A question about libevent

Paulo Roberto Tomasi pztomasi at gmail.com
Tue Jan 5 17:36:03 UTC 2021 

Hi,

I work at an ISP/NSP in Brazil. I'm planning an unbound DNS superserver to
answer a lot of customers in our ISP

This morning I made some tests with the latest unbound version (1.13.0),
compiling it with option --with-libevent.

After unbound started I noticed system is listening to TCP/UDP Port 53 in
more than one instance:

# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
     PID/Program name
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
    3703/unbound
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
    3703/unbound
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
    3703/unbound
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
    3703/unbound
tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN
    3703/unbound
tcp6       0      0 :::53                   :::*                    LISTEN
    3703/unbound
tcp6       0      0 :::53                   :::*                    LISTEN
    3703/unbound
tcp6       0      0 :::53                   :::*                    LISTEN
    3703/unbound
tcp6       0      0 :::53                   :::*                    LISTEN
    3703/unbound
tcp6       0      0 ::1:8953                :::*                    LISTEN
    3703/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*
     3703/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*
     3703/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*
     3703/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*
     3703/unbound
udp6       0      0 :::53                   :::*
    3703/unbound
udp6       0      0 :::53                   :::*
    3703/unbound
udp6       0      0 :::53                   :::*
    3703/unbound
udp6       0      0 :::53                   :::*
    3703/unbound

I got some questions im my mind and would like help to understand:

   - Is this the expected result when unbound is compiled with libevent?
   - Does num-threads: 4 created 4 unbound instances to load balance DNS
   queries?
   - Using the parameter num-queries-per-thread: 4096 will every thread be
   able to serve 4096 queries?

That was my step-by-step config:

apt-get install make gcc libssl-dev libevent-dev libexpat1-dev
libldns-dev libunbound2
libunbound-dev

cd /tmp
wget https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz
tar zxvf unbound-latest.tar.gz
cd unbound-1.13.0/

./configure --with-libevent

make && make install

groupadd unbound
useradd -c "Unbound DNS resolver" -d /home/unbound -m -g unbound -s
/bin/false unbound

unbound-control-setup

vim /usr/local/etc/unbound/unbound.conf

========================================================

server:
        verbosity: 1

        extended-statistics: yes

        num-threads: 4

        key-cache-slabs: 4

        interface: 0.0.0.0
        interface: ::0

        outgoing-range:8192

        so-rcvbuf: 4m

        max-udp-size: 4096

        msg-cache-size: 50m

        msg-cache-slabs: 4

        num-queries-per-thread: 4096

        rrset-cache-size: 100m

        rrset-cache-slabs: 4

        infra-cache-slabs: 4

        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes

        access-control: 120.N.N.0/21 allow
        access-control: 121.N.N.0/22 allow
        access-control: 122.N.A.0/22 allow
        access-control: 123.Y.Z.0/22 allow
        access-control: 124.B.C.0/22 allow
        access-control: 100.64.0.0/10 allow
        access-control: 2804:ZXVY::/32 allow

        logfile: "/usr/local/etc/unbound/unbound.log"
        use-syslog: no

        hide-identity: no
        hide-version: no

        use-caps-for-id: no

        module-config: "validator iterator"

remote-control:
        control-enable: yes
        control-interface: 127.0.0.1
        control-interface: ::1
        control-port: 8953
        server-key-file: "/usr/local/etc/unbound/unbound_server.key"
        server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
        control-key-file: "/usr/local/etc/unbound/unbound_control.key"
        control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"

========================================================

Then I've used legacy start|stop|restart scripts
I didn't get luck with systemd scripts

vim /etc/init.d/unbound

========================================================

#!/bin/sh

BIN="/usr/local/sbin"

case "$1" in
    start)
        start-stop-daemon -S -x $BIN/unbound-anchor -v
        start-stop-daemon -S -x $BIN/unbound-control start
        ;;

    stop)
        start-stop-daemon -S -x $BIN/unbound-control stop
        ;;

    restart)
        stop && sleep 3 && start
        ;;

    *)
        echo "Usage: service unbound {start|stop|restart|status}" >&2
        exit 1
        ;;
esac

exit 0

# END

==============================================================

chmod +x /etc/init.d/unbound
update-rc.d unbound defaults

service unbound start
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210105/942edf7d/attachment-0003.htm>

More information about the Unbound-users mailing list