[dnsdist] Dnsdist Backend Timeouts & Drops
Fredrik Pettai
pettai at sunet.se
Wed May 7 21:09:08 UTC 2025
Hi,
> On 7 May 2025, at 21:56, Robert Edmonds <edmonds at mycre.ws> wrote:
>
> Fredrik Pettai via dnsdist wrote:
>> Hi,
>>
>> We have dnsdist running on the same machine as the backend DNS server it talks to (over the loopback interface).
>>
>> The dnsdist workers get timeouts from time to time which is a bit odd given the backend is on the same server and uses the default check of a.root-servers.net (which should be locally cached in unbound).
>> (Running a query locally for a.root-servers.net every second never fails, I’ve also tested with other names, cached or uncached, and the pattern of timeouts doesn’t change much)
>
> Hi,
>
> What version of Unbound are you using?
We’re on 1.22
> Unbound 1.20.0 introduced a "wait-limit" feature which limits the number
> of outstanding queries that a client can have waiting for recursion.
> Most of the time a.root-servers.net will be in cache and not subject to
> the wait limit, but it will presumably need to be refreshed from time
> to time, maybe more often than the TTL interval if it is evicted due to
> cache pressure or if cache-max-ttl is lowered?
>
> Unbound 1.23.0 introduced a standalone metric [0] that counts when the
> wait-limit feature causes a dropped query, but that same version also
> exempts loopback IP addresses from the wait-limit by default [1].
>
> So, if you are using Unbound versions 1.20.0 through 1.22.0 you may
> want to consider upgrading to 1.23.0 or setting "wait-limit: 0" in the
> configuration.
Thanks for the insights!
I’ll try out setting "wait-limit: 0” first then and see if the makes the situation better.
> [0]: https://github.com/NLnetLabs/unbound/pull/1159
>
> [1]: https://github.com/NLnetLabs/unbound/issues/1263
>
> --
> Robert Edmonds
Re,
/P
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20250507/fca0a1a5/attachment.sig>
More information about the dnsdist
mailing list