Synopsis :
I have a Samba4 server running on Ubuntu. I use the internal DNS server of Samba.
The server also hosts a Syslog server (rsyslog). I also have Syslog clients (not Samba clients) that send logs to the Ubuntu server. The client send their logs on TCP port 601. The peculiarity is that they open a socket for each log. The open the connection, send the log, and then close the connection.
Problem:
When I try to send a large number of logs (1 per second from 100 clients so in total 100 logs per second) from my clients to the server, I have noticed that only a handful of them can be sent (around 20 ~ 30). At the beginning, I thought the problem was the TIME_WAIT state of tcp sockets or other parameters of kernel. I try many parameters including tcp_tw_reuse, tcp_tw_recycle, and tcp_fin_timeout but to no avail.
Finally, I noticed that while my clients were sending logs, hundred of UDP connections on port 53 were also created and were in the ESTABLISHED mode. And since the only DNS server on the server was that of Samba, I stopped Samba service. And then all of a sudden, the number of logs successfully sent from the clients increased. I tried even with higher rates (500 logs per second) and it seems to be functioning well as long as I disable DNS server (or Samba service).
Question:
Why do I have the UDP connections on port 53? I see hundreds of them (up to 1000):
udp 0 0 192.168.0.1:60881 192.168.0.1:53 ESTABLISHED -
udp 0 0 192.168.0.1:54738 192.168.0.1:53 ESTABLISHED -
udp 0 0 192.168.0.1:45013 192.168.0.1:53 ESTABLISHED -
udp 0 0 192.168.0.1:48085 192.168.0.1:53 ESTABLISHED -
udp 0 0 192.168.0.1:54742 192.168.0.1:53 ESTABLISHED -
udp 0 0 192.168.0.1:48087 192.168.0.1:53 ESTABLISHED -
udp 0 0 192.168.0.1:59863 192.168.0.1:53 ESTABLISHED -
udp 0 0 192.168.0.1:33240 192.168.0.1:53 ESTABLISHED -
udp 0 0 192.168.0.1:37338 192.168.0.1:53 ESTABLISHED -
How can I circumvent this?
Details:
Ubuntu 14.04 LTS Samba 4.1.6 Rsyslog: 7.4.4
