Skip to content

TASK-91082: Announce dnsbuf module deprecation #807

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dkoerichbird merged 4 commits into from
Nov 6, 2025
Merged

TASK-91082: Announce dnsbuf module deprecation #807

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ec456ba
TASK-91082: Changing dnsbuf documentation
dkoerichbird Sep 29, 2025
3032eb9
TASK-91082: Replying to review feedbacks
dkoerichbird Oct 15, 2025
1577ea9
TASK-91082: Announce deprecation of dnsbuf module
dkoerichbird Oct 17, 2025
e8e1b9c
TASK-91082: Better writing of deprecation statement
dkoerichbird Oct 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions content/momentum/3/3-reference/3-reference-modules-dnsbuf.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
---
lastUpdated: "03/26/2020"
lastUpdated: "09/30/2025"
title: "dnsbuf – Dynamically Set the DNS UDP Buffer Size"
description: "Configuration Change This feature is available as beta in Momentum 3 6 5 Momentum does not manipulate the size of UDP sockets it creates and uses for DNS queries instead it will use the default sizes configured by the Operating System This can create problems for clients with too many..."
---

<a name="idp19364064"></a>

**Configuration Change. ** This feature is available as beta in Momentum 3.6.5.
**Configuration Change.** This feature is available as beta in Momentum 3.6.5.

> **NOTE: This feature was DEPRECATED in Momentum 4.8. Please refer to the [updated](/momentum/4/modules/dnsbuf-new) module for changes in the functionality.**

Momentum does not manipulate the size of UDP sockets it creates and uses for DNS queries; instead, it will use the default sizes configured by the Operating System. This can create problems for clients with too many domains (e.g., tens of thousands) in the system. Responses may be dropped, causing unnecessary DNS failures and retries, thus further increasing the DNS query volume. The `dnsbuf` module enables the client to manipulate the DNS buffer sizes on demand, on the fly.

Expand Down Expand Up @@ -150,4 +152,4 @@ The following is an example in which Momentum started with ~30,000 unresolvable
DNS AAAA Queries: 0
DNS MX Queries: 908388
Pending DNS Queries: 311
```
```
4 changes: 0 additions & 4 deletions content/momentum/4/4-console-commands.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,10 +84,6 @@ This table lists all console commands alphabetically giving a brief description.
| [dns_cache refcnts](/momentum/4/console-commands/dns-cache) – Show the references in the DNS cache | 4.0 |   | dns |
| [dns_cache stats](/momentum/4/console-commands/dns-cache) – Show summary stats for the DNS cache | 4.0 |   | dns |
| [dns_cache submit](/momentum/4/console-commands/dns-cache) – Submit a DNS query | 4.0 |   | dns |
| [dnsbuf interval](/momentum/4/modules/dnsbuf#modules.dnsbuf.console) – Change how often setsockopt() operations are performed | 4.2 | dnsbuf | module |
| [dnsbuf rcvbuf_size](/momentum/4/modules/dnsbuf#modules.dnsbuf.console) – Change the rcvbuf_size value on the fly | 4.2 | dnsbuf | module |
| [dnsbuf sndbuf_size](/momentum/4/modules/dnsbuf#modules.dnsbuf.console) – Change the sndbuf_size value on the fly | 4.2 | dnsbuf | module |
| [dnsbuf verify](/momentum/4/modules/dnsbuf#modules.dnsbuf.console) – Query active sockets for current buffer sizes and report the results | 4.2 | dnsbuf | module |
| [domain all](/momentum/4/console-commands/domain-all) – Show statistics for all domains | 4.0 |   | stats |
| [domain](/momentum/4/console-commands/domain) – Show domain statistics | 4.0 |   | stats |
| [ds_core flush cache_name](/momentum/4/modules/ds-core#modules.ds_core.console) – Flush a specific cache | 4.0 | ds_core | module |
Expand Down
88 changes: 88 additions & 0 deletions content/momentum/4/modules/dnsbuf-new.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
---
lastUpdated: "09/30/2020"
title: "dnsbuf – Configure the DNS UDP Buffer Sizes"
description: "Configuration Change This feature is available in Momentum 4 8 and later"
---

<a name="idp21140416"></a>

**Configuration Change.** This feature is available in Momentum 4.8 and later.

Momentum does not manipulate the size of UDP sockets it creates and uses for DNS queries; instead, it will use the default sizes configured by the Operating System. This can create problems for clients with too many domains (e.g., tens of thousands) in the system. Responses may be dropped, causing unnecessary DNS failures and retries, thus further increasing the DNS query volume. The `dnsbuf` module enables the client to configure the DNS buffer sizes at the service startup.

### <a name="modules.dnsbuf.configuration"></a> Configuration

The `dnsbuf` module is configured as follows:

<a name="example.dnsbuf"></a>

```
dnsbuf {
Copy link
Contributor

@juliebin juliebin Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still have dnsbuf module? I thought we moved the config options to global.

And this options only work for ARES resolver, right? I don't see it's called out here.

Copy link
Contributor Author

@dkoerichbird dkoerichbird Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dnsbuf module was retained for back compatibility, but you can see in the source code PR that it changes the new global configuration behind the scenes.
And yes, this is only applicable for ARES (indeed, it always was, even in the 4.7 version and older ones).

Copy link
Contributor

@juliebin juliebin Oct 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the config option defined in the module will be actually taken for the global? Why is it? We don't normally do it.
I would prefer to remove them from the dnsbuf module and only keep it as global.

Copy link
Contributor Author

@dkoerichbird dkoerichbird Oct 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the config option defined in the module will be actually taken for the global? Why is it? We don't normally do it.

The original implementation of dnsbuf relied on the UDP sockets that Momentum created for ARES in the glue logic with the imported library, so the changes in the options could be set at runtime, e.g., with a reload of the configuration.
Now the UDP buffers for the sockets created internally by ARES need to be configured at the library instantiation, i.e., during ecelerity startup. I looked for an example in the source where the core searches for and reads the options of an instantiated module to be applied during startup; however, I think that this is not possible with the current support of the modules API.

I would prefer to remove them from the dnsbuf module and only keep it as global.

If we replace the dnsbuf options with the global options, we'll break the configuration of customers that use that module.

Copy link
Contributor

@juliebin juliebin Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. If we can re-initialize ARES lib/channels before, we should be able to do it now. But the easiest way right now is to keep the UG clear that such configuration change requires Momentum restart
  2. We don't want to keep supporting deprecated features. If dnsbuf has no need to exist any more, customers using it right now will fail to start Momentum and a one time fix to move the configuration to global will fix it. I'd like to go this route. Not mentioning that it's very unlikely dnsbuf is actually in use.

sndbuf_size = "65536" # Default value is 131072
rcvbuf_size = "65536" # Default value is 131072
}
```

<dl class="variablelist">

<dt>sndbuf_size</dt>

<dd>

The SO_SNDBUF value is set to this value for all UDP DNS sockets. Minimum value is 1024\. Note that in Linux the value in the kernel is automatically doubled; e.g., when a value of 65536 is configured in the module, the kernel will implement a buffer size of 131072.

</dd>

<dt>rcvbuf_size</dt>

<dd>

The SO_RCVBUF value is set to this value for all UDP DNS sockets. Minimum value is 1024\. Note that in Linux the value in the kernel is automatically doubled; e.g., when a value of 65536 is configured in the module, the kernel will actually implement a buffer size of 131072.

</dd>

</dl>

### <a name="modules.dnsbuf.subtleties"></a> Subtleties


* Changes in the values require a service restart to take effect. They are *not* applied in a configuration reload.
* The buffer cannot be set beyond the **sysctl**-defined maximums in Linux:

```
net.core.rmem_max
net.core.wmem_max
```

Note that those values are the post-doubled values; e.g., if `net.core.wmem_max` is set to 65536, the maximum value that will work in the `dnsbuf` module is `sndbuf_max` = 32768.

### <a name="modules.dnsbuf.dropped"></a> Determining that DNS Responses are Being Dropped

To determine whether the DNS responses are being dropped because the DNS UDP socket buffer is full, look for a corresponding increase in the "Pending DNS Queries" statistic from Momentum and the UDP packet errors from netstat, e.g.:

```
while sleep 1; do (netstat --udp -s | grep error; echo summary |
/opt/msys/ecelerity/bin/ec_console | grep DNS); echo; done
```

The following is an example in which Momentum started with ~30,000 unresolvable domains in the queue. Notice that the "packet receive errors" number has increased, and there are a high number of pending DNS queries.
Copy link
Contributor

@kkelley1 kkelley1 Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this meant to show the output from the above summary cmd and grep? It isn't, unless maybe you added a -C1 to the grep.

Copy link
Contributor Author

@dkoerichbird dkoerichbird Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would print the previous and next lines of the lines containing "DNS" in the command output, what I think is not the purpose here.

Copy link
Contributor

@kkelley1 kkelley1 Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My point was that this example output does have lines before and after the lines with 'DNS' in them.

Copy link
Contributor Author

@dkoerichbird dkoerichbird Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I see your point, you were referring to the next snippet, sorry.

Copy link
Contributor Author

@dkoerichbird dkoerichbird Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, that output is for a 4.7 version and earlier, when there were fewer "DNS" lines in the summary output.
The first line comes from the output of netstat.


```
1559857 packet receive errors
DNS A Queries: 924801
DNS AAAA Queries: 0
DNS MX Queries: 907577
Pending DNS Queries: 312

1559857 packet receive errors
DNS A Queries: 924803
DNS AAAA Queries: 0
DNS MX Queries: 907849
Pending DNS Queries: 43

1560125 packet receive errors
DNS A Queries: 924803
DNS AAAA Queries: 0
DNS MX Queries: 908388
Pending DNS Queries: 311
```
8 changes: 5 additions & 3 deletions content/momentum/4/modules/dnsbuf.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
---
lastUpdated: "03/26/2020"
lastUpdated: "09/30/2020"
title: "dnsbuf – Dynamically Set the DNS UDP Buffer Size"
description: "Configuration Change This feature is available in Momentum 4 2 and later Momentum does not manipulate the size of UDP sockets it creates and uses for DNS queries instead it will use the default sizes configured by the Operating System This can create problems for clients with too many domains..."
---

<a name="idp21140416"></a>

**Configuration Change. ** This feature is available in Momentum 4.2 and later.
**Configuration Change.** This feature is available from Momentum 4.2 through 4.7.

> **NOTE: This feature was DEPRECATED in Momentum 4.8. Please refer to the [updated](/momentum/4/modules/dnsbuf-new) module for changes in the functionality.**

Momentum does not manipulate the size of UDP sockets it creates and uses for DNS queries; instead, it will use the default sizes configured by the Operating System. This can create problems for clients with too many domains (e.g., tens of thousands) in the system. Responses may be dropped, causing unnecessary DNS failures and retries, thus further increasing the DNS query volume. The `dnsbuf` module enables the client to manipulate the DNS buffer sizes on demand, on the fly.

Expand Down Expand Up @@ -150,4 +152,4 @@ The following is an example in which Momentum started with ~30,000 unresolvable
DNS AAAA Queries: 0
DNS MX Queries: 908388
Pending DNS Queries: 311
```
```
2 changes: 1 addition & 1 deletion content/momentum/4/modules/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ description: "Table of Contents 71 1 Introduction 71 2 ac auth Authentication Ha
| [custom_logger](/momentum/4/modules/custom-logger) | User-defined Logging |
| [dane](/momentum/4/modules/dane) | DANE related DNS Lookups and TLS Verifications |
| [delay_dsn](/momentum/4/modules/delay-dsn) | Delay DSN Generation |
| [dnsbuf](/momentum/4/modules/dnsbuf) | Dynamically Set the DNS UDP Buffer Size |
| [dnsbuf](/momentum/4/modules/dnsbuf-new) | Configure the DNS UDP Buffer Sizes |
| [domainkeys](/momentum/4/modules/domainkeys) | Yahoo! DomainKeys |
| [ds_core](/momentum/4/modules/ds-core) | Datasource Query Core |
| [EC_logger](/momentum/4/modules/ec-logger) | Momentum-Style Logging |
Expand Down
2 changes: 1 addition & 1 deletion content/momentum/4/modules/summary-all-modules.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ All modules are listed alphabetically with a brief description. Singleton module
| [dk_validate](/momentum/4/modules/domainkeys) | 4.0 | Validate inbound mail checking domain keys signatures |   |   |  ✓ |   |
| [dkim_sign](/momentum/4/modules/opendkim) | 4.0 | Attach DKIM signatures to outbound mail |   |   |  ✓ |   |
| [dkim_validate](/momentum/4/modules/opendkim) | 4.0 | Validate inbound mail checking DKIM signatures |   |   |  ✓ |   |
| [“dnsbuf – Dynamically Set the DNS UDP Buffer Size”](/momentum/4/modules/dnsbuf) | 4.2 | Manipulate DNS buffer sizes on demand |   |   |   |   |
| [“dnsbuf – Configure the DNS UDP Buffer Sizes”](/momentum/4/modules/dnsbuf-new) | 4.8 | Set UDP buffer sizes for DNS |   |   |   | [“dnsbuf – Dynamically Set the DNS UDP Buffer Size”](/momentum/4/modules/dnsbuf) **(DEPRECATED)** |
| [“ds_core - Datasource Query Core”](/momentum/4/modules/ds-core) (*singleton*) | 4.0 | Provide modular data access and caching for use by other modules |  ✓ |   |   |   |
| [“EC_logger – Momentum-Style Logging”](/momentum/4/modules/ec-logger) | 4.0 | Log the status of messages |   |   |   |   |
| [“eleven – Eleven eXpurgate Content Scanning”](/momentum/4/modules/eleven) (*singleton*) | 4.0 | This module implements the eleven spam filter and categorization service |   |   |  ✓ |   |
Expand Down
Loading