[dnsdist] dnsdist 1.4 and Debian Buster

Remi Gacogne remi.gacogne at powerdns.com
Thu Aug 8 13:15:28 UTC 2019 

On 8/8/19 12:04 PM, Chris wrote:
> I just noticed there is even more strange behavior. I restarted the
> dnsdist instance and sent traffic for it to reproduce the issue. While
> it was working I made a 'ANY' query for google.com. One the issue
> occured I could still send that query and get an answer (both with UDP
> and TCP). Queries for things that were not in the cache I guess is what
> stopped working.

Be careful that dig (the 9.14.4 I have here at least) uses TCP by
default for ANY queries so you might need a +notcp to actually test UDP.

> The lsof output is available here:

Thanks, everything looks normal here as well.

> The stack trace is available here:
> 
> https://gbe0.com/dnsdist/dnsdist_strace2.txt.gz
> 
> During the stack trace I performed 4 requests (in order)
> 
> - UDP A request for why-is-dnsdist-not-responding.to.this. (not working)
> - TCP A request for why-is-dnsdist-not-responding.to.this. (working)
> - UDP ANY request for google.com (working)
> - UDP A request for google.com (not working)

So we indeed see the TCP queries but not a single UDP query has made it
to dnsdist, all UDP listener threads are waiting for recvmsg() to return
and it never did, so it looks like the kernel is not passing these
queries to dnsdist. I'm a bit at a loss, here..

It kind of looks like a overflowing NAT engine or stateful firewall, but
since you are testing on the same host..

> I'll configure this shortly to the public metronome server.

Cool, this might give us some insight into what's happening.

> To be clear, I actually installed a new copy of Debian, I didn't upgrade
> the existing stretch install.
> 
> The dnsdist configuration changed slightly:
> 
> - I originally wrote a lua function for load balancing. Now I am using
> poolAvailable with rules so I can use a built in method.
> - The rules were tidied up a bit, previously each dnsdist instance had
> left over rules that were no longer required
> - The cache sizes were adjusted

Right, that doesn't seem related.

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190808/caeecc53/attachment.sig>

More information about the dnsdist mailing list