Changeset 13911 in hybrid


Ignore:
Timestamp:
Jun 13, 2017, 8:18:57 AM (7 years ago)
Author:
rick
Message:

Stripping the number of resolvers unbound can use.

Unbound does not handle multiple resolvers well it internal 'logic' keeps
pounding and checking all resolvers making it a very slow process. By limiting
the count of resolvers it sould be more happy.

Count limititing is done using two-phase approch, firstly the initial resolvers
are limited to a fixed set of resolvers, secondly the list is updated based on
the results of the zone inquiries.

While here, ensure the listen is set on dynamic ranges ensuring failing
interfaces will not bring down the DNS server.

Making the list more limited and based on active resolvers.

Location:
branches/releng-11/nanobsd/files
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • branches/releng-11/nanobsd/files/etc/crontab

    r13768 r13911  
    44#
    55SHELL=/bin/sh
    6 PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
     6PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
    77HOME=/var/log
    88#
     
    3131# Write updates for ntp.drift to flash
    32320       12      *       *       *       root    /tools/store-ntpdrift
    33 #
    3433# Nagios checks
    3534*/15    *       *       *       *       root    /tools/check-inet-alive
     
    3736*/15    *       *       *       *       root    /tools/nameserver-shuffle cron
    3837# Autoritive zone file updater
    39 0       *       *       *       *       root    sleep `jot -r 1 900` && /tools/update-nsd-zones
     380       *       *       *       *       root    /tools/update-nsd-zones cron
  • branches/releng-11/nanobsd/files/tools/nameserver-shuffle

    r13723 r13911  
    6565  $verbose && echo "################################"
    6666  cat $NEWRESOLV > /etc/resolv.conf || exit 1
     67
     68  # Update unbound forwarders list
     69  unbound-control forward $(grep 'nameserver' /etc/resolv.conf | grep -v '127.0.0.1' | awk '{print $2}' | tail -3 )
    6770fi
  • branches/releng-11/nanobsd/files/tools/update-nsd-zones

    r13768 r13911  
    11#!/bin/sh
    22#
    3 # Update local autoritive DNS server
     3# Rick van der Zwet <info@rickvanderzwet.nl>
    44#
     5# Update local autoritive DNS server, by transfering zone files from master
     6# using HTTP protocol
     7#
     8
     9# Avoid hammering source, sleep random delay
     10if [ "$1" = "cron" ]; then
     11        sleep $(jot -r 1 900)
     12fi
     13
     14# Fetch source files
    515fetch -T 5 -o /tmp/dns.tar.gz.enc http://wirelessleiden.nl/dns/latest.tar.gz.enc || exit 1
    616
  • branches/releng-11/nanobsd/files/usr/local/etc/unbound/unbound.conf

    r13908 r13911  
    66# this is a comment.
    77
    8 #Use this to include other text into the file.
     8# Bind to specific IP addresses & initial forward zones
    99include: "/usr/local/etc/unbound.wleiden.conf"
    1010
Note: See TracChangeset for help on using the changeset viewer.