no more recursive clients: quota reached

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Feb 5 05:53:47 UTC 2003 

> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> 
> > Greg Robinson wrote:
> 
> >> Hi,
> >>
> >> Our internet link is down at the moment (but it won't be if you can read
> >> this).  We are seeing these error messages on or internal DNS server:
> >>
> >> Feb  3 14:33:07 hostname syslog: client 172.16.2.42#25930: no more recursi
> ve clients: quota reached
> >>
> >> For a whole bunch of IP addresses.  A few are DNS servers, most are
> >> mail or proxy servers.
> >>
> >> I can't find any reference to this in the BIND book, but my guess
> >> is that the DNS server has given up (quota reached) on trying to resolve
> >> domains for this IP address.  And I can safely ignore the message.
> >>
> >> Does this sound about right?
> 
> > No, the message means that the nameserver has reached its maximum number of
> > *simultaneous* recursive-query requests. Any more recursive queries will ha
> ve to wait to be processed.
> > You should only ignore the message if you care nothing about performance or
>  the service levels you're
> > providing to your clients. If you care about such things, either bump up th
> e quota, or find a way to
> > reduce the load, e.g. spread the query load across more servers, eliminate 
> searchlists, or whatever.
> 
> Hi,
> 
> I'd like to thank everyone for their responses.  I did find it in the
> book after Cricket's reference.  Thankx.
> 
> I have a further question: Would this quota effect *all* DNS queries
> to my nameserver, including ones that it is primary for?

	No.  You don't recurse for them.
 
> If this is true, then this would explain why internal mail could not be
> delivered to our UNIX server from our mimesweeper box when the link was
> down.

	More likely is that your MTA is asking for names that cannot
	be resolved when the link is down.  Partially and unqualified
	names cause real problems when used with search list and
	loss of external connectivity.
 
> I have turn on the forward only option in our BIND 9 config.
> 
> Thankx,
> 
> Greg.
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list