Nice to see Unbound getting used in larger scale environments. I run it at home on my 500Mhz P3 laptop/router with 256MB of RAM and the standard cache settings (as well as a fair share of DNSSEC keys). While I'm sure that I don't put it through a fraction of the stress, I'm not terribly gentle on it either :-). I have had no performance issues with it, and don't link it (yet) to an external libevent either. However, it doesn't run too well on my 486 with 16MB of RAM, so I may have a project for another day. I do not chroot Unbound, but I do have a dedicated "unbound" user for it. The chroot issues definitely sound like a possible culprit to me if /dev/random is not accessible. I'm not sure if you are using Linux or *BSD, but /dev/random is generally _very_ slow under Linux unless you have a hardware random number generator. I would recommend /dev/urandom instead, unless /dev/random is fast enough. I guess Unbound has its own fallback internal random number generator?
Cheers, Teran On Thu, Oct 9, 2008 at 07:08, Wouter Wijngaards <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Dave, > > Great that it is working better. > > You are still configuring more than 1024 file descriptors per thread; > hence the accept failures. Did you turn down the number of tcp > connections like I told you to? Because it looks like you did not. > > you need to provide access to /dev/random from within the chroot > (/usr/local/etc/unbound/dev/random -> /dev/random), to provide entropy > for the random numbers. > > Did you do the outgoing-range: 900 change? I think so. Otherwise, you > did not compile with debugging (esp. memory or lock debugging) ? What > is happening with the timeouts you experience now? > > When unbound exits, can you provide the statistics it prints: especially > the size of the requestlists per thread, number of packets dropped and > so on. Those numbers may help find out where the capacity problem is. > > Best regards, > Wouter > > Dave Ellis wrote: >> I recompiled as suggested, and made the configuration changes. >> Everything is running much better now, although I'm still getting some >> timeouts but nearly as quickly. Anything else I can improve on to get >> rid of the timeout problem? >> >> This server is a Dual Quad Core Xeon 2Ghz, with 4Mb of cache running >> with 2GB of RAM. Just to give you an idea of specs. >> >> Looking through the logs I found the following right after start up, not >> sure if its helpful. >> >> [1223458526] unbound[23824:0] info: 16.000000 32.000000 11 >> [1223458526] unbound[23824:0] info: 32.000000 64.000000 1 >> [1223458648] unbound[23872:0] notice: init module 0: validator >> [1223458648] unbound[23872:0] notice: init module 1: iterator >> [1223458648] unbound[23872:0] notice: openssl has no entropy, seeding >> with time and pid >> [1223458648] unbound[23872:0] info: start of service (unbound 1.0.2). >> [1223458648] unbound[23878:6] error: accept failed: Resource temporarily >> unavailable >> [1223458648] unbound[23878:6] info: remote address is (inet_ntop error) >> port 0 >> [1223458648] unbound[23879:7] error: accept failed: Resource temporarily >> unavailable >> [1223458648] unbound[23879:7] info: remote address is (inet_ntop error) >> port 0 >> [1223458658] unbound[23872:0] error: accept failed: Resource temporarily >> unavailable >> [1223458658] unbound[23872:0] info: remote address is 72.249.76.123 port >> 51400 >> [1223458659] unbound[23872:0] error: accept failed: Resource temporarily >> unavailable >> [1223458659] unbound[23872:0] info: remote address is 72.249.76.123 port >> 51400 >> [1223458659] unbound[23879:7] error: accept failed: Resource temporarily >> unavailable >> [1223458659] unbound[23879:7] info: remote address is (inet_ntop error) >> port 0 >> [1223458662] unbound[23872:0] error: accept failed: Resource temporarily >> unavailable >> [1223458662] unbound[23872:0] info: remote address is 206.123.115.117 >> port 50068 >> [1223458664] unbound[23872:0] error: accept failed: Resource temporarily >> unavailable >> [1223458664] unbound[23872:0] info: remote address is 206.123.64.245 >> port 53096 >> [1223458664] unbound[23876:4] error: accept failed: Resource temporarily >> unavailable >> [1223458664] unbound[23876:4] info: remote address is 72.249.76.123 port >> 51491 >> [1223458672] unbound[23878:6] error: accept failed: Resource temporarily >> unavailable >> [1223458672] unbound[23872:0] error: accept failed: Resource temporarily >> unavailable >> [1223458672] unbound[23878:6] info: remote address is 72.249.76.123 port >> 51483 >> [1223458672] unbound[23872:0] info: remote address is 72.249.76.123 port >> 51605 >> [1223458672] unbound[23872:0] error: accept failed: Resource temporarily >> unavailable >> [1223458672] unbound[23872:0] info: remote address is 72.249.76.123 port >> 51605 >> >> Again, I appreciate this. Thank you. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkjtrgEACgkQkDLqNwOhpPjQvwCgoVW7mEop7VzXtnCAng7aysC0 > LmoAoInbiGEf5diaU7AGixKM1dfkW27P > =3Dy0 > -----END PGP SIGNATURE----- > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
