Hi Paul,
Nice that the performance looks good :-)
If you are running unbound under windows, there are some things to be
aware of. On windows, unbound has reduced capacity because it cannot
open a lot (thousands) of file descriptors. Windows simply lacks an
API that makes this possible, unless you spawn thousands of threads or
something similar. So, if the performance you see is based on
recursion, then using Linux (or FreeBSD) on a similar box should have
more capacity (you can configure unbound to have extra capacity). If
the performance you see is based on cache-responses, then the move to
Linux makes less of a difference. With capacity I mean recursing a
lot of user queries at the same time, with thousands of sockets open.
The capacity on windows today is more relevant to small workgroups or
desktop environments. With some code changes it could be improved,
e.g. with polling behaviour the number of sockets can be increased to
very large numbers. Today unbound sleeps the process nicely when not
busy in WSAWaitForMultipleEvents.
The easiest way today to get more capacity on windows, by the way, is
to increase the number of workers (num-thread) to 4 (or so).
You note unbound was down for a lengthy time, can you upgrade or if
this was a recent version get me more details? It should really fully
recover after 15 minutes from anything, I believe.
Best regards,
Wouter
Post by Jan-Piet MensWouter,
Hi – I’m the DAP user that JP mentioned.
As a side note, I’m extremely impressed with the performance of
Unbound. We are looking at using Unbound at my job and have been
doing a bit of testing. Using ResPerf to stress test with a
cleared cache resulted in a peak of about 23,500 queries per second
with Unbound doing DNSSEC. This was on a Dell 2850 server with two
dual core Xeon’s running at 2.8 Ghz under Ubuntu 12.04 alpha. We
also tested Unbound with DNSSEC disabled and got over 35,000
queries per second. A 3^rd party Windows DNS server (not
performing DNSSEC validation) peaked at around 1250 queries per
second under Windows 2003 on similar hardware.
Back to my home issue, though. The first time I experienced this
issue, my internet connection had gone down for about an hour
around 2 AM. It was about 7AM before I noticed the problem (sleep
has to happen sometime). I restarting Unbound, and it recovered.
The 2^nd time this happened, I had about 3 bounces in about 10
minutes during the afternoon. I believe each bounce took a minute
or so to recover I was at work at the time and my wife and kids
couldn’t get anywhere on the Internet. I got home a few hours
later and DNS resolution was not working until I restarted
Unbound.
So, in these two cases I’ve had outages of various lengths, but
hours have passed without DNS resolution working.
Since most people using Unbound are probably using it for the
DNSSEC capability, perhaps my configuration has to do with the
issue I’m having recovering? In my environment, Unbound isn’t
configured to go direct, but rather forward to various DNS servers.
I have about 10-12 domains (mostly CDNs) that I’m forwarding to my
ISP’s DNS servers so I get DNS replies directing me to close
servers. Theoretically, this should help me have a better
experience with Netflix at home. After the forwarder definitions
for all the CDNs, I have a forwarder defined for “.” to send
everything else to OpenDNS. This is to help keep my family from
getting to websites I don’t want little eyes to run across.
Is it possible that with this type of config that it might cause
Unbound to recover differently?
Thanks,
Paul
_______________________________________________ Unbound-users
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users