Weird named act!

Wed Sep 8 00:59:55 UTC 2004

> Holdsworth, Matthew wrote:
> 
> >Dear All,
> >
> >Can anyone shed any light on this one:
> >
> >We run BIND 9.2 on Solaris 8
> >
> >Every now and again we have to restart the named process on our DNS server.
> >Reason being, it stops resolving anything outside of its own zone.
> >
> >Eg.
> >Our resolv.conf file contains the line:
> >
> >search lond.dtv.cwctv.net lond.dtv.ntl dtv.cwctv.net dtv.ntl
> >ops.dtv.cwctv.net ops.dtv.ntl
> >
> >Now, when the problem occurs it will only resolv hosts from the first one in
> >the search list. It wont even forward queries for external hosts (web sites)
> >to our internet facing servers.
> >
> >After restarting the named process we can then resolv hosts from all the
> >above zones and web sites.
> >
> >I wondered if it could be the option 'datasize' being set too small. Ours is
> >just 20M.
> >
> BIND 9 shouldn't simply *stop* responding to queries when it hits 
> datasize. It should just slow down as it purges old cache entries and 
> has to fetch a higher proportion of new ones over the network for a 
> while. That being said, it might be the case that your nameserver slows 
> down so much maybe the resolver times out before the nameserver returns 
> the answer. You could probably get an idea of whether you're hitting a 
> datasize threshold by looking at the size of the named process with "ps 
> -flp {pid}". I would imagine named writes something to the log when it 
> reaches this threshold, so tweaking your logging options might give you 
> a confirmation also.
> 
> If I may get on my soapbox for a while, though, this is what happens 
> when you indulge searchlists too much. Probably much of your small cache 
> capacity is being squandered by bad searchlist guesses. Yes, that's 
> basically what the searchlist option does -- make the resolver *guess* 
> at what the domain is, by trial and error, one domain at a time, much as 
> you might hypothetically make the postal service guess at city, 
> state/province, zip code, or whatever, by omitting that information from 
> the recipient addresses of letters you send. Every "wrong" domain guess 
> leaves a negative cache entry in the nameserver, for some period of 
> time. Do you really think this is a reasonable use of caching, network 
> and processing resources? Sure, I've heard the "users don't want to type 
> fully-qualified names" argument a million times, but how many of your 
> queries come directly from user typing, really? If you're typical, the 
> vast majority come from automated processes, names read in from config 
> files, or bookmarks, or from URLs accessed via clicking on a hyperlink. 
> All of those categories of query sources could be converted over to 
> using fully-qualified names. Very few queries actually come from user 
> typing, so the "too much typing!" argument doesn't carry much weight 
> with me. To summarize: searchlists are evil, avoid them as much as possible.
> 
>                                                                          
>                                                             - Kevin

	datasize is *not* the correct option to control memory
	usage.  It really should only be used to *raise* the amount
	of memory available to the process.  Recovering from malloc
	failures is extremely hard to do properly.  You essentially
	have to stop everything, free dynamic memory and restart
	without having to allocate any memory until you start the
	restart process.

	named assumes that you have correctly sized datasize to allow
	for handle both the fixed and dynamic memory requirements.

	Fixed memory requirements include but are not limited to
	memory for authoritative zones, memory for clients and some
	general overhead.  Note when calculating the fixed requirements
	named sometimes has multiple copies of zones in memory at
	the same time.

	max-cache-size is the option to use to control the dynamic
	memory requirements.  When this limit is reached the cache
	will be randomly cleaned for datasets.  9.3 does a better
	job of this that 9.2 as adb's memory usage is now included.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org