response time very high when a lot of queries timeout
Frank Agerholm
frank at balumir.de
Mon Mar 27 06:08:20 UTC 2006
Hello,
i have the same Problems with my Caching-Nameserver too.
Bind 9.3.x has an new Feature "rndc recursing" to show currently running
recursive Querys. I found some few queryed dns-Servers in this List
running 40% of my total recursive querys.
These dns-Servers are not reachable (via nslookup or ping) from my DNS.
So i think, it is a routing-Problem.
I blacklisted this nameserver. But this is a dirty hack.
Have you found some other Solutions for this Problem?
greeting
Frank Agerholm
very.luke at gmail.com schrieb:
>Hi,
>my company has several dns servers running bind 9.2.3 and serving a
>large customer base.
>
>My dns are recursive dns, but are also authoritative for a few zones
>(almost 600 domains).
>
>My dns run (5 child processes) with querylog always on and with
>max_recursive_clients treshold equal to 15000
>
>Normally traffic is 1500 query/sec per dns and the response time is
>pretty good (less than 1 msec).
>
>Somehow, when many clients bomb with timeout/servfail queries a dns,
>its response time increases and reaches 100 msec (very bad), even if
>the total number of queries/sec is less than 2000.
>
>Bind cannot cache these timeout/servfail queries because are neither
>good queries nor nxdomain queries.
>
>My troubleshooting is very boring (and not preventing other similar
>cases): I add client' ip in the dns' blackhole and restart named.
>
>Anyone knows if I can prevent theese lacks of speed in answering
>queries when someone keeps on bombing my dns?
>
>Any patch? Any improvement in the latest bind-9-3?
>
>
>
>
More information about the bind-users
mailing list