Hi,
I'm having this busy router with multiple private networks behind which is also doing dns caching services.
vlans and carp are also involved.
I'm getting this almost every second on my logs from multiple/different vlans and IPs (had it also on 7.6 as well on 7.7 now).
Apr 29 15:11:49 unbound: [18412:1] notice: remote address is 10.14.0.196 port 44886
Apr 29 15:11:54 unbound: [18412:1] notice: sendto failed: Resource temporarily unavailable
tcpdump on this shows:
15:11:49.420280 10.14.0.196.44886 > 10.14.0.1.domain: 13+ [2au] A? google.com.(74) (DF) [tos 0xe0]
15:11:52.519896 10.14.0.196.44886 > 10.14.0.1.domain: 13+ [2au] A? google.com.(74) (DF) [tos 0xe0]
15:11:52.520048 10.14.0.1.domain > 10.14.0.196.44886: 13 FormErr- 0/0/2(74)
I believe I'm hitting some kind of limit either in the OS or in unbound.
What I have and tested so far:
kern.maxfiles=32768
login.conf:
unbound:\
:openfiles=32768:\
:tc=daemon:
unbound.conf:
num-threads: 4
num-queries-per-thread: 4096
outgoing-range: 16384
so-rcvbuf: 2m
so-sndbuf: 2m
no luck so far.
pf states ~ 30K (hard limit 200K)
load 1.2 (mostly by pmacctd)
hw.machine=amd64
hw.model=Intel(R) Xeon(R) CPU X5660 @ 2.80GHz
hw.ncpu=6
Any ideas?
Thanks,
G
No comments:
Post a Comment