[prev in list] [next in list] [prev in thread] [next in thread]
List: unbound-users
Subject: A question about libevent
From: Paulo Roberto Tomasi via Unbound-users <unbound-users () lists ! nlnetlabs ! nl>
Date: 2021-01-05 17:36:03
Message-ID: CAPcs1-BbAe_We1yDeSz=B7=D7evaZJY6H_6y3_SV46fcBGBRGg () mail ! gmail ! com
[Download RAW message or body]
Hi,
I work at an ISP/NSP in Brazil. I'm planning an unbound DNS superserver to
answer a lot of customers in our ISP
This morning I made some tests with the latest unbound version (1.13.0),
compiling it with option --with-libevent.
After unbound started I noticed system is listening to TCP/UDP Port 53 in
more than one instance:
# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
3703/unbound
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
3703/unbound
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
3703/unbound
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
3703/unbound
tcp 0 0 127.0.0.1:8953 0.0.0.0:* LISTEN
3703/unbound
tcp6 0 0 :::53 :::* LISTEN
3703/unbound
tcp6 0 0 :::53 :::* LISTEN
3703/unbound
tcp6 0 0 :::53 :::* LISTEN
3703/unbound
tcp6 0 0 :::53 :::* LISTEN
3703/unbound
tcp6 0 0 ::1:8953 :::* LISTEN
3703/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:*
3703/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:*
3703/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:*
3703/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:*
3703/unbound
udp6 0 0 :::53 :::*
3703/unbound
udp6 0 0 :::53 :::*
3703/unbound
udp6 0 0 :::53 :::*
3703/unbound
udp6 0 0 :::53 :::*
3703/unbound
I got some questions im my mind and would like help to understand:
- Is this the expected result when unbound is compiled with libevent?
- Does num-threads: 4 created 4 unbound instances to load balance DNS
queries?
- Using the parameter num-queries-per-thread: 4096 will every thread be
able to serve 4096 queries?
That was my step-by-step config:
apt-get install make gcc libssl-dev libevent-dev libexpat1-dev
libldns-dev libunbound2
libunbound-dev
cd /tmp
wget https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz
tar zxvf unbound-latest.tar.gz
cd unbound-1.13.0/
./configure --with-libevent
make && make install
groupadd unbound
useradd -c "Unbound DNS resolver" -d /home/unbound -m -g unbound -s
/bin/false unbound
unbound-control-setup
vim /usr/local/etc/unbound/unbound.conf
========================================================
server:
verbosity: 1
extended-statistics: yes
num-threads: 4
key-cache-slabs: 4
interface: 0.0.0.0
interface: ::0
outgoing-range:8192
so-rcvbuf: 4m
max-udp-size: 4096
msg-cache-size: 50m
msg-cache-slabs: 4
num-queries-per-thread: 4096
rrset-cache-size: 100m
rrset-cache-slabs: 4
infra-cache-slabs: 4
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
access-control: 120.N.N.0/21 allow
access-control: 121.N.N.0/22 allow
access-control: 122.N.A.0/22 allow
access-control: 123.Y.Z.0/22 allow
access-control: 124.B.C.0/22 allow
access-control: 100.64.0.0/10 allow
access-control: 2804:ZXVY::/32 allow
logfile: "/usr/local/etc/unbound/unbound.log"
use-syslog: no
hide-identity: no
hide-version: no
use-caps-for-id: no
module-config: "validator iterator"
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-interface: ::1
control-port: 8953
server-key-file: "/usr/local/etc/unbound/unbound_server.key"
server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
control-key-file: "/usr/local/etc/unbound/unbound_control.key"
control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
========================================================
Then I've used legacy start|stop|restart scripts
I didn't get luck with systemd scripts
vim /etc/init.d/unbound
========================================================
#!/bin/sh
BIN="/usr/local/sbin"
case "$1" in
start)
start-stop-daemon -S -x $BIN/unbound-anchor -v
start-stop-daemon -S -x $BIN/unbound-control start
;;
stop)
start-stop-daemon -S -x $BIN/unbound-control stop
;;
restart)
stop && sleep 3 && start
;;
*)
echo "Usage: service unbound {start|stop|restart|status}" >&2
exit 1
;;
esac
exit 0
# END
==============================================================
chmod +x /etc/init.d/unbound
update-rc.d unbound defaults
service unbound start
[Attachment #3 (text/html)]
<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr">Hi,<br><div><br></div><div>I work at an ISP/NSP in Brazil. I'm planning \
an unbound DNS superserver to answer a lot of customers in our \
ISP</div><div><br></div><div>This morning I made some tests with the latest unbound \
version (1.13.0), compiling it with option <font face="monospace" \
style="background-color:rgb(255,242,204)">--with-libevent</font>.</div><div><br></div><div>After \
unbound started I noticed system is listening to TCP/UDP Port 53 in more than one \
instance:</div><div><br></div><div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace"># netstat \
-tulpn</font></span></div><div><span style="background-color:rgb(207,226,243)"><font \
face="monospace">Active Internet connections (only \
servers)</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">Proto Recv-Q Send-Q \
Local Address Foreign Address State \
PID/Program name</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">tcp 0 \
0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* \
LISTEN 3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">tcp 0 \
0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* \
LISTEN 3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">tcp 0 \
0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* \
LISTEN 3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">tcp 0 \
0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* \
LISTEN 3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">tcp 0 \
0 <a href="http://127.0.0.1:8953">127.0.0.1:8953</a> 0.0.0.0:* \
LISTEN 3703/unbound</font></span></div><div><span \
style="font-family:monospace;background-color:rgb(207,226,243)">tcp6 0 \
0 :::53 :::* LISTEN \
3703/unbound</span><br></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">tcp6 0 \
0 :::53 :::* LISTEN \
3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">tcp6 0 \
0 :::53 :::* LISTEN \
3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">tcp6 0 \
0 :::53 :::* LISTEN \
3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">tcp6 0 \
0 ::1:8953 :::* LISTEN \
3703/unbound</font></span></div><div><span \
style="font-family:monospace;background-color:rgb(207,226,243)">udp 0 \
0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* \
3703/unbound</span><br></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">udp 0 \
0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* \
3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">udp 0 \
0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* \
3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">udp 0 \
0 <a href="http://0.0.0.0:53">0.0.0.0:53</a> 0.0.0.0:* \
3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">udp6 0 \
0 :::53 :::* \
3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">udp6 0 \
0 :::53 :::* \
3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">udp6 0 \
0 :::53 :::* \
3703/unbound</font></span></div><div><span \
style="background-color:rgb(207,226,243)"><font face="monospace">udp6 0 \
0 :::53 :::* \
3703/unbound</font></span></div></div><div><br></div><div>I got some questions im my \
mind and would like help to understand:</div><div><ul><li>Is this the expected result \
when unbound is compiled with libevent?</li><li>Does <span \
style="background-color:rgb(255,242,204)">num-threads: 4</span> created 4 unbound \
instances to load balance DNS queries?</li><li>Using the parameter <span \
style="background-color:rgb(255,242,204)">num-queries-per-thread: 4096</span> will \
every thread be able to serve 4096 queries?</li></ul></div><div>That was my \
step-by-step config:<br></div><div><br></div><div><div><span \
style="background-color:rgb(255,242,204)"><font face="monospace">apt-get install make \
gcc libssl-dev libevent-dev libexpat1-dev libldns-dev </font><span \
style="font-family:monospace">libunbound2 \
libunbound-dev</span></span></div><div><span \
style="font-family:monospace;background-color:rgb(255,242,204)"><br></span></div><div><span \
style="background-color:rgb(255,242,204)"><span style="font-family:monospace">cd \
/tmp</span><br></span></div><div><font face="monospace" \
style="background-color:rgb(255,242,204)">wget <a \
href="https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz">https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz</a></font></div><div><font \
face="monospace" style="background-color:rgb(255,242,204)">tar zxvf \
unbound-latest.tar.gz</font></div><div><font face="monospace" \
style="background-color:rgb(255,242,204)">cd unbound-1.13.0/</font></div><div><span \
style="font-family:monospace;background-color:rgb(255,242,204)"><br></span></div><div><span \
style="background-color:rgb(255,242,204)"><span \
style="font-family:monospace">./configure \
--with-libevent</span><br></span></div><div><font face="monospace" \
style="background-color:rgb(255,242,204)"><br></font></div><div><font \
face="monospace" style="background-color:rgb(255,242,204)">make && make \
install</font></div></div><div><font face="monospace"><br></font></div><div><font \
face="monospace"><div><span style="background-color:rgb(255,242,204)">groupadd \
unbound</span></div><div><span style="background-color:rgb(255,242,204)">useradd -c \
"Unbound DNS resolver" -d /home/unbound -m -g unbound -s /bin/false \
unbound</span></div><div><br></div><div><span \
style="background-color:rgb(255,242,204)">unbound-control-setup<br></span></div><div><br></div><div><span \
style="background-color:rgb(255,242,204)">vim \
/usr/local/etc/unbound/unbound.conf</span></div><div><br></div><div><div>========================================================<br></div><div><span \
style="background-color:rgb(207,226,243)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)">server:</span></div><div><span \
style="background-color:rgb(217,234,211)"> verbosity: \
1</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> extended-statistics: \
yes</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> num-threads: \
4</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> key-cache-slabs: \
4</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> interface: \
0.0.0.0</span></div><div><span style="background-color:rgb(217,234,211)"> \
interface: ::0</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> \
outgoing-range:8192</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> so-rcvbuf: \
4m</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> max-udp-size: \
4096</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> msg-cache-size: \
50m</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> msg-cache-slabs: \
4</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> num-queries-per-thread: \
4096</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> rrset-cache-size: \
100m</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> rrset-cache-slabs: \
4</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> infra-cache-slabs: \
4</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> do-ip4: \
yes</span></div><div><span style="background-color:rgb(217,234,211)"> \
do-ip6: yes</span></div><div><span style="background-color:rgb(217,234,211)"> \
do-udp: yes</span></div><div><span style="background-color:rgb(217,234,211)"> \
do-tcp: yes</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> access-control: 120.N.N.0/21 \
allow</span></div><div><span style="background-color:rgb(217,234,211)"> \
access-control: 121.N.N.0/22 allow</span></div><div><span \
style="background-color:rgb(217,234,211)"> access-control: 122.N.A.0/22 \
allow</span></div><div><span style="background-color:rgb(217,234,211)"> \
access-control: 123.Y.Z.0/22 allow</span></div><div><span \
style="background-color:rgb(217,234,211)"> access-control: 124.B.C.0/22 \
allow</span></div><div><span style="background-color:rgb(217,234,211)"> \
access-control: <a href="http://100.64.0.0/10">100.64.0.0/10</a> \
allow</span></div><div><span style="background-color:rgb(217,234,211)"> \
access-control: 2804:ZXVY::/32 allow</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> logfile: \
"/usr/local/etc/unbound/unbound.log"</span></div><div><span \
style="background-color:rgb(217,234,211)"> use-syslog: \
no</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> hide-identity: \
no</span></div><div><span style="background-color:rgb(217,234,211)"> \
hide-version: no</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> use-caps-for-id: \
no</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)"> module-config: "validator \
iterator"</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div><div><span \
style="background-color:rgb(217,234,211)">remote-control:</span></div><div><span \
style="background-color:rgb(217,234,211)"> control-enable: \
yes</span></div><div><span style="background-color:rgb(217,234,211)"> \
control-interface: 127.0.0.1</span></div><div><span \
style="background-color:rgb(217,234,211)"> control-interface: \
::1</span></div><div><span style="background-color:rgb(217,234,211)"> \
control-port: 8953</span></div><div><span style="background-color:rgb(217,234,211)"> \
server-key-file: "/usr/local/etc/unbound/unbound_server.key"</span></div><div><span \
style="background-color:rgb(217,234,211)"> server-cert-file: \
"/usr/local/etc/unbound/unbound_server.pem"</span></div><div><span \
style="background-color:rgb(217,234,211)"> control-key-file: \
"/usr/local/etc/unbound/unbound_control.key"</span></div><div><span \
style="background-color:rgb(217,234,211)"> control-cert-file: \
"/usr/local/etc/unbound/unbound_control.pem"</span></div><div><span \
style="background-color:rgb(217,234,211)"><br></span></div></div><div><span \
style="background-color:rgb(217,234,211)">========================================================</span><br></div><div><br></div><div>Then \
I've used legacy start|stop|restart scripts</div><div>I didn't get luck with \
systemd scripts</div><div><br></div><div><div><span \
style="background-color:rgb(255,242,204)">vim \
/etc/init.d/unbound</span></div><div><span \
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic