[dnsdist] [EXT] Re: First alpha release of dnsdist 1.6.0

[Remi Gacogne]

Hi Stephane,

On 2/3/21 9:27 AM, Stephane Bortzmeyer wrote:
> Executive summary: be careful beforce activating out-of-order
> processing on DoT servers. Read on.
> 
> Background: I manage a (very) small public DoT and DoH resolver. It is
> automatically monitored from Icinga with two programs, one written in
> Python <https://framagit.org/bortzmeyer/homer> and the other in C
> (based on getdns). So, I can know what happen when I sleep.
> 
> I upgraded to 1.6.0 Alpha and the server is running for 18 hours.
> 
> So, the big issue: *much* more timeouts are reported by the monitoring
> system. With 1.4 and 1.5, everything was smooth, now I have timeouts
> all the time.
> 
> It only affects DoT, not DoH, so I presume it is not the fault of the
> machine or the network.
> 
> DoT was configured with maxInFlight=256, I've just go back to
> maxInFlight=0 to see if it makes a difference.

Thanks a lot for the feedback!

Did you also enable out-of-order between dnsdist and the backend, using 
maxInFlight on the newServer() directive? Do you know if the backend 
does indeed support out-of-order? One of the most frequent issue I have 
seen is that the backend is assumed to support OOOR but does not, 
causing the client and dnsdist to pipeline queries on the TCP connection 
while the backend is actually only processing them one-by-one. 
Unfortunately it means that the client starts its timeout as soon as the 
query has been written to the TCP socket, while the server will only 
start looking at this query after all the previous ones have been answered.

However in your case I'm guessing the monitoring scripts do not really 
do pipelining, so that looks like a real issue. Would you mind sharing 
your configuration?

Note that client-side DoH in dnsdist has always supported out-of-order, 
as the underlying design of HTTP/2 made that quite easy, so nothing 
should change for DoH in 1.6.0.

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/