-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Felix,
On 08/31/2010 10:47 AM, Felix Schueren wrote: > I'm curious as to whether this is a DoS scenario for unbound: > 227 ANY IN ecfdabgfea.trassae95.com. 105.531254 iterator wait for > (empty_list) The empty_list output line is fixed in recent unbound releases, so if you update the output of dump_requestlist is neater (and shows what it is really doing: wait for name lookup). > Could this (with enough zombies) explain a sudden rise in > waiting/dropped requests? Is there anything I can do to protect unbound > against this? Potentially, in recent release also a fix to protection against rise in waiting/dropped requests is made. Then, new requests are favored and old ones (older than 'jostle timeout', 200msec) are dropped to make space for them. The stuff from your greps is then looked up when there is leisure time. The jostle-timeout feature has been present for a long time, and should work fine also in older versions (for this particular rise in request load). Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyEr8EACgkQkDLqNwOhpPgUJwCgszqNrDdgJgoAzrIp7IXwwKYb 1+IAn0RihIHyhGQsOS5+ptSb4+0Z7yha =/o5g -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
