Date: Wed, 10 Aug 2022 12:17:54 +0700 From: Bahagia BAG <csf.server.bag@gmail.com> To: jin guojun <jguojun@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Heavy duty unbound Message-ID: <CAM6iT5TGuSq2QPsHv=uQzq=%2BGVofYFUtw0UpsLiH6q4tpYdUNw@mail.gmail.com> In-Reply-To: <CAE6yT5uwVc=NEvKdU6ZabF2pZjy49RPahRCuc_1PytdaU6%2BtdQ@mail.gmail.com> References: <CAM6iT5SRubV-vcHPANz-2fmzSTCbZeXeywOG=VnvF7BhyF5WxA@mail.gmail.com> <CAE6yT5uwVc=NEvKdU6ZabF2pZjy49RPahRCuc_1PytdaU6%2BtdQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000008f941405e5dc2c4d Content-Type: text/plain; charset="UTF-8" Hello Jin Thanks for your reply, Can you show me where can I learn how to setup with ASN, since this server is for ISP and have ASN Best Regards Baha Gia On Tue, Aug 9, 2022 at 6:37 AM jin guojun <jguojun@gmail.com> wrote: > This could be related to your network topology. > > If you have a real gateway with AS # (ASN) set properly, you should not > see this problem. > > If you have a home router that serves your NAT, and your gateway is an ISP > port, and this port IP is mapped to your service IP (DNS, HTTP, etc) via > NAT, then any of your local network traffic to use your services tied to > this IP may experience the problem you had. > This is depending on what kind of internal router is behind the ISP modem. > If you have all in one Modem/Router, it is likely to see the problem. Some > routers may even prevent such traffic flow. This is because of the > All-in-one internal traffic rerouting. > If you have a separate Modem and Router, you can sniff the traffic between > the router and the modem, the traffic between the client and the router, as > well as between the router and the server, then you may find some > redirecting traffic issues, which causes CPU usage due to massive packet > dropping and resending. > > -Jin > > On Mon, Aug 8, 2022 at 3:21 PM Bahagia BAG <csf.server.bag@gmail.com> > wrote: > >> Hello All, >> >> I have unbound setup as a dns cache server >> The problem is if I give dns query traffic from my network, the server is >> very lagging >> and if i run top, unbound is 166.43% >> sometimes I can't ssh login to the server >> I received an error log like this >> >> Limiting icmp unreach response from 203 to 193 packets/sec >> Limiting icmp unreach response from 222 to 197 packets/sec >> Limiting icmp unreach response from 228 to 194 packets/sec >> >> How can I tweak and optimize this server? >> >> Thanks in advance >> >> Baha Gia >> >> --0000000000008f941405e5dc2c4d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">Hello Jin<div><br></div><div>Thanks for your=C2=A0reply, C= an you show me where can I learn how to setup=C2=A0with ASN, since this ser= ver is for ISP and have ASN</div><div><br></div><div>Best Regards</div><div= ><br></div><div>Baha Gia</div></div><br><div class=3D"gmail_quote"><div dir= =3D"ltr" class=3D"gmail_attr">On Tue, Aug 9, 2022 at 6:37 AM jin guojun <= ;<a href=3D"mailto:jguojun@gmail.com">jguojun@gmail.com</a>> wrote:<br><= /div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo= rder-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><di= v>This could be related to your network topology.</div><div><br></div><div>= If you have a real gateway with AS # (ASN) set properly, you should not see= this problem.</div><div><br></div><div>If you have a home router that serv= es your NAT, and your gateway is an ISP port, and this port IP is mapped to= your service IP (DNS, HTTP, etc) via NAT, then any of your local network t= raffic to use your services tied to this IP may experience the problem you = had.</div><div>This is depending on what kind of internal router is behind = the ISP modem.</div><div>If you have all in one Modem/Router, it is likely = to see the problem. Some routers may even prevent such traffic flow. This i= s because of the All-in-one internal traffic rerouting.<br></div><div>If yo= u have a separate Modem and Router, you can sniff the traffic between the r= outer and the modem, the traffic between the client and the router, as well= as between the router and the server, then you may find some redirecting t= raffic issues, which causes CPU usage due to massive packet dropping and re= sending.<br></div><div><br></div><div>-Jin</div><div><br></div><div class= =3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Aug 8, 2022 = at 3:21 PM Bahagia BAG <<a href=3D"mailto:csf.server.bag@gmail.com" targ= et=3D"_blank">csf.server.bag@gmail.com</a>> wrote:<br></div><blockquote = class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px sol= id rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>Hello All,</div= ><div><br></div>I have unbound setup as a dns cache server <br>The problem = is if I give dns query traffic from my network, the server is very lagging<= br>and if i run top, unbound=C2=A0 is 166.43%<br>sometimes I can't ssh = login to the server<br>I received an error log like this<div><br>Limiting i= cmp unreach response from 203 to 193 packets/sec<br>Limiting icmp unreach r= esponse from 222 to 197 packets/sec<br>Limiting icmp unreach response from = 228 to 194 packets/sec<br><br>How can I tweak and optimize this server?<br>= <br><div>Thanks in advance<div>=C2=A0</div><div>Baha Gia<br><br></div></div= ></div></div> </blockquote></div></div> </blockquote></div> --0000000000008f941405e5dc2c4d--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM6iT5TGuSq2QPsHv=uQzq=%2BGVofYFUtw0UpsLiH6q4tpYdUNw>