[Pdns-users] strange timeout issues on random basis
Mohamad F Barham
mbarham at birzeit.edu
Mon Jul 18 13:08:06 UTC 2022
Dears,
I have sometime an unexpected behavior regarding my pdns-recursor
updated to 4.7.1
running on centos 7
4 cores
unexpected behavior:
getting timeout on existing domains for a while, after a while get resolved!!!
the issue is so critical as some times gmail as ex. did not solve , and emails get unroutable address and not delivered
for example:
Jul 18 14:42:45 resolver02 pdns-recursor: Sending SERVFAIL to 172.20.20.51:60435 during resolve of 'rms.pmof.ps' because: Too much time waiting for pmof.ps|A, timeouts: 2, throttles: 0, queries: 4, 9000msec
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] : no TA found for 'rms.pmof.ps' among 1
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] : no TA found for 'pmof.ps' among 1
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] : no TA found for 'ps' among 1
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] : got TA for '.'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] QM rms.pmof.ps.|A child=(empty): doResolve
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: Wants NO DNSSEC processing, auth data in query for 1
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: Recursion not requested for 'rms.pmof.ps|1', peeking at auth/forward zones
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] QM rms.pmof.ps.|A child=(empty): Step0 Not cached
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: Checking if we have NS in cache for 'rms.pmof.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: no valid/useful NS in cache for 'rms.pmof.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: Checking if we have NS in cache for 'pmof.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: no valid/useful NS in cache for 'pmof.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: Checking if we have NS in cache for 'ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'fork.sth.dnsnode.net'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: within bailiwick: 0, not in cache / did not look at cache
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'ps-ns.anycast.pch.net'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: within bailiwick: 0, not in cache / did not look at cache
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'rip.psg.com'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: within bailiwick: 0, not in cache / did not look at cache
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'ps.cctld.authdns.ripe.net'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: within bailiwick: 0, not in cache / did not look at cache
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'dns1.gov.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: within bailiwick: 1, in cache, ttl=86400
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'ns1.pnina.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: within bailiwick: 1, in cache, ttl=86400
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] rms.pmof.ps: We have NS in cache for 'ps' (flawedNSSet=0)
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] QM rms.pmof.ps.|A child=(empty): Step1 Ancestor from cache is ps
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] QM rms.pmof.ps.|A child=pmof.ps: Step2 New child
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] QM rms.pmof.ps.|A child=pmof.ps: Step4 Resolve A for child
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Wants NO DNSSEC processing, auth data in query for 1
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: No cache hit for 'pmof.ps|1', trying to find an appropriate NS record
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Checking if we have NS in cache for 'pmof.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: no valid/useful NS in cache for 'pmof.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Checking if we have NS in cache for 'ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'fork.sth.dnsnode.net'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: within bailiwick: 0, not in cache / did not look at cache
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'ps-ns.anycast.pch.net'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: within bailiwick: 0, not in cache / did not look at cache
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'rip.psg.com'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: within bailiwick: 0, not in cache / did not look at cache
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'ps.cctld.authdns.ripe.net'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: within bailiwick: 0, not in cache / did not look at cache
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'dns1.gov.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: within bailiwick: 1, in cache, ttl=86400
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: NS (with ip, or non-glue) in cache for 'ps' -> 'ns1.pnina.ps'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: within bailiwick: 1, in cache, ttl=86400
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: We have NS in cache for 'ps' (flawedNSSet=0)
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Cache consultations done, have 6 NS to contact
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps.: Nameservers: dns1.gov.ps(0.00ms), ps.cctld.authdns.ripe.net(0.00ms), ns1.pnina.ps(0.00ms),
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps.: rip.psg.com(0.00ms), ps-ns.anycast.pch.net(0.00ms), fork.sth.dnsnode.net(0.00ms)
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Trying to resolve NS 'dns1.gov.ps' (1/6)
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] Nameserver dns1.gov.ps IPs: 213.244.82.147(0.00ms)
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Resolved 'ps' NS dns1.gov.ps to: 213.244.82.147
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Trying IP 213.244.82.147:53, asking 'pmof.ps|1'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: timeout resolving after 3000.12msec
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Trying to resolve NS 'ps.cctld.authdns.ripe.net' (2/6)
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] Nameserver ps.cctld.authdns.ripe.net IPs: 193.0.9.105(0.00ms), 2001:67c:e0::105(0.00ms)
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Resolved 'ps' NS ps.cctld.authdns.ripe.net to: 193.0.9.105, 2001:67c:e0::105
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Trying IP 193.0.9.105:53, asking 'pmof.ps|1'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: timeout resolving after 3000.3msec
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Trying IP [2001:67c:e0::105]:53, asking 'pmof.ps|1'
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: hit a local resource limit resolving, probable error: Network is unreachable
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Trying to resolve NS 'ns1.pnina.ps' (3/6)
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] Nameserver ns1.pnina.ps IPs: 194.6.225.20(0.00ms)
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Resolved 'ps' NS ns1.pnina.ps to: 194.6.225.20
Jul 18 14:42:45 resolver02 pdns-recursor: [18037] pmof.ps: Trying IP 194.6.225.20:53, asking 'pmof.ps|1'
my config:
setuid=pdns-recursor
setgid=pdns-recursor
local-address=0.0.0.0 ::
local-port=53
allow-from=172.16.0.0/12,192.168.0.0/16,10.0.0.0/8,176.119.248.0/21,213.244.124.0/22
threads=2
pdns-distributes-queries=no
reuseport=no
#### forwarding zones##
#forward-zones-file=/etc/pdns-recursor/forward-zones
#lua-config-file=/etc/pdns-recursor/lua-config-file
### DNSSEC ####
dnssec=off
##### Logs ####
log-common-errors=yes
loglevel=5
logging-facility=0
disable-syslog=no
## packet cache serv fail
packetcache-ttl=60
packetcache-servfail-ttl=15
max-negative-ttl=15
minimum-ttl-override=30
#max-cache-ttl=3600
##unlimeted recursion depth, increase stack as a result
max-recursion-depth=50
stack-size=400000
network-timeout=3000
client-tcp-timeout=15
server-down-max-fails=16
trace=fail
# all others are default
Mohamad Barham
System Engineer | Information Technology Department
Birzeit University
P.O.Box. 14, Birzeit, Palestine
Tel: + 970 22982012 | Mob: +970 597 861929 | Ext: 5616
mbarham at birzeit.edu | www.birzeit.edu<http://www.birzeit.edu/>
~~~~~~~~~~~~~~~~~~~~~~~~~~
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The University is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220718/68e64705/attachment-0001.htm>
More information about the Pdns-users
mailing list