how to debug "no more recursive clients"
Danny Mayer
mayer at ntp.isc.org
Fri Feb 10 04:13:19 UTC 2006
Len Conrad wrote:
>>> We have "forwarding DNS" setup, where all the internal DNS "forward
>>> first" to our recursive-only rns1 and rns2 (recursive ns).
>>>
>> Why would you do that?
>
> So all our forwarding DNSs benefit from the consolidated, system-wide
> caches on rns1/2. At 30 createfetches/second from rns1, our DNS
> traffic is pretty high.
>
All the more reason not to do this. There is no real benefit to your
design, just the illusion. If you really look at the time the server
takes to go out to the authorative servers to get the information you
will see almost no difference. Jim Reid could expound on this at length.
>> Just have them do it themselves. There's no
>> advantage to forwarding by doing what you are doing and in fact
>
> Many of our MTAs running in parallel and running BIND do the same
> queries, so having those answers cached speeds up a lot of queries,
> esp often-very-slow PTR and RBL queries.
>
You're only fooling yourself if you believe that.
>> as you
>> are finding out, considerable disadvantages.
>
> The problem is not our system design which has worked for many weeks
> without problems, but what caused BIND9 to hit the 1000 recursive
> client limit twice, when the avg recursive client count is less than 60.
>
Your poor system design is a separate issue from what's causing BIND to
hit its recursive limit.
Danny
> Len
More information about the bind-users
mailing list