dnswasher explained: Re: [Pdns-users] Errors relating to unicode with pgsql backend

Sun Jul 10 11:37:34 UTC 2005

On Sat, Jul 09, 2005 at 06:42:58PM -0400, David Levy wrote:

> 	I can replicate this error in psql manually by sending the same
> query through to postgres.   Postgres returns that error, but does not
> terminate the connection.  The troubling thing is I get this error quite
> frequently, so I can't say definitively that this is what is causing my
> problem because it usually doesn't result in any hangs.

Can you send me the query in private? It probably means someone is sending a
DNS query that contains characters that PostgreSQL tries to interpret as
unicode. It also means that powerdns should do a more thorough job in
sanitizing DNS queries.

> After increasing the log level I also noticed that I see the following
> message right after the last one, unfortunately my log level was lower
> the last time this happened:

After any SQL error, powerdns considers a connection damaged, and drops it,
leading to a reconnect later on:

> Jul  9 18:13:31 pdns01 pdns-pdns[17689]: Distributor misses a thread
> (2<3), spawning new one

> Jul  7 23:58:12 pdns01 pdns-pdns[23641]: 5037 questions waiting for
> database attention. Limit is 5000, respawning

This is a catch in case all database connections become wedged, but don't
return actual errors.

> I get tons of the malformed qdomain and encoding errors.  The 5000
> question limit message occurs less frequently, maybe once a day.  If
> anyone has any ideas on what my issue can be, or how to further debug it
> would be most appreciated.  Thanks.

One of the best things you can do is tcpdump traffic to your nameserver like
this:

# tcpdump -s 1500 -w dns-queries udp and port 53

And then run that through the dnswasher supplied in
http://ds9a.nl/pdns/pdns-2.9.18-svn.tar.gz like this:

$ dnswasher ./dns-queries ./dns-queries.anon

And then check dns-queries.anon to verify that there are no source IP
addresses of your client in there. Once sure about that, send me
dns-queries.anon and times at which odd things happened.

NOTE: To compile dnswasher, you need 'libboost', and after configure, run
'make dnswasher dnsscope' in the pdns directory. dnsscope will give you
heaps of statistics on the performance of your nameserver.

The output you send me will allow me, using 'dnsreplay' to make sure things
go well in the upcoming 2.9.18 release.

Good luck!

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services