recursive-clients, what value ?
Richard Maynard
ephur at corp.earthlink.net
Tue Jun 15 05:25:30 UTC 2004
> it is by default in bind9 (3hours) and (10min for lame servers) only
> nxdomain, nxrrset are cached, servfail is not, time-outs are not, if
> *all* nameservers for high traffic domain are down, bind will keep
> flooding it sometimes with incredible rate depends purely on your
> clients, bind doesn't control it in any way,just amplify (by retries)
> you clients' flood and sends it to those "pure victim
> servers", same for
> servfail.
Ahhh! That's good to know, I didn't realize the ServFail's weren't cached.
Thanks for the info, I sure wish servfails were cached, as it stands, it's
not hard to start a short lived DOS against a DNS farm that will recurse for
you with bad servers and one bad domain.
> Richard, how can I plot cache hit rate? Do you mean rndc
> stats, there is
> only # of recursive requests.
You can look at the # of recursive requests and the number of total requests
to get the % of your requests that are answered from Cache. I found this to
be amongst the most useful datasets when correlating machine performance
with different configurations. It's not uncommon to see 75% of the queries
on my farm answered out of cache during peak usage hours. I don't know or
have exact numbers on how much longer a cached vs a non-cached query will
take right now, but I do have direct performance differences.
Getting my cache hit rate up from ~50% to ~65% yeilded more than a 15%
performance improvement, with only minimal changes to our configurations.
-- Richard Maynard
More information about the bind-users
mailing list