Secondary refresh tuning

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Wed Dec 4 18:56:24 UTC 2002 

Don Stokes <don at daedalus.co.nz> wrote:

> I have a server, running BIND 8, that operates as a secondary to about
> 2300 zones, at a wide variety of primary addresses and administrators. 
> The server is updated automatically from a provider's database, and
> inevitably a number -- about 400 -- of the primaries out there are not
> reachable or defunct.  Some of them have never been able to transfer
> zones. 

> Of course if I could positively identify which ones were genuinely dead
> vs the ones that might come back one day, I wouldn't be writing this..

> The problem I had been having with these is that the server always had
> named-xfer processes running, trying to talk to primaries that weren't
> ever going to answer.  These clogged things up enough that legitimate
> zone transfers were taking hours to be performed.

> I solved this by writing a wrapper to named-xfer that maintained a
> database of results and timestamps; if an axfr is queried before a
> "hold" period has expired, the last result is just returned and
> named-xfer doesn't run.  The hold period is a sliding arrangement, so
> that the first time a zone is unreachable, it is set to 15 minutes, and
> gets longer the longer the zone can't transfer, up to a maximum
> (currently 6 hours).  That way defunct zones only attempt AXFRs
> occasionally, while functioning zones are transferred within seconds
> rather than hours as before.

> I'm looking at upgrading to BIND 9, which of course does not have a
> separate named-xfer.  BIND 9 does have minimum and maximum refresh/retry
> periods, which would help.  But I'm not really sure what the effect of
> hundreds of defunct zones would be on BIND 9.

> Would 400 or so defunct primaries stop an active zone being updated
> immediately if a notify for it was received?

Why don't you remove or comment out those 400 ? Noone is happy with 
non-working zones.

> -- don


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list