[dnsdist] ACL monitoring / Latency

bert hubert bert.hubert at powerdns.com
Mon Mar 20 22:02:33 UTC 2017


On Mon, Mar 20, 2017 at 09:54:40PM +0000, Daniel Oakes wrote:
> Hi there,

Morning Daniel, greetings from Monday!

> Just wondering if there's any way of monitoring the ACL Drops at all - I couldn't figure out a way.

Not from within dnsdist right now, although it is an interesting idea. What
you can do is make a brief pcap of dnsdist traffic and run 'dnsscope' on it.
It will output a bunch of files one of which is called 'ignores', and this
will be your drops.

> Also we have high latency to our backend PDNS Recursors and we can't work
> out why / how - here's a copy of our config below - we're seeing latency
> of 100+ ms is that normal?  For info the 1st two recursors are in the same
> subnet (sub 1ms) and the other two are 16ms:

The best way to debug this is to let your recursor talk to a metronome
server, for example ours. This is explained in
https://blog.powerdns.com/2014/12/11/powerdns-graphing-as-a-service/

This will show the latency distribution and the impact of your network
speeds on that latency. 

> pc = newPacketCache(1000000, 86400, 0, 60, 60)
> getPool(""):setCache(pc)

Ok, this explains a lot. This means only cache -misses- are sent to your
backends. This in turn means latency will always be multiples of your
network latency to the world. From New Zealand, this can be significant.

The reason you get only misses is that all common queries are handled
directly by dnsdist itself.

Good luck!

	Bert


More information about the dnsdist mailing list