BIND BOTTLENECK: internall 90 seconds query timeout & recursive-clients limit
Ladislav Vobr
lvobr at ies.etisalat.ae
Tue May 18 06:43:44 UTC 2004
> This list is not for technical support from ISC. The people who answer
> in this list are mostly not associated with ISC at all, we're just
> knowledgeable users.
>
> ISC is not a commercial software vendor. If you want to purchase
> technical support, go to Nominum, Inc. <www.nominum.com>.
thanks barry, we are exploring the ways for commercial support for bind
and/or CNS/ANS nominum products since company is pushing for it, I know
this this is just user list, but I miss those daily posts by isc people,
although sometimes we (users) made a hard time for them :-)
> I think this will actually only be a problem if *all* the servers for a
> domain are down. BIND keeps track of past response times for servers,
> and chooses the one with the best previous response time when selecting
> which NS record for a domain to use.
yes, it is problem only when *all* are unreachable, but when it happen
it is going to be a major bottleneck, which is severely impacting the
performance of bind, it becoming a phenomena of the net, if I may called
it like this, with growing number of end users with
viruses/trojans/backdoors/spammers.... this becoming very severe for
large recursive services.
Once I was getting around 1500 requests per second only to
infopak.gov.pk which was from virus which inflected large number of
customers, for each requests my recursive servers starts following up
with *all* these unreachable servers, since the infopak.gov.pk domain
went completely down The performance of the bind was very disappointing,
and what's worse not even a single line of the log... lame log is full
of servers which are up and wrongly configured, but cases like this not
even a single line....
it can bring bind completely down, it just depends how much such
requests you can send...
Ladislav
More information about the bind-users
mailing list