Weird named act!
Kevin Darcy
kcd at daimlerchrysler.com
Wed Sep 8 00:10:57 UTC 2004
Holdsworth, Matthew wrote:
>Dear All,
>
>Can anyone shed any light on this one:
>
>We run BIND 9.2 on Solaris 8
>
>Every now and again we have to restart the named process on our DNS server.
>Reason being, it stops resolving anything outside of its own zone.
>
>Eg.
>Our resolv.conf file contains the line:
>
>search lond.dtv.cwctv.net lond.dtv.ntl dtv.cwctv.net dtv.ntl
>ops.dtv.cwctv.net ops.dtv.ntl
>
>Now, when the problem occurs it will only resolv hosts from the first one in
>the search list. It wont even forward queries for external hosts (web sites)
>to our internet facing servers.
>
>After restarting the named process we can then resolv hosts from all the
>above zones and web sites.
>
>I wondered if it could be the option 'datasize' being set too small. Ours is
>just 20M.
>
BIND 9 shouldn't simply *stop* responding to queries when it hits
datasize. It should just slow down as it purges old cache entries and
has to fetch a higher proportion of new ones over the network for a
while. That being said, it might be the case that your nameserver slows
down so much maybe the resolver times out before the nameserver returns
the answer. You could probably get an idea of whether you're hitting a
datasize threshold by looking at the size of the named process with "ps
-flp {pid}". I would imagine named writes something to the log when it
reaches this threshold, so tweaking your logging options might give you
a confirmation also.
If I may get on my soapbox for a while, though, this is what happens
when you indulge searchlists too much. Probably much of your small cache
capacity is being squandered by bad searchlist guesses. Yes, that's
basically what the searchlist option does -- make the resolver *guess*
at what the domain is, by trial and error, one domain at a time, much as
you might hypothetically make the postal service guess at city,
state/province, zip code, or whatever, by omitting that information from
the recipient addresses of letters you send. Every "wrong" domain guess
leaves a negative cache entry in the nameserver, for some period of
time. Do you really think this is a reasonable use of caching, network
and processing resources? Sure, I've heard the "users don't want to type
fully-qualified names" argument a million times, but how many of your
queries come directly from user typing, really? If you're typical, the
vast majority come from automated processes, names read in from config
files, or bookmarks, or from URLs accessed via clicking on a hyperlink.
All of those categories of query sources could be converted over to
using fully-qualified names. Very few queries actually come from user
typing, so the "too much typing!" argument doesn't carry much weight
with me. To summarize: searchlists are evil, avoid them as much as possible.
- Kevin
More information about the bind-users
mailing list