我们已将部分路由器升级到 Ubuntu 16.04,现在 DNS 出现了一些性能问题。似乎数据包有时会被截断,但我不知道还能做什么:
这是来自日志文件的消息:
Jun 8 10:33:01 proxy named[2827]: success resolving 'b1sync.zemanta.com/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:33:05 proxy named[2827]: success resolving 'b1sync.zemanta.com/AAAA' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:33:05 proxy named[2827]: success resolving 'px.owneriq.net/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:33:25 proxy named[2827]: success resolving 'deliveryengine.synchroscript.adswizz.com/AAAA' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:33:42 proxy named[2827]: success resolving 'acl.stayfriends.de/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:34:36 proxy named[2827]: success resolving './NS' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:34:38 proxy named[2827]: success resolving 'boden-de.resultspage.com/AAAA' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:34:50 proxy named[2827]: success resolving 'cdn.optimizely.com/AAAA' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:34:56 proxy named[2827]: success resolving 'cdn.syndication.twimg.com/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:35:21 proxy named[2827]: success resolving 'plus.google.com/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:35:25 proxy named[2827]: success resolving 'd.agkn.com/AAAA' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:35:47 proxy named[2827]: success resolving 'googleads.g.doubleclick.net/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:37:09 proxy named[2827]: success resolving 'e6858.dsce9.akamaiedge.net/A' (in '.'?) after disabling EDNS
Jun 8 10:40:43 proxy named[2827]: success resolving 'r1---sn-4g5e6nl7.gvt1.com/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jun 8 10:42:12 proxy named[2827]: success resolving 'tedbaker.tdefender.net/A' (in '.'?) after disabling EDNS
Jun 8 10:42:14 proxy named[2827]: success resolving 'tile-service.weather.microsoft.com/A' (in '.'?) after disabling EDNS
Jun 8 10:42:34 proxy named[2827]: success resolving 'e5886.x.akamaiedge.net/A' (in '.'?) after disabling EDNS
Jun 8 10:42:41 proxy named[2827]: success resolving 'i.salecycle.com/AAAA' (in '.'?) after disabling EDNS
Jun 8 10:42:48 proxy named[2827]: success resolving 's.mopub.com/A' (in '.'?) after disabling EDNS
Jun 8 10:42:53 proxy named[2827]: success resolving 'postback.pointwise.co/A' (in '.'?) after disabling EDNS
Jun 8 10:43:22 proxy named[2827]: success resolving 'detectportal.firefox.com/AAAA' (in '.'?) after disabling EDNS
Jun 8 10:43:31 proxy named[2827]: success resolving 'www.evi.com/A' (in '.'?) after disabling EDNS
Jun 8 10:43:34 proxy named[2827]: success resolving 'tg.symcd.com/AAAA' (in '.'?) after disabling EDNS
Jun 8 10:43:41 proxy named[2827]: success resolving 'googleads4.g.doubleclick.net/A' (in '.'?) after disabling EDNS
Jun 8 10:43:41 proxy named[2827]: success resolving 'googleads4.g.doubleclick.net/AAAA' (in '.'?) after disabling EDNS
Jun 8 10:43:42 proxy named[2827]: success resolving './NS' (in '.'?) after disabling EDNS
Jun 8 10:43:55 proxy named[2827]: success resolving 'ping.avast.com/A' (in '.'?) after disabling EDNS
Jun 8 10:43:59 proxy named[2827]: success resolving 'm2932843.iavs9x.avg.u.avcdn.net/AAAA' (in '.'?) after disabling EDNS
Jun 8 10:44:22 proxy named[2827]: success resolving 'www.stylight.de/A' (in '.'?) after disabling EDNS
Jun 8 10:45:16 proxy named[2827]: success resolving './NS' (in '.'?) after disabling EDNS
Jun 8 10:45:21 proxy named[2827]: success resolving 'www.ist-track.com/A' (in '.'?) after disabling EDNS
Jun 8 10:46:30 proxy named[2827]: success resolving './NS' (in '.'?) after disabling EDNS
Jun 8 10:46:39 proxy named[2827]: success resolving 'ocsp-ds.ws.symantec.com.edgekey.net/A' (in '.'?) after disabling EDNS
Jun 8 10:47:33 proxy named[2827]: success resolving 'download.cdn.mozilla.net/AAAA' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
我一直在网上寻找解决方案。例如,这个不错的页面:为什么 BIND 会记录有关禁用 EDNS 或减少公布的数据包大小的消息?
- 我已将数据包大小设置为 512,但仍然出现“禁用 EDNS”问题。
- 我发现通常可以禁用 EDNS,但这肯定不是解决方案。
- 我使用不同的名称服务器进行了测试。
- 我还用不同的 DNS 服务 (dnsmasq) 进行了测试
随着回复大小测试,我还发现目标 DNS 服务器支持 4096 的大小。但有时大小会减小。
rst.x1008.rs.dns-oarc.net.
rst.x1968.x1008.rs.dns-oarc.net.
rst.x2454.x1968.x1008.rs.dns-oarc.net.
"74.125.73.76 DNS reply size limit is at least 2454"
"74.125.73.76 sent EDNS buffer size 4096"
"Tested at 2017-06-08 09:07:07 UTC"
rst.x4090.rs.dns-oarc.net.
rst.x4058.x4090.rs.dns-oarc.net.
rst.x4064.x4058.x4090.rs.dns-oarc.net.
"74.125.47.151 DNS reply size limit is at least 4090"
"74.125.47.151 sent EDNS buffer size 4096"
"Tested at 2017-06-08 09:06:18 UTC"
rst.x1008.rs.dns-oarc.net.
rst.x1253.x1008.rs.dns-oarc.net.
rst.x1447.x1253.x1008.rs.dns-oarc.net.
"2a00:1450:400c:c02::103 DNS reply size limit is at least 1447"
"2a00:1450:400c:c02::103 sent EDNS buffer size 4096"
"Tested at 2017-06-08 09:06:22 UTC"
rst.x4090.rs.dns-oarc.net.
rst.x4058.x4090.rs.dns-oarc.net.
rst.x4064.x4058.x4090.rs.dns-oarc.net.
"74.125.47.139 DNS reply size limit is at least 4090"
"74.125.47.139 sent EDNS buffer size 4096"
"Tested at 2017-06-08 09:07:13 UTC"
rst.x1008.rs.dns-oarc.net.
rst.x1253.x1008.rs.dns-oarc.net.
rst.x1447.x1253.x1008.rs.dns-oarc.net.
"2a00:1450:400c:c02::103 DNS reply size limit is at least 1447"
"2a00:1450:400c:c02::103 sent EDNS buffer size 4096"
"Tested at 2017-06-08 09:06:22 UTC"
现在的问题是,我找不到问题的根源。出现问题的两台机器的网卡不同(一台是 Intel 的,另一台是 Broadcom 的)——所以我不认为这是驱动程序的问题。
一台机器有 DSL 连接,另一台有 2 个网关(故障转移配置中的电缆和以太网)。因此,它们前面都没有路由器(只有第二台有以太网,但它只是故障转移链路,并且两个链路上都有这种情况)。
我也做过pcap 转储,并发现一些“TCP 重传”和“TCP 伪重传”——但不知道它们是否是问题所在。使用 tcpdump 我可以看到很多“坏的 udp cksum”——但在 Wireshark 上看不到。
答案1
您必须启用 eDNS。这是解决方案。