Hello Frank, On 27/08/18 21:27, Frank Even wrote: > I know this topic has come up a few times but I can't seem to find > much in the way of clear information on exactly what dnsdist > classifies as a "Drop." I've got an instance running to a local > nameserver and I have a number of drops that I don't necessarily feel > I should have considering it's a local nameserver. I'm also starting > to get reports that some people are having trouble on occasion > resolving some things that magically start working again. I'm trying > to figure out if the site is having a general issue, if it's a client > issue, or if there is some weird disconnect from DNSDIST to the local > named instance. >
As far as I know, dnsdist does not do a complete validation of dns packets, so any invalid combination that would make the backend drop a packet would be considered a drop by dnsdist. Further, we run pdns_recursor on localhost at XS4ALL on linux, and we've had to give more buffers for udp sockets: > resolver:~ # sysctl -a|grep net.core.[rw]mem > net.core.rmem_default = 6815744 > net.core.rmem_max = 16777216 > net.core.wmem_default = 6815744 > net.core.wmem_max = 16777216 For debugging drops on your server, have a look this perl script: https://gist.github.com/giganteous/daa416a4498d7940dac31acb27b78b4d It assumes you're running the DNS processes on port 53 and 5300, you might need to adjust it if you're running on different ports. Regards Kai
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
