[Pdns-users] Threads and caches
Hi, I have a question about https://doc.powerdns.com/recursor/performance.html "Limit the size of the caches to a sensible value. Cache hit rate does not improve meaningfully beyond 4 million max-cache-entries per thread, reducing the memory footprint reduces CPU cache misses." Does this mean that if threads=4, a sensible value for max-cache-entries would be 1600 ? Does this also apply to max-packetcache-entries ? So with threads=4, a sensible value for max-packetcache-entries would be 1600 ? Is the cache shared between all threads or does each thread use it's own cache ? Are there any differences between 4.1, 4.2, 4.3 regarding the above ? Regards, Thor ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursor v3.2 and v3.3 malformed answer in case of big response from authoritative
Bert, Quick check is looking good ... [thor@tns125 named]$ dig -t MX auinmeio.com.br @195.130.158.234 ;; Truncated, retrying in TCP mode. ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -t MX auinmeio.com.br @195.130.158.234 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 24511 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1569, AUTHORITY: 0, ADDITIONAL: 1353 ;; Query time: 282 msec ;; SERVER: 195.130.158.234#53(195.130.158.234) ;; WHEN: Wed Apr 13 01:22:30 2011 ;; MSG SIZE rcvd: 65531 Apr 13 01:22:30 tns125 pdns_recursor[16024]: 1 [36] question for 'auinmeio.com.br.|MX' from 195.130.158.234 Apr 13 01:22:30 tns125 pdns_recursor[16024]: 1 [36] answer to question 'auinmeio.com.br.|MX': 19 answers, 0 additional, took 0 packets, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 Apr 13 01:22:30 tns125 pdns_recursor[16024]: 1 [37] TCP question for 'auinmeio.com.br.|MX' from 195.130.158.234 Apr 13 01:22:30 tns125 pdns_recursor[16024]: 1 [37] answer to question 'auinmeio.com.br.|MX': 1569 answers, 1353 additional, took 0 packets, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 Kind regards, Thor. - Original Message - From: bert hubert bert.hub...@netherlabs.nl To: Thor Spruyt thor.spr...@telenet.be Cc: pdns-users@mailman.powerdns.com Sent: Tuesday, April 12, 2011 3:38:26 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna Subject: Re: [Pdns-users] Recursor v3.2 and v3.3 malformed answer in case of big response from authoritative On Mon, Apr 11, 2011 at 05:11:41PM +0200, bert hubert wrote: On Mon, Apr 11, 2011 at 04:53:16PM +0200, Thor Spruyt wrote: Last week I discovered an issue with recursor v3.2. Hi Thor, Thanks! You've uncovered an interesting bug which was quite devious. It has been solved in http://wiki.powerdns.com/trac/changeset/2150 The problem was that powerdns would indeed try to serve infinitely large answers over TCP/IP, even though TCP/IP answers are still limited to 65KB. However, since yesterday the domain auinmeio.com.br appears to have developed its own problems, so it still does not resolve, but for a new reason. It looks like it is just broken. Can you verify using http://svn.powerdns.com/snapshots/pdns-recursor-3.4-pre.tar.bz2 ? Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Recursor v3.2 and v3.3 malformed answer in case of big response from authoritative
Hi,
Last week I discovered an issue with recursor v3.2.
It appears to return a malformed answer to the client in case the data (incl.
additional data) exceeds the 65536 maximum (2 bytes length field).
An example real-life lookup which has this issue as a result is MX of
auinmeio.com.br
When asking one of the authoritative servers, dig yields (note ANSWER,
ADDITIONAL and MSG SIZE):
[thor@tns125 named]$ dig -t MX auinmeio.com.br @ns1.auinmeio.com.br
;; Truncated, retrying in TCP mode.
; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -t MX auinmeio.com.br
@ns1.auinmeio.com.br
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 25661
;; flags: qr aa rd; QUERY: 1, ANSWER: 1569, AUTHORITY: 6, ADDITIONAL: 1376
;; QUESTION SECTION:
;auinmeio.com.br. IN MX
snip
;; Query time: 765 msec
;; SERVER: 65.98.112.162#53(65.98.112.162)
;; WHEN: Mon Apr 11 16:16:25 2011
;; MSG SIZE rcvd: 65531
When asking powerdns v3.3, dig yields (note ANSWER, ADDITIONAL and MSG SIZE):
[thor@tns125 named]$ dig -t MX auinmeio.com.br @195.130.158.234
;; Truncated, retrying in TCP mode.
;; Warning: Message parser reports malformed message packet.
; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -t MX auinmeio.com.br
@195.130.158.234
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 11531
;; flags: qr rd ra; QUERY: 1, ANSWER: 1569, AUTHORITY: 0, ADDITIONAL: 1569
;; QUESTION SECTION:
;auinmeio.com.br. IN MX
snip
;; Query time: 63 msec
;; SERVER: 195.130.158.234#53(195.130.158.234)
;; WHEN: Mon Apr 11 16:19:00 2011
;; MSG SIZE rcvd: 4427
From a packet trace, I see that the UDP answer is correct with 20 MX answered
in a truncated reponse.
The client then asks the same question via TCP:
Domain Name System (query)
[Response In: 8]
Length: 33
Transaction ID: 0x2648
Flags: 0x0100 (Standard query)
0... = Response: Message is a query
.000 0... = Opcode: Standard query (0)
..0. = Truncated: Message is not truncated
...1 = Recursion desired: Do query recursively
.0.. = Z: reserved (0)
...0 = Non-authenticated data OK: Non-authenticated data
is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
auinmeio.com.br: type MX, class IN
Name: auinmeio.com.br
Type: MX (Mail exchange)
Class: IN (0x0001)
And then powerdns answers with:
Domain Name System (response)
[Request In: 6]
[Time: 0.055456000 seconds]
Length: 4465
Transaction ID: 0x2648
Flags: 0x8180 (Standard query response, No error)
1... = Response: Message is a response
.000 0... = Opcode: Standard query (0)
.0.. = Authoritative: Server is not an authority for
domain
..0. = Truncated: Message is not truncated
...1 = Recursion desired: Do query recursively
1... = Recursion available: Server can do recursive
queries
.0.. = Z: reserved (0)
..0. = Answer authenticated: Answer/authority portion
was not authenticated by the server
= Reply code: No error (0)
Questions: 1
Answer RRs: 1569
Authority RRs: 0
Additional RRs: 1569
Queries
auinmeio.com.br: type MX, class IN
Name: auinmeio.com.br
Type: MX (Mail exchange)
Class: IN (0x0001)
Answers
auinmeio.com.br: type MX, class IN, preference 0, mx
pm02-58.auinmeio.com.br
Name: auinmeio.com.br
Type: MX (Mail exchange)
Class: IN (0x0001)
Time to live: 1 minute, 25 seconds
Data length: 12
Preference: 0
Mail exchange: pm02-58.auinmeio.com.br
snip
auinmeio.com.br: type MX, class IN
Name: auinmeio.com.br
Type: MX (Mail exchange)
Class: IN (0x0001)
Time to live: 1 minute, 25 seconds
Data length: 12
[Malformed Packet: DNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
[Malformed Packet: DNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
Domain Name System (query)
Length: 1889
Transaction ID: 0x6c35
Flags: 0x372d (Unknown operation)
0... = Response: Message is a query
.011 0... = Opcode: Unknown (6)
..1. = Truncated: Message is truncated
...1 = Recursion desired: Do query
