how to debug "no more recursive clients"
Frank Y.F. Luo
luoy at muohio.edu
Thu Feb 9 19:25:27 UTC 2006
I guess you had internet connection problem when you had this problem - the
thread just waited there before it timed out so it is very easy to reach
that limit.
Interesting to know how to prevent this happens again - change the .hint
file so it replys with nxdomain for all internet domain names but resolves
local hosted domain name properly?
Frank
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Len Conrad
> Sent: Thursday, February 09, 2006 2:07 PM
> To: bind9-users at isc.org
> Subject: Re: how to debug "no more recursive clients"
>
>
>
> > > We have "forwarding DNS" setup, where all the internal DNS "forward
> > > first" to our recursive-only rns1 and rns2 (recursive ns).
> > >
> >
> >Why would you do that?
>
> So all our forwarding DNSs benefit from the consolidated, system-wide
> caches on rns1/2. At 30 createfetches/second from rns1, our DNS
> traffic is pretty high.
>
> >Just have them do it themselves. There's no
> >advantage to forwarding by doing what you are doing and in fact
>
> Many of our MTAs running in parallel and running BIND do the same
> queries, so having those answers cached speeds up a lot of queries,
> esp often-very-slow PTR and RBL queries.
>
> >as you
> >are finding out, considerable disadvantages.
>
> The problem is not our system design which has worked for many weeks
> without problems, but what caused BIND9 to hit the 1000 recursive
> client limit twice, when the avg recursive client count is less than 60.
>
> Len
>
>
>
> _____________________________________________________________________
> http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
>
>
>
>
More information about the bind-users
mailing list