Hello,
I'm running an exit relay > 200 Mbit/s with local unbound on openbsd. I receive a lot of the following syslog messages from unbound:
unbound: [15040:1] error: recvfrom 226 failed: Host is down
I already increased the UDP buffer sizes:
net.inet.udp.sendspace: 262144 net.inet.udp.recvspace: 262144
(hopefully) relevant part from unbound.conf is:
num-threads: 2 msg-cache-slabs: 4 rrset-cache-slabs: 4 infra-cache-slabs: 4 key-cache-slabs: 4 rrset-cache-size: 100m msg-cache-size: 50m outgoing-range: 450 outgoing-port-avoid: "22,25,26,37,54,55,67,68,69,80,110,123,135,137,138,139,143,443,445,465,500,587,843,990,912,993,995,1025,1863,1935,2400,4242,4400,4421,4444,4445,4480,4500,4569,5038,5050,5060,5061,5062,5063,5064,5065,5198,5199,5200,5222,5555,5800,5801,5900,5901,6666,6667,6668,6669,7000,7001,7002,7003,7004,7005,7006,7658,7659,7660,7777,8050,8052,8054,8056,8058,8060,8080,8110,8118,8120,8123,8125,8143,8998,9001,9022,9030,9050,9051,9052,9053,9054,9055,9056,9057,9058,9059,9060,9080,10000,15000,15001,15002,15003,15004,16001,16999,20000,20001,25000,26999,29998,30600,31000,32000,36999,50300" outgoing-num-tcp: 25 incoming-num-tcp: 25 msg-buffer-size: 65552
I couldn't find any hints on the internet apart from increasing UDP buffers, any ideas what else to look for?
Thank you!
w.
Hi,
On 8 Dec 2019, at 22:37, Winter Paulson db8ltro2dy271kr3j9ucin3k@systemli.org wrote:
I'm running an exit relay > 200 Mbit/s with local unbound on openbsd. I receive a lot of the following syslog messages from unbound:
unbound: [15040:1] error: recvfrom 226 failed: Host is down
Maybe the remote DNS server can't handle the load? Or the network between you is dropping DNS packets? Or there's some firewall between you and the remote DNS that sees your DNS as problematic?
Have you tried running a full resolver?
T
Hey,
thanks for your answer teor.
I'm already running a full resolver. There is no firewall.
Regardless of the buffer size tuning I still see a lot of UDP drops due to "no socket"
tor-exit# netstat -s -p udp udp: 48492539 datagrams received 0 with incomplete header 0 with bad data length field 109 with bad checksum 229788 with no checksum 48262751 input packets software-checksummed 29151016 output packets software-checksummed 1466023 dropped due to no socket 0 broadcast/multicast datagrams dropped due to no socket 0 dropped due to missing IPsec protection 0 dropped due to full socket buffers 47026407 delivered 92616440 datagrams output 48490763 missed PCB cache
tor-exit# fstat | wc -l 7716
/etc/sysctl.conf
kern.maxfiles=30000
/etc/login.conf
unbound:\ :openfiles=13500:\ :tc=daemon:
tor:\ :openfiles-max=22000:\ :tc=daemon:
Any ideas? thanks!
w.
On 11.12.19 02:24, teor wrote:
Hi,
On 8 Dec 2019, at 22:37, Winter Paulson db8ltro2dy271kr3j9ucin3k@systemli.org wrote:
I'm running an exit relay > 200 Mbit/s with local unbound on openbsd. I receive a lot of the following syslog messages from unbound:
unbound: [15040:1] error: recvfrom 226 failed: Host is down
Maybe the remote DNS server can't handle the load? Or the network between you is dropping DNS packets? Or there's some firewall between you and the remote DNS that sees your DNS as problematic?
Have you tried running a full resolver?
T
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
short follow up.
unbound: [15040:1] error: recvfrom 226 failed: Host is down
This seems to be a problem on openbsd 6.6:
https://marc.info/?t=157531192100006&r=1&w=2
Best,
W.
tor-relays@lists.torproject.org
-
teor -
Winter Paulson