BIND and UDP tuning

Alex mysqlstudent at gmail.com
Wed Sep 26 16:52:25 UTC 2018 

Hi,

I reported a few weeks ago that I was experiencing a really high
number of "SERVFAIL" messages in my bind-9.11.4-P1 system running on
fedora28, and I haven't yet found a solution. This is all now running
on a 165/35 cable system.

I found a program named dropwatch which is showing a significant
number of dropped UDP packets, particularly when there are bursts of
email traffic:

12 drops at skb_queue_purge+13 (0xffffffff9f79a0c3)
1 drops at __udp4_lib_rcv+1e6 (0xffffffff9f83bdf6)
4 drops at __udp4_lib_rcv+1e6 (0xffffffff9f83bdf6)
5 drops at nf_hook_slow+a7 (0xffffffff9f7faff7)
3 drops at sk_stream_kill_queues+48 (0xffffffff9f7a1158)
3 drops at __udp4_lib_rcv+1e6 (0xffffffff9f83bdf6)
...

# netstat -us
...
Udp:
    23449482 packets received
    1724269 packets to unknown port received
    8248 packet receive errors
    31394909 packets sent
    8243 receive buffer errors
    0 send buffer errors
    InCsumErrors: 5
    IgnoredMulti: 43247

The SERVFAIL messages don't necessarily correspond to the UDP packet
errors shown by netstat, but the dropwatch output is continuous. The
netstat packet receive errors also don't seem to correspond to
"SERVFAIL" or "Name service" errors:

26-Sep-2018 12:42:49.743 query-errors: info: client @0x7fb3c41634d0
127.0.0.1#44104 (46.36.47.104.wl.mailspike.net): query failed
(SERVFAIL) for 46.36.47.104.wl.mailspike.net/IN/A at
../../../bin/named/query.c:8580

Sep 26 12:47:11 mail03 postfix/dnsblog[22821]: warning: dnsblog_query:
lookup error for DNS query 196.91.107.80.bl.spameatingmonkey.net: Host
or domain name not found. Name service error for
name=196.91.107.80.bl.spameatingmonkey.net type=A: Host not found, try
again

I've been following this thread from some time ago, but nothing I've
done has made a difference. I really don't know what the buffer sizes
should be.
http://bind-users-forum.2342410.n4.nabble.com/Tuning-suggestions-for-high-core-count-Linux-servers-td3899.html

Are there specific bind tunables you might recommend? edns-udp-size, perhaps?

Any ideas on other tunables such as net.core.*mem_default etc?

More information about the bind-users mailing list