[dnsdist] dnsdist latency bucket metric still broken in 1.8.0?

Christoph cm at appliedprivacy.net
Fri Apr 14 15:04:41 UTC 2023 

> Did you compile dnsdist yourself? 
I installed it via pkg.

> If I try to install dnsdist on
> 13.1-RELEASE-p6 I only get 1.7.3:

you are likely using the default FreeBSD repo (quartely) if you use the 
latest repo you will get version 1.8.0:

mkdir -p /usr/local/etc/pkg/repos
you can create this file /usr/local/etc/pkg/repos/FreeBSD.conf
to use the latest repo:

FreeBSD: {
   url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
   mirror_type: "srv",
   signature_type: "fingerprints",
   fingerprints: "/usr/share/keys/pkg",
   enabled: yes
}

> A quick test with a self-compiled 1.8.0 dnsdist shows a non-zero sum
> for me, so I'm confused what's goiong on.

here is our dnsdist.conf,
maybe it helps to reproduce the issue.

thanks for your help!
Christoph

----
newServer({address="109.70.100.136", maxInFlight=1000})
newServer({address="109.70.100.140", maxInFlight=1000})
setServerPolicy(leastOutstanding)

addTLSLocal("0.0.0.0", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.crt", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.key", 
{ciphers='ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256', 
minTLSVersion='tls1.2', tcpFastOpenQueueSize=1000, maxInFlight=1000 })
addTLSLocal("[::]", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.crt", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.key", 
{ciphers='ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256', 
minTLSVersion='tls1.2', tcpFastOpenQueueSize=1000, maxInFlight=1000 })

addDOHLocal("0.0.0.0:444", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.crt", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.key", 
"/query", {minTLSVersion='tls1.3', serverTokens='doh', 
tcpFastOpenQueueSize=1000, tcpListenQueueSize=4096 })
addDOHLocal("[::]:444", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.crt", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.key", 
"/query", {minTLSVersion='tls1.3', serverTokens='doh', 
tcpFastOpenQueueSize=1000, tcpListenQueueSize=4096 })

setACL({'0.0.0.0/0', '::/0'})
controlSocket('127.0.0.1:5199')
setConsoleACL('127.0.0.1/8')

setKey("xxx")

pc = newPacketCache(50000, {maxTTL=86400, minTTL=3, 
temporaryFailureTTL=60, staleTTL=60, dontAge=false})
getPool(""):setCache(pc)

webserver("127.0.0.1:8083")
setWebserverConfig({password="xxx"})
setVerboseHealthChecks(true)
----

More information about the dnsdist mailing list