[Unbound-users] Is It Correct Unbound Config as Validating DNS Server/Resolver ?
Bry8 Star
bry8star at inventati.org
Tue May 28 02:52:39 UTC 2013
Hi Wouter,
THANK YOU.
In DNS-Server (192.168.0.10), below config lines are now changed to
have such values:
num-threads: 2
outgoing-range: 450 # when thread = 2
outgoing-num-tcp: 25
incoming-num-tcp: 25
num-queries-per-thread: 225 # when thread = 2
And after restarting Unbound DNS-Server (in Win7 computer), i'm
observing, below windows thread (under the "unbound.exe" service
program) sometime, (not always), using high CPU resources, specially
when any unsigned.tld type of sites/domains are queried/resolved:
msvcrt.dll!endthreadex+0x29
I'm observing its working much better : previously, for any type of
site/domain DNS query, CPU usage level used to jump up, now mostly
for unsigned.tld type of sites.
And when CPU usage remains at high level for around 1 or 2 minutes
(or more), then sometime only newer unsigned.tld type of sites,
SOMETIME (not always) do not get resolved, and dig shows "connection
timed out; no servers could be reached", and, if exactly then, DNS
queries are done for previously queried sites/domains, it still
works/responds correctly. So its performing better now.
The sechost.dll did not use high CPU resources anymore.
So need to find out, what can be done, so that endthreadex+0x29 from
msvcrt.dll is not used in massive rate by the unbound.exe service.
IF/WHEN YOU ARE REPLYING, PLEASE MAKE SURE TO
PLACE ONLY ONE/BELOW EMAIL ADDRESS IN THE
"TO:" FIELD/Text-Box:
unbound-users at unbound.net
Please do not send any email directly to me, Thanks.
-- Bright Star (Bry8Star).
Received from W.C.A. Wijngaards, on 2013-05-27 6:10 AM:
> Hi Bry8,
>
> You are using a lot of TCP, you should increase the incoming-num-tcp:
> and the outgoing-num-tcp: from the default 10 to more. Because of
> windows you may hit a max (try 20), on Linux you can have as much as
> you like. CPU resources, you can use multiple threads (on windows)
> for more processing capacity (even if you do not have that many
> cores), to be able to make more TCP connections (num-threads:).
>
> Unbound does not use advapi or sechost.dll itself, but uses
> openssl.dll for security and crypto functions.
>
> Unbound on windows accesses the registry infrequently. It checks for
> a root anchor action once in a while, and its install directory on
> startup. The registry keys are documented in the windows doc (at the
> end) on the unbound web documentation page.
>
> Best regards,
> Wouter
>
>
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20130527/e507ffed/attachment.bin>
More information about the Unbound-users
mailing list