Re: [Unbound-users] 1.4.1 crashing
2010/1/26 Attila Nagy b...@fsn.hu: Hello, It still crashes for us. :( I thought about saving the traffic and trying to replay that to another (idle) server, but couldn't yet find the time to do that... same here. -- Artis Caune Everything should be made as simple as possible, but not simpler. ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
[Unbound-users] 1.4.1 crashing
Hi, we are switching to 1.4.1 version with this patch (FreeBSD8): http://www.freebsd.org/cgi/cvsweb.cgi/ports/dns/unbound/files/patch-fix-ipv6?rev=1.1 and unbound is crashing: pid 1597 (unbound), uid 59: exited on signal 10 pid 18943 (unbound), uid 59: exited on signal 11 I have tried to run with: - 1 and 2 threads - with/without ipv6 patch, no luck. now I'm running it without libevent (libevent-1.4.13). From statistics I can see, that it crashes when certiain amount of memory is eaten, maybe when it's starting cache cleaning ? Anyone have seen this? -- Artis Caune Everything should be made as simple as possible, but not simpler. ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] 1.4.1 crashing
2010/1/14 Attila Nagy b...@fsn.hu: Hello, Yes, we also have crashes (but with libev and on FreeBSD7 -8 crashes as well). Please try to obtain a crashdump, so we can see whether they are the same. Wouter wrote that I should run unbound in valgrind, but here it's not an easy task... unbound without libevent is crashing too. Looks like 1.3.4 is working fine. -- Artis Caune Everything should be made as simple as possible, but not simpler. ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] Is there any memory leak in unbound?
2009/9/11 Tao Ma matao_...@yahoo.com.cn What's more,I found that the memory occupied by unbound would not be freed when all requets finished,that means,unbound only consume memory but never free them. What does unbound hold the memory for?It quite like that a memory leak happens... Anyone else has been in the same trouble? Hi, do you reload unbound while it's running ? -- Artis Caune Everything should be made as simple as possible, but not simpler. ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] BINDs views in unbound
2009/3/31 Beastie beasti...@gmail.com: OFFTOPIC Hi Artis. Hey, is it Latvias public DNS cache server ns.nic.lv provided by Latnet? Hi Beastie, yes - it's Latvian public cache server and no - it's provided by NIC. You guys are going to switch him from bind to unbound? =) we already did! -- regards, Artis Caune . CCNA | BSDA | ' didii FreeBSD ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] BINDs views in unbound
2009/3/30 Artis Caune artis.ca...@gmail.com: I diffed configure output and found this: --- bad.configure +++ good.configure -checking for SSL... found in /usr/local +checking for SSL... found in /usr -checking whether pthreads work without any flags... yes +checking whether pthreads work without any flags... no +checking whether pthreads work with -Kthread... no +checking whether pthreads work with -kthread... no +checking for the pthreads library -llthread... no +checking whether pthreads work with -pthread... yes and in make output there was only include flag diffs: --- bad.make +++ good.make - ... -I/usr/include -I/usr/local/include ... + ... -I/usr/local/include -I/usr/local/include ... I missed that it's also missing -pthread flag in cc and ./libtool (due to very long lines) so that explains all. I tried to fix all flags (as I did) and added -pthread to CFLAGS and yes, my unbound is working with openssl from ports without freezing : -- regards, Artis Caune . CCNA | BSDA | ' didii FreeBSD ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] BINDs views in unbound
2009/3/27 W.C.A. Wijngaards wou...@nlnetlabs.nl: Tried to reproduce on 7.1-STABLE machine, with unbound-1.2.1 with libevent 1.4.9-stable. I can start it, query it, kill -HUP, unbound-control reload, all I like, and it just works. Once unbound hangs, so does unbound-control... So what is really the sequence of actions here? (FYI, it works for me on FreeBSD 6,7,8, so there must be some difference, first I though this was libevent-1.4.9 version, but that works on our FreeBSD 7 machine too). This is really weird, I found what's wrong, sorry for noise: I installed original FreeBSD 7.1, added our pre-builded packages for unbound and same thing, it hangs in umtxn. I deleted all packages, portsnapped ports, installed unbound with libevent and it just works :) And then I realized, that while 'make installing' unbound, it did not fetched openssl dependency. On our custom build FreeBSD release we use openssl from ports, bundled openssl is only for geli and other base system stuff. # ldd /usr/local/sbin/unbound (this not working) /usr/local/sbin/unbound: libssl.so.5 = /usr/local/lib/libssl.so.5 (0x8006b6000) libcrypto.so.5 = /usr/local/lib/libcrypto.so.5 (0x800a2) # ldd /usr/local/sbin/unbound (this works okay) /usr/local/sbin/unbound: libssl.so.5 = /usr/lib/libssl.so.5 (0x8006b6000) libcrypto.so.5 = /lib/libcrypto.so.5 (0x800a1e000) I diffed configure output and found this: --- bad.configure +++ good.configure -checking for SSL... found in /usr/local +checking for SSL... found in /usr -checking whether pthreads work without any flags... yes +checking whether pthreads work without any flags... no +checking whether pthreads work with -Kthread... no +checking whether pthreads work with -kthread... no +checking for the pthreads library -llthread... no +checking whether pthreads work with -pthread... yes -configure: running /bin/sh ./configure '--prefix=/usr/local' '--with-ssl=/usr/local' '--with-libevent=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd7.1' 'build_alias=amd64-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe' 'LDFLAGS= -rpath=/usr/local/lib' --cache-file=/dev/null --srcdir=. +configure: running /bin/sh ./configure '--prefix=/usr/local' '--with-ssl=/usr' '--with-libevent=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd7.1' 'build_alias=amd64-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib' --cache-file=/dev/null --srcdir=. -checking for SSL... found in /usr/local +checking for SSL... found in /usr and in make output there was only include flag diffs: --- bad.make +++ good.make - ... -I/usr/include -I/usr/local/include ... + ... -I/usr/local/include -I/usr/local/include ... and I think this is wrong, include path should be -I/usr/local/include -I/usr/include, but if I change this in ./Makefile and ldns-src/Makefile, still it freeze. btw I have openssl-0.9.8j. I have no idea why it's freezing with openssl from ports. -- regards, Artis Caune . CCNA | BSDA | ' didii FreeBSD ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] BINDs views in unbound
2009/3/27 Artis Caune artis.ca...@gmail.com: I have another strange problem, unbound is freezing and not answering queries. It happened two times. I can not restart it. It just prints info: service stopped (unbound 1.2.1) and I have to send KILL signal to it. It happens often when I restart unbound. top shows it's in umtxn state: 10784 59 4 47 0 539M 479M umtxn 0 2:20 0.00% unbound I can reproduce this quiet easy on FreeBSD 7.1-STABLE and 7.0-RELEASE. If I change num-threads to something other than 1, it's always stuck in umtxn state. If I build without libevent, works great. I run: # /usr/local/etc/rc.d/unbound start # /usr/local/etc/rc.d/unbound stop ... -- regards, Artis Caune . CCNA | BSDA | ' didii FreeBSD ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
Re: [Unbound-users] BINDs views in unbound
2009/3/27 W.C.A. Wijngaards wou...@nlnetlabs.nl: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Artis, Can you set verbosity to 4 or 5 (you can use unbound-control just before you restart) and show me the last lines before it hangs? unbound-control just hangs and logs prints nothing. I use stop and also reload. I run 7.1-STABLE #0 r186761: Mon Jan 5 11:46:44 EET 2009 [1238159656] unbound[31837:0] debug: module config: validator iterator [1238159656] unbound[31837:0] notice: init module 0: validator [1238159656] unbound[31837:0] debug: validator nsec3cfg keysz 1024 mxiter 150 [1238159656] unbound[31837:0] debug: validator nsec3cfg keysz 2048 mxiter 500 [1238159656] unbound[31837:0] debug: validator nsec3cfg keysz 4096 mxiter 2500 [1238159656] unbound[31837:0] notice: init module 1: iterator [1238159656] unbound[31837:0] debug: target fetch policy for level 0 is 3 [1238159656] unbound[31837:0] debug: target fetch policy for level 1 is 2 [1238159656] unbound[31837:0] debug: target fetch policy for level 2 is 1 [1238159656] unbound[31837:0] debug: target fetch policy for level 3 is 0 [1238159656] unbound[31837:0] debug: target fetch policy for level 4 is 0 [1238159656] unbound[31837:0] debug: no config, using builtin root hints. [1238159656] unbound[31837:0] debug: donotq: 127.0.0.0/8 [1238159656] unbound[31837:0] debug: donotq: ::1 [1238159656] unbound[31837:0] debug: total of 59751 outgoing ports available [1238159656] unbound[31837:0] debug: start threads -- regards, Artis Caune . CCNA | BSDA | ' didii FreeBSD ___ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
[Unbound-users] BINDs views in unbound
Hi,
we run public cache servers for our customers and our internal servers.
we are using binds views (internal/external) to hide unroutable
resource records from public in some zones.
I can achieve bind views functionality in unbound with two unbound daemons:
- firs unbound daemon is listening on all interfaces and has no
local-zone/local-data entries.
- second unbound is listening on localhost and different port:
server:
port: 54
interface: 127.0.0.1
local-zone: myzone.lv transparent
include: /usr/local/etc/unbound/zone-myzone.lv
- redirect internal hosts to localhost (FreeBSD pf):
table int-dns const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, ... }
rdr pass proto udp from int-dns to port 53 - 127.0.0.1 port 54
rdr pass proto tcp from int-dns to port 53 - 127.0.0.1 port 54
If query comes from our internal servers, it is redirected to second
unbound instance where it checks local-data and if no entry is found,
it is resolved as usual.
If query comes from public hosts, they don't see our rfc1918 records.
Is this kind of setup okay? Maybe it can be done with one unbound daemon?
--
regards,
Artis Caune
. CCNA | BSDA
|
' didii FreeBSD
___
Unbound-users mailing list
Unbound-users@unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
