BIND BOTTLENECK: internall 90 seconds query timeout & recursive-clients limit
Ladislav Vobr
lvobr at ies.etisalat.ae
Tue May 18 02:44:07 UTC 2004
well I am reposting this, since I didn't get any reply last time, not
even a single one:-(, and honestly I don't expect many this time, since
as I have noticed isc support became commercial, and post by person
directly from isc team in this 'still free mailing list' has become so
rare since that time....
....perhaps even this list should become commercial and people should
get paid for reporting and many times even solving/patching things in
this list..
from isc.org site about the commercial 3rd line support...
...." A certification process is being defined to ensure ISC is
providing 3rd line support and not general help desk questions."...
will this list be considered now for "general help desk questions" ?
I personally think bind is great product and isc.org great company, but
feeling sad from the selective approach perhaps isc is going to acquire
now, about what should be answered for free and what is going to be "3rd
line support" and people in the mailing list will never see it, correct
me if I am wrong
..............................
My questions below
..............................
When all the nameservers for certain domain are unreachable, bind
doesn't log or bogus such a servers or domain, be it unreachable even
for hours/days/weeks/years. Administrator has no idea how many such
servers are being permanently retried in the background from his server
for hours/days/weeks/years. He can discovered it only by chance or
waiting for the customer complain, to trigger the troubleshooting.
worse of this, imho if the internal timeout of each such a query is 90
seconds, 11 such queries to unreachable domains per seconds are enough
to fill the default 1000 concurrent recursive query queue after these 90
seconds only by these type of requests.
How you people run a recursive servers with 1,2,3 thousands of requests
per seconds having some foreign external zones completely unreachable,
which is fact of life today. What is your recursive clients limit?
Having the recursive-clients 2000 will just imho let me receive 22 such
a requests per seconds, that's really very small number in scenario with
lot of traffic for example 150-300 queries to unreachable domains servers.
Shouldn't isc think about at least setting up the log file for such a
long term unreachable servers, so administrator can easily bogus them if
bind prefers not to do it and avoid this problem of very simple
internal recursive queue fill-up. It is being considered even of less
importance than being lame, but the impact on system performance in such
cases is enormous if traffic is high, and can completely put bind out of
service without any single messages being logged about what makes the
bind busy in the background.
Ladislav
More information about the bind-users
mailing list