-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Further Tests:
I have removed all stub & forwarding zones, and tested DNS-Server again. But problem remains. So stub or forwarding zones were not a factor. So i've added back all type of stub and forwarding zones, and related configurations. PROBLEM(s) SOLVED: :) Changed config option "tcp-upstream:", from "yes" into "no" in DNS-Server (192.168.0.10). And client-side computers are still using "tcp-upstream: yes". CPU resource usage is not jumping up unfairly anymore in DNS-Server computer, even when any unsigned.tld type of sites/domain-names are attempted for DNS resolving from any client-side computers. If i were to place Unbound DNS-Server (configured as previous posts) in an online/internet server, and connect with it via directly, or, via SSH tunnel, or, via Socks5-proxy tunnel, it suppose to work fine. In such case, I will reduce "outgoing-num-tcp:" & "incoming-num-tcp:" option, from "20" into "6" or "8", or even lesser in client-side computers, until i find which is working better for the tunnel which i will be using to connect with the remote online Unbound. :) Thanks, to users who have helped on this. IF/WHEN YOU ARE REPLYING, PLEASE MAKE SURE TO PLACE ONLY ONE/BELOW EMAIL ADDRESS IN THE "TO:" FIELD/Text-Box: [email protected] Please do not send any email directly to me, Thanks. - -- Bright Star (Bry8Star). Received from Bry8 Star, on 2013-05-27 10:43 PM: > When "num-threads: 2" then total thread used by unbound.exe was 6. > > Tested further, in DNS-Server (192.168.0.10), with these modified lines: > > num-threads: 4 > outgoing-range: 225 # when thread = 4 > outgoing-num-tcp: 25 > incoming-num-tcp: 25 > num-queries-per-thread: 110 # when thread = 4 > msg-cache-slabs: 4 > rrset-cache-slabs: 4 > infra-cache-slabs: 4 > key-cache-slabs: 4 > > With such as above config options, now unbound.exe service is using > total 8 threads. > > Below process thread under the unbound.exe still using very high CPU > resources, frequently, and specially when unsigned.tld type of DNS > queries are attempted: > > msvcrt.dll!endthreadex+0x29 > > Sometime it uses so much CPU that Network interface's tray icon > changes, and shows yellow triangle with exclamation mark, so network > adapter stops working! > > So, by using "Process Hacker" or "Process Explorer", i have changed > Priority of "unbound.exe" service from "Normal" (8) into "Below > Normal" (6), and after that, when CPU usage jumps up at-least > Network Interface itself does not get disabled, most times. > > And i observed over longer time period, network interface gets > disabled bit more when "num-threads: 4", so i've reverted back to > using "num-threads: 2". > > So now unbound service.conf file has such configuration: > > num-threads: 2 > outgoing-range: 450 # when thread = 2 > outgoing-num-tcp: 35 > incoming-num-tcp: 35 > num-queries-per-thread: 225 # when thread = 2 > msg-cache-slabs: 2 > rrset-cache-slabs: 2 > infra-cache-slabs: 2 > key-cache-slabs: 2 > target-fetch-policy: "3 2 1 1 1 1" > > DNS-Server is running on a computer which has: > > AMD processor 64 bit, 2.2 GHz, ( 1 CPU with > single core, SSE1, SSE2), > Realtek RTL8139/810x Family Fast Ethernet NIC, > nVidia chipset based Mobo, > 2GB DDR RAM, > Windows 7 64 bit, > It's average RAM usage is around ~35%, at max ~60%, > unbound.exe 32 bit. > > And DNS-Server now running better, but occasional high cpu usage > problem still remained when unsigned sites are queried. > > In client side computers, unbound resolvers are now configured to > use 2 threads and running better, though they were running just fine > with 1 thread as well. > > IF/WHEN YOU ARE REPLYING, PLEASE MAKE SURE TO > PLACE ONLY ONE/BELOW EMAIL ADDRESS IN THE > "TO:" FIELD/Text-Box: > > [email protected] > > Please do not send any email directly to me, Thanks. > > -- Bright Star (Bry8Star). > > > > Received from Bry8 Star, on 2013-05-27 7:52 PM: >> Hi Wouter, >> >> THANK YOU. >> >> In DNS-Server (192.168.0.10), below config lines are now changed to >> have such values: >> >> num-threads: 2 >> outgoing-range: 450 # when thread = 2 >> outgoing-num-tcp: 25 >> incoming-num-tcp: 25 >> num-queries-per-thread: 225 # when thread = 2 >> >> And after restarting Unbound DNS-Server (in Win7 computer), i'm >> observing, below windows thread (under the "unbound.exe" service >> program) sometime, (not always), using high CPU resources, specially >> when any unsigned.tld type of sites/domains are queried/resolved: >> >> msvcrt.dll!endthreadex+0x29 >> >> I'm observing its working much better : previously, for any type of >> site/domain DNS query, CPU usage level used to jump up, now mostly >> for unsigned.tld type of sites. >> >> And when CPU usage remains at high level for around 1 or 2 minutes >> (or more), then sometime only newer unsigned.tld type of sites, >> SOMETIME (not always) do not get resolved, and dig shows "connection >> timed out; no servers could be reached", and, if exactly then, DNS >> queries are done for previously queried sites/domains, it still >> works/responds correctly. So its performing better now. >> >> The sechost.dll did not use high CPU resources anymore. >> >> So need to find out, what can be done, so that endthreadex+0x29 from >> msvcrt.dll is not used in massive rate by the unbound.exe service. >> >> IF/WHEN YOU ARE REPLYING, PLEASE MAKE SURE TO >> PLACE ONLY ONE/BELOW EMAIL ADDRESS IN THE >> "TO:" FIELD/Text-Box: >> >> [email protected] >> >> Please do not send any email directly to me, Thanks. >> >> -- Bright Star (Bry8Star). >> >> >> >> >> Received from W.C.A. Wijngaards, on 2013-05-27 6:10 AM: >>> Hi Bry8, >>> >>> You are using a lot of TCP, you should increase the incoming-num-tcp: >>> and the outgoing-num-tcp: from the default 10 to more. Because of >>> windows you may hit a max (try 20), on Linux you can have as much as >>> you like. CPU resources, you can use multiple threads (on windows) >>> for more processing capacity (even if you do not have that many >>> cores), to be able to make more TCP connections (num-threads:). >>> >>> Unbound does not use advapi or sechost.dll itself, but uses >>> openssl.dll for security and crypto functions. >>> >>> Unbound on windows accesses the registry infrequently. It checks for >>> a root anchor action once in a while, and its install directory on >>> startup. The registry keys are documented in the windows doc (at the >>> end) on the unbound web documentation page. >>> >>> Best regards, >>> Wouter >>> >>> >>> _______________________________________________ >>> Unbound-users mailing list >>> [email protected] >>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users >>> >> >> >> >> _______________________________________________ >> Unbound-users mailing list >> [email protected] >> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users >> > > > > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRpJ6QAAoJEID2ikYfWSP6bbMP/jzVnMnktB3r0cqfgBtc/S/x dU+E3XOYGLAIaSdg47qAib+4iJiBZXm+vEZXTkKkRtKyg39QA/hc9jtyacwrI8qb 1AP9J0FdS7osL0VhDygL2vePIZ4Ev5Fgw/cvnvaSaDOzPvfDwlEmq1lBvoZ+gT3C Cwh/EYsNh7WUWcx5gcSo2nS0CHNj1yQNBguSOFWS81xrXOBmEWX5HBPBYskhfCYb ZkrWJIWehmCAbEqBuB1KRPYVm+BZTqztYUBSwA1nmY68TnEc7ACLSKpMYMnPDGh/ Rs92FPFKSMtRpGt0558dQFtGLyHNwoqb5CmIZ7xZ9OTBcgfbjFZKy+NneWDl5gOO ypDgu1z8WZtX2g5Sk6JjR6BQKRqSDsgEXD662/43nWmjeQDawSfO6AeoyEnRfPO1 5yW6VxPisP8uDq33pc2WyjSrHT+ZWywY3e6LgTcnc61NvG5r94W4R3Q+3HER3sHi Y1l/efMqL0JnCV5i1ajdwUMjrrIxEv30d6dHv9H8W3ipcacufL0gffWColXsRRLS ovPTFg23KckoAkOQyyc/F7gXNEDIS3F2t9wF0FBVT4jnIjR/09K0rVuqHtdfurYg gY3DSF4KjR0zL3twGCfNu8GishxSzXQsZxWyBZE4CXv1h9gF43C532FJvExy3kha 7hMC61e+ucCeAQf5JMai =6eBF -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
