[Yeti DNS Discuss] dnscap losing packets?

龚道彪 dbgong at biigroup.cn
Mon Jul 13 07:17:42 UTC 2015 

we have do some tests on dnscap.
dnscap:
    https://github.com/verisign/dnscap


test cases:send with different slow QPS, different Linux kernel, compare with tcpdump.
1. centos 2.6.32:  libpcap 1.4.0   
    tcpdump is ok,  dnscap is ok
	
2. ubuntu 3.13.0-46-generic libpcap 1.5.3 
    tcpdump is ok, dnscap lost packets
	
3. ubuntu 3.16.0-30-generic libpcap 1.5.3 
    tcpdump is ok, dnscap lost packets
	
4. ubuntu 4.0.7-040007-generic #201507031036 SMP libpcap 1.5.3  
     tcpdump is ok, dnscap is ok
	 
related bug report:
    https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1457472


Summary:
    on ubuntu 14.04.2(kernel 4.0.7), dnscap works well.
    on Centos 6(kernel 2.6.32.*), dnscap works well.
    on FreeBSD 10.0, dnscap works well.
	
    linux kernel blow 3.19 do impact dnscap.
   on ubuntu 14.04.2(kernel 3.13.0, 3.16.0): the result is weird, tcpdump didn't lost packets, 
   but dnscap lost packets, they both depends on libpcap-dev 1.5.3, maybe some bugs in dnscap code.



---Kevin
 
------------------ Original ------------------
From:  "Stephane Bortzmeyer"<bortzmeyer at nic.fr>;
Date:  Thu, Jun 18, 2015 03:37 PM
To:  "龚道彪"<dbgong at biigroup.cn>; 
Cc:  "Paul Vixie"<paul at redbarn.org>; "Stephane Bortzmeyer"<bortzmeyer at nic.fr>; "discuss"<discuss at lists.yeti-dns.org>; 
Subject:  Re: [Yeti DNS Discuss] dnscap losing packets?

 
On Thu, Jun 18, 2015 at 11:39:00AM +0800,
 龚道彪 <dbgong at biigroup.cn> wrote 
 a message of 164 lines which said:

> maybe I found the reason.  when your host is multihomed, dnscap will
> only capture on one NIC

I don't think this is the reason, see later.

> result on pcap file:
> eth0: get the query only
> eth1: get the response only

This may be because, by default, the reply is sent on eth1 (test with
tcpdump to be sure). In my case, the result is not reproducible
(sometimes, I get the query, sometimes not).

> Stephane, is your host multihomed?

Yes, a Linux VPS with two virtual interfaces, eth0 is used for
management (dahu1-mnt.yeti.eu.org, SSH, SMTP and so on) and eth1 for
the DNS service (dahu1.yeti.eu.org). Default route goes through eth0,
source routing is used to be sure that the DNS replies go through eth1
(checked with tcpdump and pcapdump).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20150713/e8a93700/attachment.html>

More information about the discuss mailing list