Am 24.07.2018 um 13:54 schrieb Martijn Reening: > Hello everyone, > > We are seeing very vague issues with our PowerDNS setup where certain > sequences of requests can cause full queues and dropped queries. Under > normal circumstances, the server can handle more than 10 kqueries/sec, > but when the bug is triggered, performance drops to 300-400 queries/sec. > > There seems to be a correlation with the amount of domains that are > queried which return REFUSED. DNSSEC makes it easier to trigger this > problem, but disabling it does not make it disappear.
REFUSED indicates that a domain was aksed which is not configured on your server. Maybe it is just some kind of attack against you or against one of the domains you are hosting. It is very very easy to "kill" PowerDNS by forcing PowerDNS queries to the backend. For example, querying your server for: a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.<random> causes at least 30 Queries to the database until PowerDNS finds out that it is not authoritative for this domain and sending REFUSED. If the TLD is random, every DNS query bypasses the query cache. So sending moderate load if such constructed queries will kill your backend. Hence, I would analyze the requests causing REFUSED for a some pattern causing high load. regards Klaus _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users