tinydns does not answer requests after a few requests. In logs it looks li this ( "0000 / 0000" means request can not be parsed ): @400000006381f6ac06cf8d9c starting tinydns @400000006381f6dd088cb2a4 b9bfab02:37ea:0058 + 0001 evadim.ru @400000006381f6dd110c095c b9bfab02:e5b6:c51b + 0001 evadim.ru @400000006381f6dd19a26e6c b9bfab02:8441:7e44 + 0001 evadim.ru @400000006381f6dd227e0e24 b9bfab02:8484:0dbb - 0001 evadim.ru @400000006381f6de03894fc4 b9bfab02:cfef:e7e6 - 0001 evadim.ru @400000006381f6df0cc631ec b9bfab02:a926:11ff - 0001 evadim.ru @400000006381f6e00b8c2b4c b9bfab02:10ac:0000 / 0000 . @400000006381f6e1244dec24 b9bfab02:33ef:0000 / 0000 . @400000006381f6e321a21d74 b9bfab02:731d:0000 / 0000 . @400000006381f6e535787fdc b9bfab02:3c48:0000 / 0000 . @400000006381f6e93050eb5c b9bfab02:761b:0000 / 0000 . @400000006381f6ee126ad9f4 acfdd20d:a672:0000 / 0000 . @400000006381f6ee26bd2ed4 acfddfc6:ecf1:0000 / 0000 . Ifter research I found few reports what increase of *data* softlimit helps. Good collection of reports found in https://github.com/NixOS/nixpkgs/issues/119066 I get patch from this bug. Also, existing installations must be updated manually (change -d300000 to -d4500000), as /var/tinydns/run file only changed on creation of new instance. Reproducible: Always Steps to Reproduce: 1. Install djbdns 2. Configure tinydns 3. Make 100-200 queries to it. Actual Results: dns requset timed out, new "0000 / 0000 ." record in log Expected Results: valid answer to DNS request
Created attachment 837169 [details, diff] softlimit.patch Patch to fix issue. Diff to new ebuild: --- ./djbdns-1.05-r37.ebuild 2022-11-17 16:40:31.000000000 +0300 +++ djbdns-1.05-r38.ebuild 2022-11-26 17:19:18.000000000 +0300 @@ -44,6 +44,7 @@ "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" "${FILESDIR}/CVE2012-1191_0001-ghost-domain-attack.patch" "${FILESDIR}/AR-and-RANLIB-support.patch" + "${FILESDIR}/softlimit.patch" )
cc'ing dakon in case he knows about this
I wasn't aware of that. According to the file timestamp I changed my limit to 520000 back in April, but I don't remember. It's likely that I have hit the same issue. Out of curiosity I would love to learn what glibc is exactly doing different, but otherwise I think raising the softlimit is fine.
Apparently I fixed this on our DNS servers at work two years ago, but I guess I assumed the problem was specific to our instance (too many zones or something). I'll patch it. Thanks.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a4405074f435983fb6515a2cfed1dca2a67a783 commit 0a4405074f435983fb6515a2cfed1dca2a67a783 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2022-12-02 13:12:12 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2022-12-02 22:43:58 +0000 net-dns/djbdns: new revision increasing tinydns's softlimit. The tinydns launch script imposes a "softlimit" on the amount of memory it can use, and sometime recently (in djbdns terms, anyway), the old default of 300000 became insufficient. We raise it 4500000. This will only help new installations; users with existing ones will need to modify their local launch scripts because the script itself is not controlled by the package manager. Thanks to Vadim Efimov for pointing out that this problem is widespread and in need of fixing. Closes: https://bugs.gentoo.org/883159 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> .../{djbdns-1.05-r37.ebuild => djbdns-1.05-r38.ebuild} | 1 + net-dns/djbdns/files/tinydns-softlimit.patch | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+)