Problem with Secondary systems with many zones

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Thu Dec 2 22:51:02 UTC 2004 

list3 at wwwcrazy.com wrote:
> This problem that I have is with systems that have many zones (at least 30,000
> zones).

> If I start a secondary system up with no zone files (so it is completely clean)
> the system will eventually get all of the zone files by getting an AXFR from
> the primary name server.  Then once it gets all of the zones it works perfect
> (dynamic updates and the whole bit).

> When I start a secondary system with zone file already in place (often after a
> reboot) the sytem will never finish the "soa queries in progress".  They just
> keep climbing up until they hit a high number (close to the number of zones in
> the system) and the system just sits there.  It responds to queries but it will
> never get any dynamic updates nor will it ever refresh the zones.

> number of zones: 62786
> debug level: 0
> xfers running: 0
> xfers deferred: 0
> soa queries in progress: 62780
> query logging is OFF
> server is up and running

> So my solution has been to stop bind.  Remove all of the zone files, and start
> again.

> The zone files are in a hash diretory structure.

> so example.com would be in "e/x/db.example.com"

> Any suggestions on why the secondaries on Bind seem not to be able to handle a
> restart when it has many zones.
> I have other sytems that have 15,000 zones and there is no problem.
> This only happens with about 40,000 zones and higher.

You don't seem to run bind-9.3, you should upgrade.

bind-9 has a statement "transfers-per-ns" which according to the "ARM-book" :
transfers-per-ns

    The maximum number of inbound zone transfers that can be concurrently transferring from a given remote name server. The default value is 2. Increasing transfers-per-ns may speed up the convergence of slave zones, but it also may increase the load on the remote name server. transfers-per-ns may be overridden on a per-server basis by using the transfers phrase of the server statement.


Which pretty much seems to do what you need.

> Thanks for any suggestions.
> -Steve



-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list