From nobody Wed Aug 10 05:17:54 2022
X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M2dW42DGvz4YLQ9
	for <freebsd-questions@mlmmj.nyi.freebsd.org>; Wed, 10 Aug 2022 05:18:08 +0000 (UTC)
	(envelope-from csf.server.bag@gmail.com)
Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com [IPv6:2607:f8b0:4864:20::1130])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4M2dW33Bfqz3Zgv
	for <freebsd-questions@freebsd.org>; Wed, 10 Aug 2022 05:18:07 +0000 (UTC)
	(envelope-from csf.server.bag@gmail.com)
Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-328a1cff250so131525057b3.6
        for <freebsd-questions@freebsd.org>; Tue, 09 Aug 2022 22:18:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=cIWVSOfwSaviUSWrtrPrnL8s5G6bSpwjhUw9mkZg0y0=;
        b=YLrIqIWR/jNe5l+sz1hads2umnv+09F46K1hq/a2InMmWDup2cygieRyeobryLW/xg
         gZ8ZfMObDi4H78itGPAvFHo3oLh4+6Dc90YHw5jEyRJ+m8jMNiYsVp6XmB7U/TPHhUfE
         3gUW1bsJ/pcbvAgpkveTI4gj5ZDC7e0Zi8WMDmp0eVJvC2gpjW3RlPZIOm5/X6Qc7ZKo
         yZkGSSBCJiBPT4qUHviuJLE2JTcPF/slEmm7M2DTK87rfPUpNy2n2TKyIBptaY6r+X1j
         Cr7YAwnaC2GJp+MHCtiIoJD3l3rWhPS6V4KQw6ZPoU9RdwrYtKCzgSVFlTlDltPFgj6C
         rv/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=cIWVSOfwSaviUSWrtrPrnL8s5G6bSpwjhUw9mkZg0y0=;
        b=J1dduwDGUXC3qqiL8bi7jJO4hGRtyuQVzurcLtZoNS1zxpxAic7sCZAPy69hQCOZNE
         AxjmoC3z3FWDsYypsFvooNdAHc2ZijSY15JOrxt0xofHBxM5acbZLfmqYr+EJWSP1Vbn
         yQsuMAmfuR8WoYG6JksUAobxKurjChDjtZUx8HPecm70M6NtnxarXw8Ygrg3CTxdM7Ky
         pJreY1os/X/sS3OAxn3C5nbXEwtuk2tjzuw/9kUtjMq0HHPlIKiZBtvLQngHgII8YKYt
         BNVdiUOA9EEthQvZaqZrjdw2XLF+czg6hIrM0KPUzUxAFz8Wh6gShCII38qrqUMTsazL
         rzgA==
X-Gm-Message-State: ACgBeo03ZBSbnUWmh+vd06C70BpDLpsJTZALTFMcs+WrZmzbtTKzvV2q
	xSou300OYCqedARclJC+HIkGyXSZxQ1a0E3GTMoQZiHa
X-Google-Smtp-Source: AA6agR5RFFtwErr2nXtH1fFhiqiZzUQUXwzuwyL40ueFvIwc1+NtRSR3wrCYLgf78K9oIIhs4eWkOQ51oXF963ubyWc=
X-Received: by 2002:a0d:eb07:0:b0:328:230c:b6c0 with SMTP id
 u7-20020a0deb07000000b00328230cb6c0mr26765970ywe.82.1660108686724; Tue, 09
 Aug 2022 22:18:06 -0700 (PDT)
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
MIME-Version: 1.0
References: <CAM6iT5SRubV-vcHPANz-2fmzSTCbZeXeywOG=VnvF7BhyF5WxA@mail.gmail.com>
 <CAE6yT5uwVc=NEvKdU6ZabF2pZjy49RPahRCuc_1PytdaU6+tdQ@mail.gmail.com>
In-Reply-To: <CAE6yT5uwVc=NEvKdU6ZabF2pZjy49RPahRCuc_1PytdaU6+tdQ@mail.gmail.com>
From: Bahagia BAG <csf.server.bag@gmail.com>
Date: Wed, 10 Aug 2022 12:17:54 +0700
Message-ID: <CAM6iT5TGuSq2QPsHv=uQzq=+GVofYFUtw0UpsLiH6q4tpYdUNw@mail.gmail.com>
Subject: Re: Heavy duty unbound
To: jin guojun <jguojun@gmail.com>
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Content-Type: multipart/alternative; boundary="0000000000008f941405e5dc2c4d"
X-Rspamd-Queue-Id: 4M2dW33Bfqz3Zgv
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=YLrIqIWR;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of csf.server.bag@gmail.com designates 2607:f8b0:4864:20::1130 as permitted sender) smtp.mailfrom=csf.server.bag@gmail.com
X-Spamd-Result: default: False [-3.91 / 15.00];
	NEURAL_HAM_SHORT(-1.00)[-0.998];
	NEURAL_HAM_MEDIUM(-0.98)[-0.982];
	NEURAL_HAM_LONG(-0.93)[-0.931];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	ARC_NA(0.00)[];
	FROM_HAS_DN(0.00)[];
	FREEMAIL_FROM(0.00)[gmail.com];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::1130:from];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	TAGGED_FROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	DKIM_TRACE(0.00)[gmail.com:+];
	TO_DN_ALL(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org];
	RCPT_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	FREEMAIL_TO(0.00)[gmail.com];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	RCVD_TLS_LAST(0.00)[];
	RCVD_COUNT_TWO(0.00)[2]
X-ThisMailContainsUnwantedMimeParts: N

--0000000000008f941405e5dc2c4d
Content-Type: text/plain; charset="UTF-8"

Hello Jin

Thanks for your reply, Can you show me where can I learn how to setup with
ASN, since this server is for ISP and have ASN

Best Regards

Baha Gia

On Tue, Aug 9, 2022 at 6:37 AM jin guojun <jguojun@gmail.com> wrote:

> This could be related to your network topology.
>
> If you have a real gateway with AS # (ASN) set properly, you should not
> see this problem.
>
> If you have a home router that serves your NAT, and your gateway is an ISP
> port, and this port IP is mapped to your service IP (DNS, HTTP, etc) via
> NAT, then any of your local network traffic to use your services tied to
> this IP may experience the problem you had.
> This is depending on what kind of internal router is behind the ISP modem.
> If you have all in one Modem/Router, it is likely to see the problem. Some
> routers may even prevent such traffic flow. This is because of the
> All-in-one internal traffic rerouting.
> If you have a separate Modem and Router, you can sniff the traffic between
> the router and the modem, the traffic between the client and the router, as
> well as between the router and the server, then you may find some
> redirecting traffic issues, which causes CPU usage due to massive packet
> dropping and resending.
>
> -Jin
>
> On Mon, Aug 8, 2022 at 3:21 PM Bahagia BAG <csf.server.bag@gmail.com>
> wrote:
>
>> Hello All,
>>
>> I have unbound setup as a dns cache server
>> The problem is if I give dns query traffic from my network, the server is
>> very lagging
>> and if i run top, unbound  is 166.43%
>> sometimes I can't ssh login to the server
>> I received an error log like this
>>
>> Limiting icmp unreach response from 203 to 193 packets/sec
>> Limiting icmp unreach response from 222 to 197 packets/sec
>> Limiting icmp unreach response from 228 to 194 packets/sec
>>
>> How can I tweak and optimize this server?
>>
>> Thanks in advance
>>
>> Baha Gia
>>
>>

--0000000000008f941405e5dc2c4d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello Jin<div><br></div><div>Thanks for your=C2=A0reply, C=
an you show me where can I learn how to setup=C2=A0with ASN, since this ser=
ver is for ISP and have ASN</div><div><br></div><div>Best Regards</div><div=
><br></div><div>Baha Gia</div></div><br><div class=3D"gmail_quote"><div dir=
=3D"ltr" class=3D"gmail_attr">On Tue, Aug 9, 2022 at 6:37 AM jin guojun &lt=
;<a href=3D"mailto:jguojun@gmail.com">jguojun@gmail.com</a>&gt; wrote:<br><=
/div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo=
rder-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><di=
v>This could be related to your network topology.</div><div><br></div><div>=
If you have a real gateway with AS # (ASN) set properly, you should not see=
 this problem.</div><div><br></div><div>If you have a home router that serv=
es your NAT, and your gateway is an ISP port, and this port IP is mapped to=
 your service IP (DNS, HTTP, etc) via NAT, then any of your local network t=
raffic to use your services tied to this IP may experience the problem you =
had.</div><div>This is depending on what kind of internal router is behind =
the ISP modem.</div><div>If you have all in one Modem/Router, it is likely =
to see the problem. Some routers may even prevent such traffic flow. This i=
s because of the All-in-one internal traffic rerouting.<br></div><div>If yo=
u have a separate Modem and Router, you can sniff the traffic between the r=
outer and the modem, the traffic between the client and the router, as well=
 as between the router and the server, then you may find some redirecting t=
raffic issues, which causes CPU usage due to massive packet dropping and re=
sending.<br></div><div><br></div><div>-Jin</div><div><br></div><div class=
=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Aug 8, 2022 =
at 3:21 PM Bahagia BAG &lt;<a href=3D"mailto:csf.server.bag@gmail.com" targ=
et=3D"_blank">csf.server.bag@gmail.com</a>&gt; wrote:<br></div><blockquote =
class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px sol=
id rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>Hello All,</div=
><div><br></div>I have unbound setup as a dns cache server <br>The problem =
is if I give dns query traffic from my network, the server is very lagging<=
br>and if i run top, unbound=C2=A0 is 166.43%<br>sometimes I can&#39;t ssh =
login to the server<br>I received an error log like this<div><br>Limiting i=
cmp unreach response from 203 to 193 packets/sec<br>Limiting icmp unreach r=
esponse from 222 to 197 packets/sec<br>Limiting icmp unreach response from =
228 to 194 packets/sec<br><br>How can I tweak and optimize this server?<br>=
<br><div>Thanks in advance<div>=C2=A0</div><div>Baha Gia<br><br></div></div=
></div></div>
</blockquote></div></div>
</blockquote></div>

--0000000000008f941405e5dc2c4d--