Maintained by: NLnet Labs

[Unbound-users] Resolving Timeouts/Issues

Teran McKinney
Thu Oct 9 13:40:10 CEST 2008


Nice to see Unbound getting used in larger scale environments. I run
it at home on my 500Mhz P3 laptop/router with 256MB of RAM and the
standard cache settings (as well as a fair share of DNSSEC keys).
While I'm sure that I don't put it through a fraction of the stress,
I'm not terribly gentle on it either :-). I have had no performance
issues with it, and don't link it (yet) to an external libevent
either. However, it doesn't run too well on my 486 with 16MB of RAM,
so I may have a project for another day. I do not chroot Unbound, but
I do have a dedicated "unbound" user for it. The chroot issues
definitely sound like a possible culprit to me if /dev/random is not
accessible. I'm not sure if you are using Linux or *BSD, but
/dev/random is generally _very_ slow under Linux unless you have a
hardware random number generator. I would recommend /dev/urandom
instead, unless /dev/random is fast enough. I guess Unbound has its
own fallback internal random number generator?

Cheers,
Teran

On Thu, Oct 9, 2008 at 07:08, Wouter Wijngaards <wouter at nlnetlabs.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Dave,
>
> Great that it is working better.
>
> You are still configuring more than 1024 file descriptors per thread;
> hence the accept failures.  Did you turn down the number of tcp
> connections like I told you to?  Because it looks like you did not.
>
> you need to provide access to /dev/random from within the chroot
> (/usr/local/etc/unbound/dev/random -> /dev/random), to provide entropy
> for the random numbers.
>
> Did you do the outgoing-range: 900 change? I think so.  Otherwise, you
> did not compile with debugging (esp. memory or lock debugging) ?  What
> is happening with the timeouts you experience now?
>
> When unbound exits, can you provide the statistics it prints: especially
> the size of the requestlists per thread, number of packets dropped and
> so on.  Those numbers may help find out where the capacity problem is.
>
> Best regards,
>   Wouter
>
> Dave Ellis wrote:
>> I recompiled as suggested, and made the configuration changes.
>> Everything is running much better now, although I'm still getting some
>> timeouts but nearly as quickly. Anything else I can improve on to get
>> rid of the timeout problem?
>>
>> This server is a Dual Quad Core Xeon 2Ghz, with 4Mb of cache running
>> with 2GB of RAM. Just to give you an idea of specs.
>>
>> Looking through the logs I found the following right after start up, not
>> sure if its helpful.
>>
>> [1223458526] unbound[23824:0] info:   16.000000   32.000000 11
>> [1223458526] unbound[23824:0] info:   32.000000   64.000000 1
>> [1223458648] unbound[23872:0] notice: init module 0: validator
>> [1223458648] unbound[23872:0] notice: init module 1: iterator
>> [1223458648] unbound[23872:0] notice: openssl has no entropy, seeding
>> with time and pid
>> [1223458648] unbound[23872:0] info: start of service (unbound 1.0.2).
>> [1223458648] unbound[23878:6] error: accept failed: Resource temporarily
>> unavailable
>> [1223458648] unbound[23878:6] info: remote address is (inet_ntop error)
>> port 0
>> [1223458648] unbound[23879:7] error: accept failed: Resource temporarily
>> unavailable
>> [1223458648] unbound[23879:7] info: remote address is (inet_ntop error)
>> port 0
>> [1223458658] unbound[23872:0] error: accept failed: Resource temporarily
>> unavailable
>> [1223458658] unbound[23872:0] info: remote address is 72.249.76.123 port
>> 51400
>> [1223458659] unbound[23872:0] error: accept failed: Resource temporarily
>> unavailable
>> [1223458659] unbound[23872:0] info: remote address is 72.249.76.123 port
>> 51400
>> [1223458659] unbound[23879:7] error: accept failed: Resource temporarily
>> unavailable
>> [1223458659] unbound[23879:7] info: remote address is (inet_ntop error)
>> port 0
>> [1223458662] unbound[23872:0] error: accept failed: Resource temporarily
>> unavailable
>> [1223458662] unbound[23872:0] info: remote address is 206.123.115.117
>> port 50068
>> [1223458664] unbound[23872:0] error: accept failed: Resource temporarily
>> unavailable
>> [1223458664] unbound[23872:0] info: remote address is 206.123.64.245
>> port 53096
>> [1223458664] unbound[23876:4] error: accept failed: Resource temporarily
>> unavailable
>> [1223458664] unbound[23876:4] info: remote address is 72.249.76.123 port
>> 51491
>> [1223458672] unbound[23878:6] error: accept failed: Resource temporarily
>> unavailable
>> [1223458672] unbound[23872:0] error: accept failed: Resource temporarily
>> unavailable
>> [1223458672] unbound[23878:6] info: remote address is 72.249.76.123 port
>> 51483
>> [1223458672] unbound[23872:0] info: remote address is 72.249.76.123 port
>> 51605
>> [1223458672] unbound[23872:0] error: accept failed: Resource temporarily
>> unavailable
>> [1223458672] unbound[23872:0] info: remote address is 72.249.76.123 port
>> 51605
>>
>> Again, I appreciate this. Thank you.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkjtrgEACgkQkDLqNwOhpPjQvwCgoVW7mEop7VzXtnCAng7aysC0
> LmoAoInbiGEf5diaU7AGixKM1dfkW27P
> =3Dy0
> -----END PGP SIGNATURE-----
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>