Re: BIND on ipv6-only server. SERVFAIL problem
On 06/12/2019 13:32, Andrey Geyn wrote: Hi Andrey, > Is it any option which will allow us to proxy SERVFAIL (and other «bad» > responses) from forwarder and not to try make recursive requests by itself)? Yes. Set the option "forward only" in your BIND configuration, so that it doesn't do any recursion itself. It just accepts the answers from the upstream forwarders. Regards, Anand ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND on ipv6-only server. SERVFAIL problem
Hello, I have installed BIND on IPv6-only server with firewalled access to the internet (assume that access is allowed only to port 53 to forwarder). It works good, but sometimes BIND receive SERVFAIL response from forwarder (and we can see "remote server broken: returned SERVFAIL" in logs). But forwarder is not broken, some requests need to be processed as SERVFAIL (try for example). Okay, BIND thinks that forwarder is broken and starts recursion by itself. It makes requests to root NS-servers, NS-servers of zone etc... In our case BIND is not able to do these requests, because access to the «wild» internet is denied (moreover, if we will allow access, there is no IPv4 internet on the server, but many of NS-servers listen only IPv4 addresses, so it's not an option too). Is it any option which will allow us to proxy SERVFAIL (and other «bad» responses) from forwarder and not to try make recursive requests by itself)? Best,Andrey___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.10 IPv6 performance
On 08/03/15 16:09, Carsten Strotmann wrote: Hi, I'm doing some performance tests on some modern Haswell CPU machines (20 cores) using Ubuntu Linux 14.04 (Kernel 3.13.0-46-generic) using BIND 9.10.1-P2 compiled with --with-tuning=large. With using 8 worker threads I get near 400K QPS via IPv4 UDP (from a hot cache without resolving), which is a good. CPU utilization as seen by top is near 800%, as expected (8 cores fully used). When I switch BIND 9 to listen on IPv6 only, the performance drops to less than 60K QPS. Just for testing, what happens if you remove the allow-recursion ACL? Wondering if the IPv6 ACLs are slower; they should be, IPv6 ACLs having to process more data, but it would be kind of surprising if that were having a measurable effect on query rates. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.10 IPv6 performance
Hi,
I'm doing some performance tests on some modern Haswell CPU machines (20
cores) using Ubuntu Linux 14.04 (Kernel 3.13.0-46-generic) using BIND
9.10.1-P2 compiled with --with-tuning=large.
With using 8 worker threads I get near 400K QPS via IPv4 UDP (from a hot
cache without resolving), which is a good. CPU utilization as seen by
top is near 800%, as expected (8 cores fully used).
When I switch BIND 9 to listen on IPv6 only, the performance drops to
less than 60K QPS.
When I run the tests using Unbound (same machine, same OS, 8 threads), I
do not see a significant difference between the IPv4 and IPv6
performance, which should rule out an issue in the kernel or with the
DNS load generation.
Testing with 9.9.6-P2 shows a similar pattern.
The configuration is simple:
options {
directory /var/named;
listen-on { none; };
listen-on-v6 { any; };
recursive-clients 1;
tcp-clients 1000;
allow-recursion { 2001:db8::/48; };
};
zone . {
type hint;
file root.hint;
};
Has anyone seen such an performance drop on IPv6?
Carsten
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
bind and IPV6
Dear all, In the scope of the IPV6 deployment, I have been asked if oiyr DNS servers are IPV6 compliant. We are now upgrading all our servers to bind-9.6-ESV-R3. - Can anybody give some feedback on the IPV6 compliancy? IS bind-9.6-ESV-R3 totally compliant with IPV6? Thanks in advance to share your experience/knowledge. Regards, Hugo, ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind and IPV6
In message col105-w82277b2db4a69dc3d102fac...@phx.gbl, hugo hugoo writes: Dear all, In the scope of the IPV6 deployment, I have been asked if oiyr DNS server s are IPV6 compliant. We are now upgrading all our servers to bind-9.6-ESV-R3. - Can anybody give some feedback on the IPV6 compliancy? IS bind-9.6-ESV-R3 totally compliant with IPV6? Yes. Thanks in advance to share your experience/knowledge. Regards, Hugo, = -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind and IPV6
Dnia 2011-02-22 22:16 Mark Andrews napisał(a): In message col105-w82277b2db4a69dc3d102fac...@phx.gbl, hugo hugoo writes: Dear all, In the scope of the IPV6 deployment, I have been asked if oiyr DNS server s are IPV6 compliant. We are now upgrading all our servers to bind-9.6-ESV-R3. - Can anybody give some feedback on the IPV6 compliancy? IS bind-9.6-ESV-R3 totally compliant with IPV6? Yes. But a different issue might be is your system (the box Bind runs on, network, routers, firewalls) IPv6 compliant. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: bind and IPV6
Hello, I don't think BIND is the problem, here. Are the network and attached devices (routers/firewalls/switches/ISP) IPv6 ready ? That might prove to be harder. (at least : here in Belgium, our ISP's, for commercial connections are not in a hurry to offer IPv6 connectivity) Kind regards, Marc Lampo From: hugo hugoo [mailto:hugo...@hotmail.com] Sent: 22 February 2011 12:00 PM To: bind-users@lists.isc.org Subject: bind and IPV6 Dear all, In the scope of the IPV6 deployment, I have been asked if oiyr DNS servers are IPV6 compliant. We are now upgrading all our servers to bind-9.6-ESV-R3. - Can anybody give some feedback on the IPV6 compliancy? IS bind-9.6-ESV-R3 totally compliant with IPV6? Thanks in advance to share your experience/knowledge. Regards, Hugo, ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
