- Change default for so-sndbuf to 1m, to mitigate a cross-layer

  issue where the UDP socket send buffers are exhausted waiting
  for ARP/NDP resolution. Thanks to Reflyable for the report.

diff --git a/doc/Changelog b/doc/Changelog
index c44bf4f228524a9d6c81eb45e9346542973593bd..b7bcabb6d0c8960fd146021eb4bb3f47d8d5747b 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,11 @@
          by adding a log_assert() to safeguard future development.
        - Fix #1282: log-destaddr fail on long ipv6 addresses.
 
+13 May 2025: Wouter
+       - Change default for so-sndbuf to 1m, to mitigate a cross-layer
+         issue where the UDP socket send buffers are exhausted waiting
+         for ARP/NDP resolution. Thanks to Reflyable for the report.
+
 12 May 2025: Yorgos
        - Merge #1280: Fix auth nsec3 code. Fixes NSEC3 code to not break on
          broken auth zones that include unsigned out of zone (above apex)

diff --git a/doc/example.conf.in b/doc/example.conf.in
index db54f9739f9b1d6ba9a8d357082aac8cb9be1660..c2bc6e9d849416596691cdc62f543643d8264cb7 100644 (file)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -117,7 +117,7 @@ server:
 
        # buffer size for UDP port 53 outgoing (SO_SNDBUF socket option).
        # 0 is system default.  Use 4m to handle spikes on very busy servers.
-       # so-sndbuf: 0
+       # so-sndbuf: 1m
 
        # use SO_REUSEPORT to distribute queries over threads.
        # at extreme load it could be better to turn it off to distribute even.

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index e963a3e3a352d7004e122ec8d077b9aacbe271fa..3407b3414bc8f2c46f511d16e781019c7b42e0f7 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -355,11 +355,14 @@ If not 0, then set the SO_SNDBUF socket option to get more buffer space on
 UDP port 53 outgoing queries.  This for very busy servers handles spikes
 in answer traffic, otherwise 'send: resource temporarily unavailable'
 can get logged, the buffer overrun is also visible by netstat \-su.
-Default is 0 (use system value).  Specify the number of bytes to ask
-for, try "4m" on a very busy server.  The OS caps it at a maximum, on
-linux Unbound needs root permission to bypass the limit, or the admin
-can use sysctl net.core.wmem_max.  On BSD, Solaris changes are similar
-to so\-rcvbuf.
+Default is 1M. If set to 0 it uses the system value. Specify the number
+of bytes to ask for, try "4m" on a very busy server. It needs some space
+to be able to deal with packets that wait for local address resolution,
+from like ARP and NDP discovery, before they are sent out, hence
+it is elevated above the system default by default.  The OS caps it at
+a maximum, on linux Unbound needs root permission to bypass the limit,
+or the admin can use sysctl net.core.wmem_max.  On BSD, Solaris changes
+are similar to so\-rcvbuf.
 .TP
 .B so\-reuseport: \fI<yes or no>
 If yes, then open dedicated listening sockets for incoming queries for each

diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
index 26efadc151a1fd9cb5e01c1afda168b61b5feb89..a3b4d494176c6f9aef245bf7029b27b38db2dd26 100644 (file)
--- a/services/listen_dnsport.c
+++ b/services/listen_dnsport.c
@@ -473,7 +473,8 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
                                        "Got %u. To fix: start with "
                                        "root permissions(linux) or sysctl "
                                        "bigger net.core.wmem_max(linux) or "
-                                       "kern.ipc.maxsockbuf(bsd) values.",
+                                       "kern.ipc.maxsockbuf(bsd) values. or "
+                                       "set so-sndbuf: 0 (use system value).",
                                        (unsigned)snd, (unsigned)got);
                        }
 #  ifdef SO_SNDBUFFORCE

diff --git a/util/config_file.c b/util/config_file.c
index f1a26674e3d6fd7d18be55719c134c2dda664777..328b62df8963c4cd4baf3d58b29a9d27dc2d009f 100644 (file)
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -210,7 +210,7 @@ config_create(void)
        cfg->if_automatic = 0;
        cfg->if_automatic_ports = NULL;
        cfg->so_rcvbuf = 0;
-       cfg->so_sndbuf = 0;
+       cfg->so_sndbuf = 1024*1024;
        cfg->so_reuseport = REUSEPORT_DEFAULT;
        cfg->ip_transparent = 0;
        cfg->ip_freebind = 0;