC RD AA Rcode
> > > > -25.0   127.0.0.1:59117                                 13086
> ds9a.nl.
> > >                 A             RD    Question
> > > > -21.2   127.0.0.1:59117                                 0
> ds9a.nl.
> > >                 A     0.0           No Error. 0 answers
> > > > -20.0   127.0.0.1:59117                                 13086
> ds9a.nl.
> > >                 A             RD    Question
> > > > -16.2   127.0.0.1:59117                                 0
> ds9a.nl.
> > >                 A     0.0           No Error. 0 answers
> > > > -15.0   127.0.0.1:59117                                 13086
> ds9a.nl.
> > >                 A             RD    Question
> > > > -11.2   127.0.0.1:59117                                 0
> ds9a.nl.
> > >                 A     0.0           No Error. 0 answers
> > > >
> > > > This "knows" about timeouts to backends, but we don't make it easy to
> > > "grep" for them.
> > > >
> > > > Will add this as a feature.
> > > >
> > > >       Bert
> > > >
> > > > >
> > > > > Regards
> > > > > Ales
> > > > >
> > > > >
> > > > > On Saturday 19 of December 2015 13:20:35 Federico Olivieri wrote:
> > > > > > Hi guys,
> > > > > >
> > > > > > Nobody has any clue for this? I woukd try to understand why
> dnsdist
> > > shows
> > > > > > some dropped packets. There is any debug that can help me to
> > > understand why
> > > > > > it os happen?
> > > > > >
> > > > > > Thanks and Merry Christmas!!!
> > > > > >
> > > > > > Federico
> > > > > >
> > > > > > On 18 Dec 2015 14:22, "Federico Olivieri" <lvrfrc87 at gmail.com>
> > > wrote:
> > > > > > > Hi all,
> > > > > > >
> > > > > > > I have a raspberry that is running dnsdist with this
> configuration:
> > > > > > >
> > > > > > > newServer{address="192.168.0.3:53"}
> > > > > > > newServer{address="127.0.0.1:5300", pool="abuse"}
> > > > > > > addPoolRule({"wpad.domain.name"}, "abuse")
> > > > > > > webserver("192.168.0.2:8083", "supersecret")
> > > > > > > addACL("0.0.0.0/0")
> > > > > > > addACL("::/0")
> > > > > > > carbonServer('37.252.122.50', 'raspi-836', 30)
> > > > > > >
> > > > > > > I don't know why, but on webserver I can see some packets
> dropped
> > > from the
> > > > > > > primary server and I don't understand the reason why. There is
> not
> > > any
> > > > > > > queries rate for that server
> > > > > > >
> > > > > > >
> > >
> #NameAddressStatusQueriesDropsQPSOutWeightOrderPools0192.168.0.3:53up24108
> > > > > > > 6720111127.0.0.1:5300up10100011abuse
> > > > > > >
> > > > > > > Do you have any idea why there are some dropped packets?
> > > > > > >
> > > > > > > Also, I added this line of conf. I could see the queries to
> goolge
> > > but I
> > > > > > > could see also the queries to a.root server. Seems that the
> > > command does
> > > > > > > not overwrite the default one. Is it the aspect  behaviour?
> > > > > > >
> > > > > > > newServer {address="192.168.0.3", checkType="A",
> > > > > > > checkName="www.google.com.", mustResolve=true}
> > > > > > >
> > > > > > > Last question: I added the carbon server. I can see the server
> on
> > > > > > > https://metronome1.powerdns.com/ but no one graph is plotted
> > > > > > >
> > > > > > > Thank you for your time.
> > > > > > >
> > > > > > > BTW, dnsdist seems very useful and powerful!!!
> > > > > > >
> > > > > > > Federico
> > > > >
> > > >
> > > > > _______________________________________________
> > > > > Pdns-users mailing list
> > > > > Pdns-users at mailman.powerdns.com
> > > > > http://mailman.powerdns.com/mailman/listinfo/pdns-users
> > > >
> > > >
> > > > _______________________________________________
> > > > dnsdist mailing list
> > > > dnsdist at mailman.powerdns.com
> > > > http://mailman.powerdns.com/mailman/listinfo/dnsdist
> > >
> > > _______________________________________________
> > > dnsdist mailing list
> > > dnsdist at mailman.powerdns.com
> > > http://mailman.powerdns.com/mailman/listinfo/dnsdist
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20160104/c122d6ba/attachment.html>


More information about the dnsdist mailing list