nsd users - Apr 2016 - NSD4 goes unresponsive with lots of TCP connection!

Hi,

  I have seen opposite (same?) situation with BIND9 nameserver -- many
UDP queries and
almost unresponsible both for UDP and TCP query.
That was not due to BIND9's issue, but firewall (iptables) state table was
full.

Hi,

We have seen the behaviour described in first message on two of our nodes:
NSD 4.0.1 and 4.0.3 went completely unresponsive when sockstat showed
few thousand TCP connections. Both nodes operate under FreeBSD 10.0.

Recently I updated NSD to 4.1.9 and now am waiting if problem appear again.

2016-04-06 14:56 GMT+03:00 Daisuke HIGASHI <daisuke.higashi at
gmail.com>:
> Hi,
>
>   I have seen opposite (same?) situation with BIND9 nameserver -- many
> UDP queries and
> almost unresponsible both for UDP and TCP query.
> That was not due to BIND9's issue, but firewall (iptables) state table
was full.
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users


-- 
Is there any problem Exterminatus cannot solve? I have not found one yet.

Hi,
> On Apr 6, 2016, at 5:41 PM, Daisuke HIGASHI <daisuke.higashi at
gmail.com> wrote:
> 
> Hi,
> 
>  I have seen opposite (same?) situation with BIND9 nameserver -- many
> UDP queries and
> almost unresponsible both for UDP and TCP query.
> That was not due to BIND9's issue, but firewall (iptables) state table
was full.
Yes, we have seen that problem as well. The state table keep tracks of UDP
connections as well, so we bypass state table for port 53 both UDP and TCP on
all our production servers.


Thanks.



Regards,
Kabindra Shrestha

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20160408/b218ac3a/attachment.bin>