FreeBSD Mail Archives

Date:      Tue, 9 Aug 2022 05:21:14 +0700
From:      Bahagia BAG <csf.server.bag@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Heavy duty unbound
Message-ID:  <CAM6iT5SRubV-vcHPANz-2fmzSTCbZeXeywOG=VnvF7BhyF5WxA@mail.gmail.com>

next in thread | raw e-mail | index | archive | help

--000000000000be508205e5c23c13
Content-Type: text/plain; charset="UTF-8"

Hello All,

I have unbound setup as a dns cache server
The problem is if I give dns query traffic from my network, the server is
very lagging
and if i run top, unbound  is 166.43%
sometimes I can't ssh login to the server
I received an error log like this

Limiting icmp unreach response from 203 to 193 packets/sec
Limiting icmp unreach response from 222 to 197 packets/sec
Limiting icmp unreach response from 228 to 194 packets/sec

How can I tweak and optimize this server?

Thanks in advance

Baha Gia
======================================================================
22 processes:  2 running, 20 sleeping
CPU: 25.4% user,  0.0% nice, 31.6% system,  0.0% interrupt, 43.0% idle
Mem: 341M Active, 9786M Inact, 80M Laundry, 1581M Wired, 936M Buf, 4382M
Free
Swap: 4095M Total, 4095M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU
COMMAND
 3363 unbound       8  31    0   784M   408M kqread   3 102.7H 166.43%
unbound
  183 root          3  20    0    32M    13M select   3   4:49   0.11%
vmtoolsd
======================================================================
OS: FreeBSD amd64
Version: 12.3-STABLE

more /usr/local/etc/unbound/unbound.conf
server:
        verbosity: 5
        num-threads: 8
        #interface: 127.0.0.1@53
        #interface: 127.0.0.1@443
        interface: 172.28.16.66@53
        interface: 172.28.16.66@443
        interface: 203.80.158.64@53
        interface: 203.80.158.64@443
        port: 53
        outgoing-num-tcp: 100
        incoming-num-tcp: 100
        outgoing-range: 7250
        so-rcvbuf: 8m
        so-sndbuf: 8m
        so-reuseport: no
        max-udp-size: 4096
        stream-wait-size: 6m
        msg-buffer-size: 65552
        msg-cache-size: 100m
        msg-cache-slabs: 8
logfile: /var/log/unbound.log
log-queries: yes
log-servfail: yes
val-log-level: 2
verbosity: 1
log-time-ascii: yes
use-syslog: no
        num-queries-per-thread: 1024
        rrset-cache-size: 100m
        rrset-cache-slabs: 8
        infra-cache-slabs: 8
        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
access-control: 203.27.165.32/27 allow
access-control: 203.44.75.128/25 allow
access-control: 203.41.147.0/24 allow
access-control: 203.44.127.128/25 allow
access-control: 203.44.70.128/25 allow
access-control: 203.89.107.0/25 allow
access-control: 203.90.146.0/24 allow
access-control: 260.102.140.163/24 allow #testing
access-control: 102.262.113.140/29 allow #testing
        chroot: "/usr/local/etc/unbound"
        username: "unbound"
        directory: "/usr/local/etc/unbound"
        pidfile: "/usr/local/etc/unbound/unbound.pid"
        root-hints: "/usr/local/etc/unbound/named.cache"
        hide-identity: yes
        hide-version: yes
remote-control:
control-enable: yes
control-use-cert: no
forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 1.1.1.1

=====================================================================
sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu'
hw.machine: amd64
hw.model: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz
hw.ncpu: 6
hw.machine_arch: amd64


grep memory /var/run/dmesg.boot
real memory  = 17179869184 (16384 MB)
avail memory = 16628293632 (15857 MB)
======================================================================

--000000000000be508205e5c23c13
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hello All,</div><div><br></div>I have unbound setup a=
s a dns cache server <br>The problem is if I give dns query traffic from my=
 network, the server is very lagging<br>and if i run top, unbound=C2=A0 is =
166.43%<br>sometimes I can&#39;t ssh login to the server<br>I received an e=
rror log like this<div><br>Limiting icmp unreach response from 203 to 193 p=
ackets/sec<br>Limiting icmp unreach response from 222 to 197 packets/sec<br=
>Limiting icmp unreach response from 228 to 194 packets/sec<br><br>How can =
I tweak and optimize this server?<br><br><div>Thanks in advance<div>=C2=A0<=
/div><div>Baha Gia<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D<br>22 processes: =C2=A02 running, 20 sleeping<br>CPU: 25.4% user,=
 =C2=A00.0% nice, 31.6% system, =C2=A00.0% interrupt, 43.0% idle<br>Mem: 34=
1M Active, 9786M Inact, 80M Laundry, 1581M Wired, 936M Buf, 4382M Free<br>S=
wap: 4095M Total, 4095M Free<br><br>=C2=A0 PID USERNAME =C2=A0 =C2=A0THR PR=
I NICE =C2=A0 SIZE =C2=A0 =C2=A0RES STATE =C2=A0 =C2=A0C =C2=A0 TIME =C2=A0=
 =C2=A0WCPU COMMAND<br>=C2=A03363 unbound =C2=A0 =C2=A0 =C2=A0 8 =C2=A031 =
=C2=A0 =C2=A00 =C2=A0 784M =C2=A0 408M kqread =C2=A0 3 102.7H 166.43% unbou=
nd<br>=C2=A0 183 root =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A03 =C2=A020 =C2=A0 =
=C2=A00 =C2=A0 =C2=A032M =C2=A0 =C2=A013M select =C2=A0 3 =C2=A0 4:49 =C2=
=A0 0.11% vmtoolsd<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D<br>OS: FreeBSD amd64<br>Version: 12.3-STABLE<br><br>more /usr/loc=
al/etc/unbound/unbound.conf<br>server:<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 verbo=
sity: 5<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 num-threads: 8<br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 #interface: 127.0.0.1@53<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 #interfa=
ce: 127.0.0.1@443<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 interface: 172.28.16.66@53=
<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 interface: 172.28.16.66@443<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 interface: 203.80.158.64@53<br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 interface: 203.80.158.64@443<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 port: 53<br=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 outgoing-num-tcp: 100<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 incoming-num-tcp: 100<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 outgoing-range:=
 7250<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 so-rcvbuf: 8m<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 so-sndbuf: 8m<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 so-reuseport: no<br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 max-udp-size: 4096<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
stream-wait-size: 6m<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 msg-buffer-size: 65552<=
br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 msg-cache-size: 100m<br>=C2=A0 =C2=A0 =C2=A0=
 =C2=A0 msg-cache-slabs: 8<br>logfile: /var/log/unbound.log<br>log-queries:=
 yes<br>log-servfail: yes<br>val-log-level: 2<br>verbosity: 1<br>log-time-a=
scii: yes<br>use-syslog: no<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 num-queries-per-=
thread: 1024<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 rrset-cache-size: 100m<br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 rrset-cache-slabs: 8<br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 infra-cache-slabs: 8<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 do-ip4: yes<br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 do-ip6: yes<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 do-udp:=
 yes<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 do-tcp: yes<br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 do-daemonize: yes<br>access-control: <a href=3D"http://203.27.165.32/27=
">203.27.165.32/27</a> allow <br>access-control: <a href=3D"http://203.44.7=
5.128/25">203.44.75.128/25</a> allow <br>access-control: <a href=3D"http://=
203.41.147.0/24">203.41.147.0/24</a> allow =C2=A0 =C2=A0<br>access-control:=
 <a href=3D"http://203.44.127.128/25">203.44.127.128/25</a>; allow <br>acces=
s-control: <a href=3D"http://203.44.70.128/25">203.44.70.128/25</a>; allow <=
br>access-control: <a href=3D"http://203.89.107.0/25">203.89.107.0/25</a>; a=
llow =C2=A0 <br>access-control: <a href=3D"http://203.90.146.0/24">203.90.1=
46.0/24</a> allow =C2=A0 =C2=A0<br>access-control: 260.102.140.163/24 allow=
 #testing<br>access-control: 102.262.113.140/29 allow #testing<br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 chroot: &quot;/usr/local/etc/unbound&quot;<br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 username: &quot;unbound&quot;<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 directory: &quot;/usr/local/etc/unbound&quot;<br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 pidfile: &quot;/usr/local/etc/unbound/unbound.pid&quot;<br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 root-hints: &quot;/usr/local/etc/unbound/named.cac=
he&quot;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 hide-identity: yes<br>=C2=A0 =C2=A0=
 =C2=A0 =C2=A0 hide-version: yes<br>remote-control:<br>control-enable: yes<=
br>control-use-cert: no<br>forward-zone:<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 nam=
e: &quot;.&quot;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 forward-addr: 8.8.8.8<br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 forward-addr: 1.1.1.1<br><br>=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>sysctl -a | egrep -i &#39;hw.mac=
hine|hw.model|hw.ncpu&#39;<br>hw.machine: amd64<br>hw.model: Intel(R) Xeon(=
R) CPU E5-2620 v2 @ 2.10GHz<br>hw.ncpu: 6<br>hw.machine_arch: amd64<br><br>=
<br>grep memory /var/run/dmesg.boot<br>real memory =C2=A0=3D 17179869184 (1=
6384 MB)<br>avail memory =3D 16628293632 (15857 MB)<br>=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br></div></div></div></div>

--000000000000be508205e5c23c13--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM6iT5SRubV-vcHPANz-2fmzSTCbZeXeywOG=VnvF7BhyF5WxA>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation