[dnsdist] ACL monitoring / Latency
Daniel Oakes
Daniel.Oakes at voyager.nz
Mon Mar 20 21:54:40 UTC 2017
Hi there,
Just wondering if there's any way of monitoring the ACL Drops at all - I couldn't figure out a way.
We'd just like to see where the ACL drops are coming from in case we've missed some networks - but working well so far.
Also we have high latency to our backend PDNS Recursors and we can't work out why / how - here's a copy of our config below - we're seeing latency of 100+ ms is that normal? For info the 1st two recursors are in the same subnet (sub 1ms) and the other two are 16ms:
Config:
controlSocket("0.0.0.0")
setKey("blarg")
-- Listen
addLocal("0.0.0.0:53")
-- Web Server
webserver("0.0.0.0:80", "notforyou")
-- Fix up truncated replies
truncateTC(true)
-- Set Server Policy
setServerPolicy(whashed)
-- Backend Servers
newServer({address="xx.xx.xx.xx:53", name="recursor1.xxx", weight=10, qps=5000})
newServer({address="xx.xx.xx.xy:53", name="recursor2.xxx", weight=10, qps=5000})
newServer({address="yy.yy.yy.yy:53", name="recursor1.yyy", qps=5000})
newServer({address="yy.yy.yy.yx:53", name="recursor2.yyy", qps=5000})
-- PacketCache
pc = newPacketCache(1000000, 86400, 0, 60, 60)
getPool(""):setCache(pc)
-- Rate Limiting
addDelay(MaxQPSIPRule(100, 32, 48), 100)
--function maintenance()
-- addDynBlocks(exceedQRate(50, 10), "Exceeded query rate", 60)
--end
-- ACL
[https://voyager.nz/images/sig/voyager.jpg]
INTERNET | VOICE | HOSTING | DOMAINS
Daniel Oakes | CTO
DDI:+6437777770 | M:+6421708317
daniel.oakes at voyager.nz<mailto:daniel.oakes at voyager.nz> | voyager.nz<https://voyager.nz>
[https://voyager.nz/images/sig/facebook.png] <https://www.facebook.com/voyagernz> [https://voyager.nz/images/sig/twitter.png] <https://twitter.com/voyagernz>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20170320/b5c3a438/attachment.html>
More information about the dnsdist
mailing list