> OS settings and the system environment ... > 2e) Make sure your socket send buffers are big enough. (not > sure if this is obsolete advice, do we need to tell people how > to tell if their buffers are causing delays?)
2e#1) Make sure your UDP socket *receive* buffers are big enough. If on BSD, monitor for "dropped due to full socket buffers" count in "netstat -s" output, and tune accordingly. Note that this may be a symptom of mis-tuning of other parts of BIND, causing excessive CPU usage, which may contribute to this problem. BTW, unbound has configuration options ("so-rcvbuf" / "so-sndbuf") to tune these for only the name server; when I earlier looked for something similar in BIND I could not find a corresponding option, so had to do a system-wide tuning via sysctl, which isn't ideal, but solved the problem in my case. > named Features > 3a) Minimize logging. Query logging is expensive (can cost you > 20% or more of your throughput) so don't do it unless you > are using the logs for something. Logging with dnstap is > lower impact, but still fairly expensive. Don't run in > debug mode unless necessary. 3a#1) Do not configure BIND with --enable-querytrace. It most probably doesn't do what you might think it does, and is a major drag on performance. See above under the new "2e#1" for a possible symptom... > 4b) Set an appropriate MTU for your network. Ensure that your > network infrastructure supports EDNS and large UDP responses up > to 4096. Ensure that your network infrastructure allows transit > for and reassembly of fragmented UDP packets (these will be > large query responses if you are DNSSEC signing) Well, isn't the major goal of DNS Flag Day 2020 to eliminate fragmentation for various reasons (some of them security-related), and recommends to set EDNS buffer size to 1232 instead of letting it be the present default of BIND of 4096? Best regards, - HÃ¥vard _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users