Re: [dnsdist] dnsdist 1.7.4 Debian Bullseye vs 1.8.4 Bullseye
Ah, I am sorry, the subject should be 1.7.4 Debian Bullseye vs 1.8.1 Bookworm. I am running 1.8.1 on Bookworm... Ales On 25. 09. 23 16:01, Aleš Rygl via dnsdist wrote: Hello, I would to kindly ask for help or and advice. I have just upgraded one of our dnsdist instances from 1.7.4 do 1.8.4 together with OS upgrade (Debian 11.7 to 12.1). Everything works fine, no issues observed apart some deprecated config references. What is a big surprise to me is CPU usage. The newer version has nearly two times higher CPU consumption in userspace. I am nearly at 80% CPU with 16 physical cores (was about 40%). We have a lot of TLS (DoT) sessions (30k) and 60kqps in total (30k via DoT) here. The latency measured by dnsdist went up also. We are collecting all the metrics dnsdist produces via graphite so I can check counters, what could be wrong. Thanks in advance With best regards Ales ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] dnsdist 1.7.4 Debian Bullseye vs 1.8.4 Bullseye
Hello, I would to kindly ask for help or and advice. I have just upgraded one of our dnsdist instances from 1.7.4 do 1.8.4 together with OS upgrade (Debian 11.7 to 12.1). Everything works fine, no issues observed apart some deprecated config references. What is a big surprise to me is CPU usage. The newer version has nearly two times higher CPU consumption in userspace. I am nearly at 80% CPU with 16 physical cores (was about 40%). We have a lot of TLS (DoT) sessions (30k) and 60kqps in total (30k via DoT) here. The latency measured by dnsdist went up also. We are collecting all the metrics dnsdist produces via graphite so I can check counters, what could be wrong. Thanks in advance With best regards Ales ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] Does dnsdist try the next server inside a pool, when the first does not answer?
Hi Tobias, On 25/09/2023 06:18, Schnurrenberger Tobias (ID) via dnsdist wrote: We are using multiple resolvers in the same pool and we set the setServFailWhenNoServer option. There is also an overflow configured, which allows only 1 qps to this pool. What happens when the first server in the pool does not answer the query within the configured setUDPTimeout? Is the same query sent to the next server inside the pool? No, it does not. Or does dnsdist reply to the client with SERVFAIL without trying another server? In the exact case of the selected backend timing out, dnsdist will not reply to the client at all. setServFailWhenNoServer() controls what happens when all servers in the selected pool are down, but not when a server was considered to be available but did not answer in time. Does dnsdist only switch to the next server, if the state of the first one is 'down'? In your case, yes. With the whashed load-balancing policy that you are using, dnsdist wil selected a backend among the ones that are considered available, based on the latest health-check attempts, using a hash of the queried name. The reasoning behind this behaviour was that most applications/stub resolvers will retry quite quickly over UDP, often before 2 seconds which is the default value of setUDPTimeout, and thus it does not make sense to increase the load on the backend. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ OpenPGP_signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist