diff options
author | Petr Špaček <petr.spacek@nic.cz> | 2020-01-06 18:35:30 +0100 |
---|---|---|
committer | Tomas Krizek <tomas.krizek@nic.cz> | 2020-01-15 10:38:17 +0100 |
commit | 56947b8308edb6379235fdc21a81f0632adb2b9b (patch) | |
tree | 5d038e15a8540510d745740d2db9a6dc25d8ff65 /systemd | |
parent | doc: move reorder_RR() into policy/acl/data manipulation section (diff) | |
download | knot-resolver-56947b8308edb6379235fdc21a81f0632adb2b9b.tar.xz knot-resolver-56947b8308edb6379235fdc21a81f0632adb2b9b.zip |
doc: move Cache and Multiple instance chapters into Performance section
It logically belongs here and it will make high-level structure less
crowded.
Diffstat (limited to 'systemd')
-rw-r--r-- | systemd/multiinst.rst | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/systemd/multiinst.rst b/systemd/multiinst.rst new file mode 100644 index 00000000..d9be8538 --- /dev/null +++ b/systemd/multiinst.rst @@ -0,0 +1,90 @@ +Multiple instances +------------------ + +Knot Resolver can utilize multiple CPUs running in multiple independent instances (processes), where each process utilizes at most single CPU core on your machine. If your machine handles a lot of DNS traffic run multiple instances. + +All instances typically share the same configuration and cache, and incomming queries are automatically distributed by operating system among all instances. + +Advantage of using multiple instances is that a problem in a single instance will not affect others, so a single instance crash will not bring whole DNS resolver service down. + +.. tip:: For maximum performance, there should be as many kresd processes as + there are available CPU threads. + +To run multiple instances, use a different identifier after `@` sign for each instance, for +example: + +.. code-block:: bash + + $ systemctl start kresd@1.service + $ systemctl start kresd@2.service + $ systemctl start kresd@3.service + $ systemctl start kresd@4.service + +With the use of brace expansion in BASH the equivalent command looks like this: + +.. code-block:: bash + + $ systemctl start kresd@{1..4}.service + +For more details see ``kresd.systemd(7)``. + + +Zero-downtime restarts +^^^^^^^^^^^^^^^^^^^^^^ +Resolver restart normally takes just miliseconds and cache content is persistent to avoid performance drop +after restart. If you want real zero-downtime restarts use `multiple instances`_ and do rolling +restart, i.e. restart only one resolver process at a time. + +On a system with 4 instances run these commands sequentially: + +.. code-block:: bash + + $ systemctl restart kresd@1.service + $ systemctl restart kresd@2.service + $ systemctl restart kresd@3.service + $ systemctl restart kresd@4.service + +At any given time only a single instance is stopped and restarted so remaining three instances continue to service clients. + + +.. _instance-specific-configuration: + +Instance-specific configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Instances can use arbitraty identifiers for the instances, for example we can name instances like `dns1`, `tls` and so on. + +.. code-block:: bash + + $ systemctl start kresd@dns1 + $ systemctl start kresd@dns2 + $ systemctl start kresd@tls + $ systemctl start kresd@doh + +The instance name is subsequently exposed to kresd via the environment variable +``SYSTEMD_INSTANCE``. This can be used to tell the instances apart, e.g. when +using the :ref:`mod-nsid` module with per-instance configuration: + +.. code-block:: lua + + local systemd_instance = os.getenv("SYSTEMD_INSTANCE") + + modules.load('nsid') + nsid.name(systemd_instance) + +More arcane set-ups are also possible. The following example isolates the +individual services for classic DNS, DoT and DoH from each other. + +.. code-block:: lua + + local systemd_instance = os.getenv("SYSTEMD_INSTANCE") + + if string.match(systemd_instance, '^dns') then + net.listen('127.0.0.1', 53, { kind = 'dns' }) + elseif string.match(systemd_instance, '^tls') then + net.listen('127.0.0.1', 853, { kind = 'tls' }) + elseif string.match(systemd_instance, '^doh') then + net.listen('127.0.0.1', 443, { kind = 'doh' }) + else + panic("Use kresd@dns*, kresd@tls* or kresd@doh* instance names") + end |