Indeed that might be a problem. We use (ferm syntax):
table raw {
# Wir wollen NOTRACK fuer eingehende DNS Anfragen und die dazugehoerigen
# ausgehenden Antworten. Ausgehende DNS Anfragen sollen weiter getrackt
# werden damit die dazugehoerige Antwort rein darf.
chain PREROUTING {
Hello Rais,
i noticed that you are increasing nf_conntrack_max. I am not sure how
the backend servers are connected,
but i suggest not to use connection tracking/NAT at all. You can use for
example dedicated interface for backend
management and other one to connect to dnsdist.
r.
On 24/03
Hi,
Thanks for the guidance...!
We are testing with multiple scenarios, with/without kernel tuning. We observed
UDP packets errors on both backend servers (not a single UDP error on dnsdist
LB server).
Tested with resperf 15K QPS
resperf -s 192.168.0.1 -R -d queryfile-example-10million-201202
Have you tested how many Qps your Backend is capably to handle? First test your
Backend performance to know how much qps a single backend can handle. I guess
500k qps might be difficult to achieve with bind. If you need more performance
switch the Backend to NSD or Knot.
regards
Klaus
> -U
