response time very high when a lot of queries timeout
very.luke at gmail.com
very.luke at gmail.com
Fri Mar 17 21:40:22 UTC 2006
Hi,
my company has several dns servers running bind 9.2.3 and serving a
large customer base.
My dns are recursive dns, but are also authoritative for a few zones
(almost 600 domains).
My dns run (5 child processes) with querylog always on and with
max_recursive_clients treshold equal to 15000
Normally traffic is 1500 query/sec per dns and the response time is
pretty good (less than 1 msec).
Somehow, when many clients bomb with timeout/servfail queries a dns,
its response time increases and reaches 100 msec (very bad), even if
the total number of queries/sec is less than 2000.
Bind cannot cache these timeout/servfail queries because are neither
good queries nor nxdomain queries.
My troubleshooting is very boring (and not preventing other similar
cases): I add client' ip in the dns' blackhole and restart named.
Anyone knows if I can prevent theese lacks of speed in answering
queries when someone keeps on bombing my dns?
Any patch? Any improvement in the latest bind-9-3?
More information about the bind-users
mailing list