Heavy duty unbound

Reply: jin guojun : "Re: Heavy duty unbound"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bahagia BAG <csf.server.bag_at_gmail.com>
Date: Mon, 08 Aug 2022 22:21:14 UTC
Hello All,

I have unbound setup as a dns cache server
The problem is if I give dns query traffic from my network, the server is
very lagging
and if i run top, unbound  is 166.43%
sometimes I can't ssh login to the server
I received an error log like this

Limiting icmp unreach response from 203 to 193 packets/sec
Limiting icmp unreach response from 222 to 197 packets/sec
Limiting icmp unreach response from 228 to 194 packets/sec

How can I tweak and optimize this server?

Thanks in advance

Baha Gia
======================================================================
22 processes:  2 running, 20 sleeping
CPU: 25.4% user,  0.0% nice, 31.6% system,  0.0% interrupt, 43.0% idle
Mem: 341M Active, 9786M Inact, 80M Laundry, 1581M Wired, 936M Buf, 4382M
Free
Swap: 4095M Total, 4095M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU
COMMAND
 3363 unbound       8  31    0   784M   408M kqread   3 102.7H 166.43%
unbound
  183 root          3  20    0    32M    13M select   3   4:49   0.11%
vmtoolsd
======================================================================
OS: FreeBSD amd64
Version: 12.3-STABLE

more /usr/local/etc/unbound/unbound.conf
server:
        verbosity: 5
        num-threads: 8
        #interface: 127.0.0.1@53
        #interface: 127.0.0.1@443
        interface: 172.28.16.66@53
        interface: 172.28.16.66@443
        interface: 203.80.158.64@53
        interface: 203.80.158.64@443
        port: 53
        outgoing-num-tcp: 100
        incoming-num-tcp: 100
        outgoing-range: 7250
        so-rcvbuf: 8m
        so-sndbuf: 8m
        so-reuseport: no
        max-udp-size: 4096
        stream-wait-size: 6m
        msg-buffer-size: 65552
        msg-cache-size: 100m
        msg-cache-slabs: 8
logfile: /var/log/unbound.log
log-queries: yes
log-servfail: yes
val-log-level: 2
verbosity: 1
log-time-ascii: yes
use-syslog: no
        num-queries-per-thread: 1024
        rrset-cache-size: 100m
        rrset-cache-slabs: 8
        infra-cache-slabs: 8
        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
access-control: 203.27.165.32/27 allow
access-control: 203.44.75.128/25 allow
access-control: 203.41.147.0/24 allow
access-control: 203.44.127.128/25 allow
access-control: 203.44.70.128/25 allow
access-control: 203.89.107.0/25 allow
access-control: 203.90.146.0/24 allow
access-control: 260.102.140.163/24 allow #testing
access-control: 102.262.113.140/29 allow #testing
        chroot: "/usr/local/etc/unbound"
        username: "unbound"
        directory: "/usr/local/etc/unbound"
        pidfile: "/usr/local/etc/unbound/unbound.pid"
        root-hints: "/usr/local/etc/unbound/named.cache"
        hide-identity: yes
        hide-version: yes
remote-control:
control-enable: yes
control-use-cert: no
forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 1.1.1.1

=====================================================================
sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu'
hw.machine: amd64
hw.model: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz
hw.ncpu: 6
hw.machine_arch: amd64


grep memory /var/run/dmesg.boot
real memory  = 17179869184 (16384 MB)
avail memory = 16628293632 (15857 MB)
======================================================================