[Pdns-users] UDP Connection Table Exhaustion?

[Matthew Walster - Gyron]

Hey there,

I've inherited a DNS recursive resolver infrastructure based on PowerDNS recursor, and there are reports of strange DNS errors occasionally - either NXDOMAIN or just timeouts.

Looking into it, ip_conntrack seems to think there are currently 30000 connections, with a connection table size of 65535. Some users do have high figures, such as 1000 for just one IP, but on the large part, most IPs have low connection quantities.

I've tried changing the UDP timeout to 5 seconds, and this alleviated some of the issues, but didn't wholly fix it. Unfortunately, the software is currently running on CentOS 4.7, PowerDNS recursor version 3.1.4 - so a little older than I'd like, but it is only allowing queries from the CIDR ranges we have allocated to us so it shouldn't be too overloaded. Load averages are in the 0.10-0.25 range, and memory usage is 1GB of 3GB RAM. It's currently running on VMWare, but it will eventually run on a blade or similar.

Does anyone have any tips and/or tricks for running a medium-scale DNS recursive resolver appropriate to my situation? Medium being bigger than "run it off a DSL router" but smaller than "get a server farm to do it"!

Kind regards,

Matthew Walster

Network Architect
Gyron Internet Ltd

mail:   matthew.walster at gyron.net
web:    http://gyron.net/

tel:    0845 888 6900
fax:    0845 888 6910



This message may be private and confidential. If you have received this message in error, please notify us and remove it from your system.

Gyron may monitor email traffic data and the content of email for the purposes of security and staff training.

Gyron Internet Ltd is a limited company registered in England and Wales. Registered number: 4239332. Registered office: 3 Centro, Boundary Way, Hemel Hempsted, HP2 7SU. VAT reg no 804 2532 63. Gyron is a registered trademark.