[Pdns-users] Threads and caches
Hi, I have a question about https://doc.powerdns.com/recursor/performance.html "Limit the size of the caches to a sensible value. Cache hit rate does not improve meaningfully beyond 4 million max-cache-entries per thread, reducing the memory footprint reduces CPU cache misses." Does this mean that if threads=4, a sensible value for max-cache-entries would be 1600 ? Does this also apply to max-packetcache-entries ? So with threads=4, a sensible value for max-packetcache-entries would be 1600 ? Is the cache shared between all threads or does each thread use it's own cache ? Are there any differences between 4.1, 4.2, 4.3 regarding the above ? Regards, Thor ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursor v3.2 and v3.3 malformed answer in case of big response from authoritative
Bert, Quick check is looking good ... [thor@tns125 named]$ dig -t MX auinmeio.com.br @195.130.158.234 ;; Truncated, retrying in TCP mode. ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -t MX auinmeio.com.br @195.130.158.234 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 24511 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1569, AUTHORITY: 0, ADDITIONAL: 1353 ;; Query time: 282 msec ;; SERVER: 195.130.158.234#53(195.130.158.234) ;; WHEN: Wed Apr 13 01:22:30 2011 ;; MSG SIZE rcvd: 65531 Apr 13 01:22:30 tns125 pdns_recursor[16024]: 1 [36] question for 'auinmeio.com.br.|MX' from 195.130.158.234 Apr 13 01:22:30 tns125 pdns_recursor[16024]: 1 [36] answer to question 'auinmeio.com.br.|MX': 19 answers, 0 additional, took 0 packets, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 Apr 13 01:22:30 tns125 pdns_recursor[16024]: 1 [37] TCP question for 'auinmeio.com.br.|MX' from 195.130.158.234 Apr 13 01:22:30 tns125 pdns_recursor[16024]: 1 [37] answer to question 'auinmeio.com.br.|MX': 1569 answers, 1353 additional, took 0 packets, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 Kind regards, Thor. - Original Message - From: bert hubert bert.hub...@netherlabs.nl To: Thor Spruyt thor.spr...@telenet.be Cc: pdns-users@mailman.powerdns.com Sent: Tuesday, April 12, 2011 3:38:26 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna Subject: Re: [Pdns-users] Recursor v3.2 and v3.3 malformed answer in case of big response from authoritative On Mon, Apr 11, 2011 at 05:11:41PM +0200, bert hubert wrote: On Mon, Apr 11, 2011 at 04:53:16PM +0200, Thor Spruyt wrote: Last week I discovered an issue with recursor v3.2. Hi Thor, Thanks! You've uncovered an interesting bug which was quite devious. It has been solved in http://wiki.powerdns.com/trac/changeset/2150 The problem was that powerdns would indeed try to serve infinitely large answers over TCP/IP, even though TCP/IP answers are still limited to 65KB. However, since yesterday the domain auinmeio.com.br appears to have developed its own problems, so it still does not resolve, but for a new reason. It looks like it is just broken. Can you verify using http://svn.powerdns.com/snapshots/pdns-recursor-3.4-pre.tar.bz2 ? Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Recursor v3.2 and v3.3 malformed answer in case of big response from authoritative
Hi, Last week I discovered an issue with recursor v3.2. It appears to return a malformed answer to the client in case the data (incl. additional data) exceeds the 65536 maximum (2 bytes length field). An example real-life lookup which has this issue as a result is MX of auinmeio.com.br When asking one of the authoritative servers, dig yields (note ANSWER, ADDITIONAL and MSG SIZE): [thor@tns125 named]$ dig -t MX auinmeio.com.br @ns1.auinmeio.com.br ;; Truncated, retrying in TCP mode. ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -t MX auinmeio.com.br @ns1.auinmeio.com.br ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 25661 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1569, AUTHORITY: 6, ADDITIONAL: 1376 ;; QUESTION SECTION: ;auinmeio.com.br. IN MX snip ;; Query time: 765 msec ;; SERVER: 65.98.112.162#53(65.98.112.162) ;; WHEN: Mon Apr 11 16:16:25 2011 ;; MSG SIZE rcvd: 65531 When asking powerdns v3.3, dig yields (note ANSWER, ADDITIONAL and MSG SIZE): [thor@tns125 named]$ dig -t MX auinmeio.com.br @195.130.158.234 ;; Truncated, retrying in TCP mode. ;; Warning: Message parser reports malformed message packet. ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -t MX auinmeio.com.br @195.130.158.234 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 11531 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1569, AUTHORITY: 0, ADDITIONAL: 1569 ;; QUESTION SECTION: ;auinmeio.com.br. IN MX snip ;; Query time: 63 msec ;; SERVER: 195.130.158.234#53(195.130.158.234) ;; WHEN: Mon Apr 11 16:19:00 2011 ;; MSG SIZE rcvd: 4427 From a packet trace, I see that the UDP answer is correct with 20 MX answered in a truncated reponse. The client then asks the same question via TCP: Domain Name System (query) [Response In: 8] Length: 33 Transaction ID: 0x2648 Flags: 0x0100 (Standard query) 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ...0 = Non-authenticated data OK: Non-authenticated data is unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries auinmeio.com.br: type MX, class IN Name: auinmeio.com.br Type: MX (Mail exchange) Class: IN (0x0001) And then powerdns answers with: Domain Name System (response) [Request In: 6] [Time: 0.055456000 seconds] Length: 4465 Transaction ID: 0x2648 Flags: 0x8180 (Standard query response, No error) 1... = Response: Message is a response .000 0... = Opcode: Standard query (0) .0.. = Authoritative: Server is not an authority for domain ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively 1... = Recursion available: Server can do recursive queries .0.. = Z: reserved (0) ..0. = Answer authenticated: Answer/authority portion was not authenticated by the server = Reply code: No error (0) Questions: 1 Answer RRs: 1569 Authority RRs: 0 Additional RRs: 1569 Queries auinmeio.com.br: type MX, class IN Name: auinmeio.com.br Type: MX (Mail exchange) Class: IN (0x0001) Answers auinmeio.com.br: type MX, class IN, preference 0, mx pm02-58.auinmeio.com.br Name: auinmeio.com.br Type: MX (Mail exchange) Class: IN (0x0001) Time to live: 1 minute, 25 seconds Data length: 12 Preference: 0 Mail exchange: pm02-58.auinmeio.com.br snip auinmeio.com.br: type MX, class IN Name: auinmeio.com.br Type: MX (Mail exchange) Class: IN (0x0001) Time to live: 1 minute, 25 seconds Data length: 12 [Malformed Packet: DNS] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Message: Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] [Malformed Packet: DNS] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Message: Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] Domain Name System (query) Length: 1889 Transaction ID: 0x6c35 Flags: 0x372d (Unknown operation) 0... = Response: Message is a query .011 0... = Opcode: Unknown (6) ..1. = Truncated: Message is truncated ...1 = Recursion desired: Do query