[Pdns-users] udp-in-errors , AXFR and zones timeouts

Marcello Lupo mlist at itspecialist.it
Mon Dec 28 20:41:21 UTC 2020 

Hello,
I have configured a PDNS Authoritative server (v 4.4.0) with many slave zones provisioned with superslave and supermasters mechanism.
At the moment I have around 1400 zones provisioned from 5 bind master servers.

I’m getting a lot of:

Dec 28 21:00:02 pdns-db2 pdns_server-global[6838]: Received serial number updates for 374 zones, had 19 timeouts
Dec 28 21:05:23 pdns-db2 pdns_server-global[6838]: Received serial number updates for 395 zones, had 47 timeouts
Dec 28 21:06:34 pdns-db2 pdns_server-global[6838]: Received serial number updates for 303 zones, had 15 timeouts
Dec 28 21:16:07 pdns-db2 pdns_server-global[6838]: Received serial number updates for 394 zones, had 43 timeouts
Dec 28 21:21:25 pdns-db2 pdns_server-global[6838]: Received serial number updates for 599 zones, had 66 timeouts
Dec 28 21:22:41 pdns-db2 pdns_server-global[6838]: Received serial number updates for 521 zones, had 22 timeouts
Dec 28 21:26:56 pdns-db2 pdns_server-global[6838]: Received serial number updates for 455 zones, had 28 timeouts
Dec 28 21:28:08 pdns-db2 pdns_server-global[6838]: Received serial number updates for 235 zones, had 26 timeouts

I checked with tcpdump on both the master DNS and the powerdns itself and all answers to the AXFR requests starting from pdns server are correctly received on the pdns server but seems that are not handled by the system and give the timeout error. The udp-in-errors counter is raising every time of the exact number of the timeouts received. As the documentation says the udp-in-errors value seems to be related to packet received but cannot be handled from the pdns server itself.
I’m almost sure that it is a problem of resource tuning but I haven’t idea of what I should tune to avoid this behavior.
In the short future we will need to reach around 15k domains managed by this DNS server and I would like to do not have this issue.
In my scenario this server is dedicated only to the provisioning of domains and it do not answer to requests coming from internet. Requests coming from internet are handled from many servers balanced that rely on the mariadb replication of the PDNS DB main server.
Do you have any ideas?
Thank you
Bye
Marcello

More information about the Pdns-users mailing list