[Pdns-users] Performance issues
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Jul 30 08:36:58 UTC 2018
Am 24.07.2018 um 13:54 schrieb Martijn Reening:
> Hello everyone,
>
> We are seeing very vague issues with our PowerDNS setup where certain
> sequences of requests can cause full queues and dropped queries. Under
> normal circumstances, the server can handle more than 10 kqueries/sec,
> but when the bug is triggered, performance drops to 300-400 queries/sec.
>
> There seems to be a correlation with the amount of domains that are
> queried which return REFUSED. DNSSEC makes it easier to trigger this
> problem, but disabling it does not make it disappear.
REFUSED indicates that a domain was aksed which is not configured on
your server. Maybe it is just some kind of attack against you or against
one of the domains you are hosting.
It is very very easy to "kill" PowerDNS by forcing PowerDNS queries to
the backend. For example, querying your server for:
a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.<random>
causes at least 30 Queries to the database until PowerDNS finds out that
it is not authoritative for this domain and sending REFUSED.
If the TLD is random, every DNS query bypasses the query cache. So
sending moderate load if such constructed queries will kill your backend.
Hence, I would analyze the requests causing REFUSED for a some pattern
causing high load.
regards
Klaus
More information about the Pdns-users
mailing list