Slow reply under heavy load (on a specific NIC ip)
Warren Kumari
warren at kumari.net
Mon Jun 4 15:28:49 UTC 2018
On Mon, Jun 4, 2018 at 8:20 AM Ict Security <ict.security.job at gmail.com>
wrote:
> Hi guys,
>
> we are running a Bind 9.x Server, everything is going fine.
> Under particular heavy load mometns, with some hundreds of concurrent
> queries coming in, sometime Bing stops answering for some seconds or
> answer with important delays.
>
> But, when i try to query the same server/same Bind on a NIC alias IP
> during congestion on the main IP, everything is fast!
>
This sounds suspiciously like conntrack (or some other state / connection
tracking) becoming full.
Depnding on OS / version, does:
conntrack -L
or
cat /proc/net/ip_conntrack
produce a lot of output?
Are you running iptables / ipfw / <similar>? Behind a firewall? Are there
any interesting messages in [/var/log/message|/var/log/syslog/|<wherever
you have BIND logging>] ?
W
>
> I changed some tunings in:
> max-connections in /proc
> txqueue in network
> ipv4_ports
>
> and i mitigate something.
> But it is not completely solved.
>
> Do you think Bind could have some NIC IP limit?
> Some ideas?
>
> Really thank you!
> Francesco
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180604/862a7391/attachment.html>
More information about the bind-users
mailing list