Weird named act!

Kevin Darcy kcd at daimlerchrysler.com
Wed Sep 8 00:10:57 UTC 2004 

Holdsworth, Matthew wrote:

>Dear All,
>
>Can anyone shed any light on this one:
>
>We run BIND 9.2 on Solaris 8
>
>Every now and again we have to restart the named process on our DNS server.
>Reason being, it stops resolving anything outside of its own zone.
>
>Eg.
>Our resolv.conf file contains the line:
>
>search lond.dtv.cwctv.net lond.dtv.ntl dtv.cwctv.net dtv.ntl
>ops.dtv.cwctv.net ops.dtv.ntl
>
>Now, when the problem occurs it will only resolv hosts from the first one in
>the search list. It wont even forward queries for external hosts (web sites)
>to our internet facing servers.
>
>After restarting the named process we can then resolv hosts from all the
>above zones and web sites.
>
>I wondered if it could be the option 'datasize' being set too small. Ours is
>just 20M.
>
BIND 9 shouldn't simply *stop* responding to queries when it hits 
datasize. It should just slow down as it purges old cache entries and 
has to fetch a higher proportion of new ones over the network for a 
while. That being said, it might be the case that your nameserver slows 
down so much maybe the resolver times out before the nameserver returns 
the answer. You could probably get an idea of whether you're hitting a 
datasize threshold by looking at the size of the named process with "ps 
-flp {pid}". I would imagine named writes something to the log when it 
reaches this threshold, so tweaking your logging options might give you 
a confirmation also.

If I may get on my soapbox for a while, though, this is what happens 
when you indulge searchlists too much. Probably much of your small cache 
capacity is being squandered by bad searchlist guesses. Yes, that's 
basically what the searchlist option does -- make the resolver *guess* 
at what the domain is, by trial and error, one domain at a time, much as 
you might hypothetically make the postal service guess at city, 
state/province, zip code, or whatever, by omitting that information from 
the recipient addresses of letters you send. Every "wrong" domain guess 
leaves a negative cache entry in the nameserver, for some period of 
time. Do you really think this is a reasonable use of caching, network 
and processing resources? Sure, I've heard the "users don't want to type 
fully-qualified names" argument a million times, but how many of your 
queries come directly from user typing, really? If you're typical, the 
vast majority come from automated processes, names read in from config 
files, or bookmarks, or from URLs accessed via clicking on a hyperlink. 
All of those categories of query sources could be converted over to 
using fully-qualified names. Very few queries actually come from user 
typing, so the "too much typing!" argument doesn't carry much weight 
with me. To summarize: searchlists are evil, avoid them as much as possible.

                                                                         
                                                            - Kevin

More information about the bind-users mailing list