[Pdns-users] pdns cannot handle large pdns notify
Otto Moerbeek
otto at drijf.net
Wed Dec 25 10:19:59 UTC 2019
On Tue, Dec 24, 2019 at 08:41:24AM +0000, Brian Candler wrote:
> On 24/12/2019 02:25, Jackson Yap wrote:
> >
> > We realised when we do a pdns_control notify '*' , many axfrs cannot be
> > transferred to our pdns slave. We have about 500+ zones in total.
> >
> > Only when we do specific domain notify like pdns_control notify
> > 'example.com <http://example.com>’, it will work properly.
> >
> > My question is, what settings could have provided mass pdns notify from
> > working properly?
> >
> I'd suggest you try using tcpdump to look at what's happening. Some
> thoughts:
>
> 1. Notifies are sent over UDP. Maybe when you try to send 500 UDP packets
> simultaneously, some of them are being thrown away (e.g. some buffer is
> overflowing). tcpdump at the receiving server(s) too if possible.
>
> 2. Maybe when there are too many incoming connections, some are being
> rejected (look for R[ST] as the response). See
> https://docs.powerdns.com/authoritative/settings.html#max-tcp-connections
>
> 3. Maybe your backend database is slow and can't handle that many concurrent
> AXFRs
>
> As for solutions: maybe you're better avoiding doing pdns_control notify
> "*". One way would be to spread your notifies over a minute or two.
> Another would be to use native replication between your backend databases,
> which avoids the need for AXFR completely.
Additionally, slave servers check periodically if the SOA serial
hasbeen updated. Missing a notify is not a critical thing.
-Otto
More information about the Pdns-users
mailing list