[Help] 升级后想降级回旧版失败，redis报错。

Question

[Help] 升级后想降级回旧版失败，redis报错。

4thanks opened this issue 2 years ago · 15 comments

在提交之前，请确认

我已经尝试搜索过Issue和看过参数说明，但没有找到相关问题。
我正在使用最新的docker镜像版本（可以尝试docker pull sliamb/paopaodns:latest后重新创建容器，如果不确定的话可以尝试使用sliamb/paopaodns:dev）。

脚本自检日志

/ # debug.sh
=====PaoPaoDNS docker debug=====
images build time : 2023-04-26 16:39:31 UTC
Could not connect to Redis at 127.0.0.1:6379: Connection refused
====ENV TEST====
MEM:100k 200k 200 16mb
CORES:1
POWCORES:1
TZ:Asia/Shanghai
UPDATE:weekly
DNS_SERVERNAME:PaoPaoDNS,blog.03k.org
ETHIP:172.17.0.2
DNSPORT:53
SOCKS5:no
CNAUTO:yes
IPV6:no
CNFALL:yes
====ENV TEST====
PID   USER     TIME  COMMAND
    1 root      0:00 {init.sh} /bin/sh /usr/sbin/init.sh
   11 root      0:00 crond
   44 root      0:12 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.toml
   45 root      0:01 mosdns start -d /tmp -c mosdns.yaml
   52 root      0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
   53 root      0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
   54 root      0:00 inotifywait -e modify /etc/unbound/named.cache
   55 root      0:00 inotifywait -e modify /data/force_cn_list.txt /data/force_nocn_list.txt /data/Country-only-cn-private.mmdb
   57 root      0:03 redis-server unixsocket:/tmp/redis.sock
  112 root      0:00 /bin/sh
  184 root      0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
  188 root      0:00 ps -ef
domain:whoami.ds.akahelp.net
domain:whoami.03k.org
CNIP URL test:
101.87.73.226
101.87.73.226
------------------
NOCN IP URL test:
101.87.73.226
101.87.73.226
101.87.73.226
101.87.73.226
101.87.73.226
------------------
IP INFO:
101.87.73.226
CN,Shanghai,Shanghai
ASN4812/China Telecom
HTTP/1.1
curl/8.0.1
------------------
The DNS hijacking test, you will see timed out message.
;; communications error to 6.7.8.9#53: timed out
;; communications error to 6.7.8.9#53: timed out
;; communications error to 6.7.8.9#53: timed out
;; no servers could be reached


----------akahelp whoami test----------
------------------
mosdns whoami dig:
"ns" "52.77.3.215"
------------------
local unbound whoami dig:
;; communications error to 127.0.0.1#5301: connection refused
;; communications error to 127.0.0.1#5301: connection refused
;; communications error to 127.0.0.1#5301: connection refused
;; no servers could be reached

------------------
dnscrypt raw whoami dig:
"ns" "52.77.3.215"
------------------
dnscrypt with socks5 whoami dig:
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached

------------------
dnscrypt unbound whoami dig:
;; communications error to 127.0.0.1#5304: connection refused
;; communications error to 127.0.0.1#5304: connection refused
;; communications error to 127.0.0.1#5304: connection refused
;; no servers could be reached

------------------
----------03k.org whoami test----------
------------------
mosdns whoami dig:
180.153.91.55
------------------
local unbound whoami dig:
;; communications error to 127.0.0.1#5301: connection refused
;; communications error to 127.0.0.1#5301: connection refused
;; communications error to 127.0.0.1#5301: connection refused
;; no servers could be reached

------------------
dnscrypt raw whoami dig:
52.77.3.215
------------------
dnscrypt with socks5 whoami dig:
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached

------------------
dnscrypt unbound whoami dig:
;; communications error to 127.0.0.1#5304: connection refused
;; communications error to 127.0.0.1#5304: connection refused
;; communications error to 127.0.0.1#5304: connection refused
;; no servers could be reached

------------------
----------CN test----------
mosdns CN dig:
www.taobao.com.danuoyi.tbcache.com.
106.227.21.184
106.227.21.185
------------------
local unbound CN dig:
;; communications error to 127.0.0.1#5301: connection refused
;; communications error to 127.0.0.1#5301: connection refused
;; communications error to 127.0.0.1#5301: connection refused
;; no servers could be reached

------------------
dnscrypt raw CN dig:
www.taobao.com.danuoyi.tbcache.com.
163.181.1.233
163.181.1.232
------------------
dnscrypt with socks5 CN dig:
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached

------------------
dnscrypt unbound CN dig:
;; communications error to 127.0.0.1#5304: connection refused
;; communications error to 127.0.0.1#5304: connection refused
;; communications error to 127.0.0.1#5304: connection refused
;; no servers could be reached

------------------
----------NOCN test----------
mosdns NOCN dig:
youtube-ui.l.google.com.
wide-youtube.l.google.com.
74.125.24.198
------------------
local unbound NOCN dig:
;; communications error to 127.0.0.1#5301: connection refused
;; communications error to 127.0.0.1#5301: connection refused
;; communications error to 127.0.0.1#5301: connection refused
;; no servers could be reached

------------------
dnscrypt raw NOCN dig:
youtube-ui.l.google.com.
wide-youtube.l.google.com.
74.125.24.198
------------------
dnscrypt with socks5 NOCN dig:
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; no servers could be reached

------------------
dnscrypt unbound NOCN dig:
;; communications error to 127.0.0.1#5304: connection refused
;; communications error to 127.0.0.1#5304: connection refused
;; communications error to 127.0.0.1#5304: connection refused
;; no servers could be reached

------------------
----------IPV6 test----------
dual CN domain IPV6:
dual NOCN domain IPV6:
IPV6 only domain :

问题描述和复现步骤

匆忙升级后，旧版反而不能用了，因为升级新版后内存占用飙升至28%，之前都8%-12%浮动，想用回旧版redis错误stderr: Could not connect to Redis at 127.0.0.1:6379: Connection refused。主要是升级后也没感觉性能变快变好。

感觉应该是从Merge the new features of unbound redis a0b7dc6 后变动

能否在功能变动时，也保留之前的稳定版呢？

Answer 1 · 2023-05-01T07:05:02.000Z

你这个不是最新的，最新是images build time是4-30

Answer 2 · 2023-05-01T07:10:41.000Z

你这个不是最新的，最新是images build time是4-30

想用旧版，但降级使用失败。新版是正常的，但内存占用太高了。

Answer 3 · 2023-05-01T07:15:25.000Z

新配置文件不兼容旧程序，旧镜像使用新配置会出错，如果是旧程序，/data目录清空才会重新生成默认配置。
占用内存你可以debug.sh看看日志，不一定是坏事。新配置使用socket和redis通信，降低了TCP开销，和旧的不兼容。

Answer 4 · 2023-05-01T07:36:12.000Z

新配置文件不兼容旧程序，旧镜像使用新配置会出错，如果是旧程序，/data目录清空才会重新生成默认配置。

懂了，之前的缓存只能重新再来了。

占用内存你可以debug.sh看看日志，不一定是坏事。新配置使用socket和redis通信，降低了TCP开销，和旧的不兼容。

家庭3-5人使用影响大吗？如果不大的话，感觉还是旧版内存占用小更让人舒适😂

Answer 5 · 2023-05-01T07:38:18.000Z

如果内存占用变高，可能的原因有：

启动的时候检测到可用内存能满足更大的缓存需求，调整了更大的缓存设置
新镜像DNS服务器新增了TCP查询服务
新镜像会根据系统ulimit限制调整参数，之前设定是低于512M限制为1
具体要看你日志

Answer 6 · 2023-05-01T07:40:56.000Z

rdb缓存文件是始终兼容的，不保留配置的话，你可以清空除了rdb之外的文件。

Answer 7 · 2023-05-01T07:46:04.000Z

rdb缓存文件是始终兼容的，不保留配置的话，你可以清空除了rdb之外的文件。

已经删了，不过也没事，我路由套娃着用，本来等攒满1个月的缓存再做主力使用的，不过用2周rdb缓存也1M不到。

Answer 8 · 2023-05-01T08:01:29.000Z

带CNFALL参数的镜像版本开始默认参数CNFALL=yes是开着的，不用攒缓存响应速度也不会低于使用公共DNS。
你可以再拉新镜像试试，新镜像追加设置了~~新镜像会根据系统ulimit限制调整参数~~设定是低于512M限制为1。

Answer 9 · 2023-05-01T08:06:22.000Z

不用等编译？现在拉取新镜像就可以测试？

Answer 10 · 2023-05-01T08:07:31.000Z

现在的编译配置是分阶段的了，只修改配置编译很快的不用等。

Answer 11 · 2023-05-01T08:38:08.000Z

现在的编译配置是分阶段的了，只修改配置编译很快的不用等。

谢谢，现在新版的内存也在10%上下浮动了，不会飙到二三十了。

Answer 12 · 2023-08-01T06:27:07.000Z

佬，新镜像我2G占用1.8G正常吗

如果内存占用变高，可能的原因有：

* 启动的时候检测到可用内存能满足更大的缓存需求，调整了更大的缓存设置

* 新镜像DNS服务器新增了TCP查询服务

* 新镜像会根据系统ulimit限制调整参数，之前设定是低于512M限制为1
  具体要看你日志

Answer 13 · 2023-08-01T07:07:23.000Z

佬，新镜像我2G占用1.8G正常吗

如果内存占用变高，可能的原因有：

* 启动的时候检测到可用内存能满足更大的缓存需求，调整了更大的缓存设置

* 新镜像DNS服务器新增了TCP查询服务

* 新镜像会根据系统ulimit限制调整参数，之前设定是低于512M限制为1
  具体要看你日志

你可以在容器内单独运行debug.sh，贴出调试信息。
另外，docker是可以限制内存使用量的，容器会根据可用内存自动调整。

Answer 14 · 2023-08-01T07:12:39.000Z

佬，新镜像我2G占用1.8G正常吗
如果内存占用变高，可能的原因有：
* 启动的时候检测到可用内存能满足更大的缓存需求，调整了更大的缓存设置

* 新镜像DNS服务器新增了TCP查询服务

* 新镜像会根据系统ulimit限制调整参数，之前设定是低于512M限制为1
  具体要看你日志
你可以在容器内单独运行debug.sh，贴出调试信息。另外，docker是可以限制内存使用量的，容器会根据可用内存自动调整。

debug.sh如下，请帮忙看下

=====PaoPaoDNS docker debug=====
[info] images build time : 2023-07-27 16:11:37 UTC
[info] ========== env info ==========
====ENV TEST====
MEM:800m 1600m 1000000 1800mb
prefPC:100
CORES:-4-
POWCORES:-4-
ulimit :-524288-
FDLIM :-4096-
TZ:-Asia/Shanghai-
UPDATE:-daily-
DNS_SERVERNAME:-Misaka-Domain-Name-Server-
SERVER_IP:-none-
ETHIP:-10.10.10.99-
DNSPORT:-53-
SOCKS5:-IP:PORT-
CNAUTO:-yes-
IPV6:-yes-
CNFALL:-no-
CUSTOM_FORWARD:-IP:PORT-
AUTO_FORWARD:-no-
AUTO_FORWARD_CHECK:-yes-
USE_MARK_DATA:-no-
RULES_TTL:-0-
CN_TRACKER:-yes-
USE_HOSTS:-no-
HTTP_FILE:-no-
SAFEMODE:--
QUERY_TIME:-2000ms-
PLATFORM:-Linux 60cd5ec438e5 5.15.107-1-pve #1 SMP PVE 5.15.107-1 (2023-04-20T10:05Z) x86_64 Linux-
====ENV TEST====
[info] ========== process info ==========
PID   USER     TIME  COMMAND
    1 root      0:00 {init.sh} /bin/sh /usr/sbin/init.sh
   12 root      0:00 crond
   92 root      0:09 dnscrypt-proxy -config /data/dnscrypt-resolvers/dnscrypt.toml
   95 root      0:06 mosdns start -d /tmp -c mosdns.yaml
   98 root      0:00 {watch_list.sh} /bin/sh /usr/sbin/watch_list.sh
  106 root      0:18 redis-server unixsocket:/tmp/redis.sock
  117 root      0:02 unbound -c /tmp/unbound_forward.conf -p
  120 root      0:09 unbound -c /tmp/unbound_raw.conf -p
  160 root      0:00 inotifywait -e modify,delete /etc/unbound/named.cache /data/Country-only-cn-private.mmdb /data/for
  328 root      0:00 sh
  334 root      0:00 {debug.sh} /bin/sh /usr/sbin/debug.sh
  339 root      0:00 ps -ef
[info] ========== cn list info ==========
domain:whoami.ds.akahelp.net
domain:whoami.03k.org
[info] ========== reids info ==========
used_memory_human:1.04G
used_memory_rss_human:1.22G
used_memory_peak_human:1.04G
total_system_memory_human:15.46G
used_memory_lua_human:31.00K
used_memory_vm_total_human:63.00K
used_memory_scripts_human:181B
maxmemory_human:1.76G
(integer) 3997976
[test] IP test, you will see that all the following IPs are your public network exit IP !
[test] ========== IP TEST START ==========
CN IP URL:
123.x.x.x
123.x.x.x
------------------
Non-CN IP URL:
123.x.x.x
123.x.x.x
123.x.x.x
123.x.x.x
------------------
IP INFO:
123.x.x.x
CN,Ningbo,Zhejiang
ASN4837/China Unicom
HTTP/1.1
curl/8.2.1
Asia/Shanghai Time: 8/1/2023, 3:09:40 PM
------------------
----mosdns whoami aka dig:
"ns" "123.x.x.x"
------------------
----local-unbound whoami aka dig:
"ns" "123.x.x.x"
------------------
----mosdns whoami 03k dig:
123.x.x.x
------------------
----local-unbound whoami 03k dig:
123.x.x.x
[test] ========== IP TEST END ==========

[test] The DNS hijacking test, you will see timed out message !
[test] ========== DNS HIJACK START ==========
;; communications error to 6.7.8.9#53: timed out
;; communications error to 6.7.8.9#53: timed out
;; communications error to 6.7.8.9#53: timed out
;; no servers could be reached


[test] ========== DNS HIJACK END ==========
[test] CN domain test, you will see that the DNS resolution result is CN IP !
[test] ========== CN DOMAIN TEST START ==========
----mosdns CN dig:
www.taobao.com.danuoyi.tbcache.com.
124.160.174.143
124.160.174.142
------------------
----local-unbound CN dig:
www.taobao.com.danuoyi.tbcache.com.
124.160.174.142
124.160.174.143
[test] ========== CN DOMAIN TEST END ==========
[test] Non-CN domain test, you will see that the DNS resolution result is correct IP !
[test] ========== Non-CN DOMAIN TEST START ==========
----mosdns Non-CN dig:
youtube-ui.l.google.com.
108.177.97.91
142.250.157.190
------------------
----dnscrypt-unbound NOCN dig:
youtube-ui.l.google.com.
142.251.140.78
142.251.141.46
------------------
----dnscrypt Non-CN dig:
youtube-ui.l.google.com.
142.250.199.110
172.217.175.110
------------------
----dnscrypt-socks5 Non-CN dig:
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
;; communications error to 127.0.0.1#5303: connection refused
[test] ========== Non-CN DOMAIN TEST END ==========
[test] IPv6 Dual CN test: you will see that IPv6 is OK !
[test] ========== IPV6 CN DOMAIN TEST START ==========
www.taobao.com.danuoyi.tbcache.com.
2408:8742:c2ff:1:3::3eb
2408:8742:c2ff:1:3::3ea
ins-r23tsuuf.ias.tencent-cloud.net.
2408:80f1:21:c120::e
2408:80f1:21:c120::c
[test] ========== IPV6 CN DOMAIN TEST END ==========
[test] IPv6 Dual Non-CN test: you will see that IPv6 is empty !
[test] ========== IPV6 Non-CN DOMAIN TEST START ==========
[test] ========== IPV6 Non-CN DOMAIN TEST END ==========
[test] IPv6 only Non-CN test: you will see that IPv6 is ok !
[test] ========== IPV6 ONLY Non-CN DOMAIN TEST START ==========
2606:4700:3034::6815:15ef
2606:4700:3037::ac43:c96c
ddns-checkipv6.quickconnect.to.
checkipv6.digitalocean.synology.com.
2604:a880:2:d0::220d:b001
2604:a880:2:d0::2245:7001
2604:a880:2:d0::2252:d001
2604:a880:2:d0::22b5:d001
2604:a880:2:d0::230f:1
2604:a880:2:d0::1700:7001
2604:a880:2:d0::2049:2001
2604:a880:2:d0::2076:5001
2604:a880:2:d0::2206:5001
[test] ========== IPV6 ONLY Non-CN DOMAIN TEST END ==========

[info] ALL TEST FINISH.

Answer 15 · 2023-08-01T07:17:10.000Z

看你这个配置，可用内存起码大于8G，而不是2G，8G可用内存占用1.8G正常，容器根据可用内存自动调整的。你可以使用docker相关命令来限制容器可用内存。