Performance issues

[Ulrich David]

Hi,

We are running bind 9.3.3 on 1 hidden master and 2 slaves with 2GB  
Ram and "old" 2GHz Xeon. We have 150 queries/s average on each slave  
with 300 queries/s in max peak. On these servers we have about 150  
"lights" zones with Authority. We have done 2 views, one for our  
client (about 20'000 in peak) which is open for recursives queries  
and one for external which provide only the zones we have authority  
on (no cache for it).
For example of queries repartition, at 20h00 yesterday we have  
about : 5 failures/s, 70 recursives/s, 40 nxdomain/s, 5 nxrrset/s and  
150 success/s...

We have some performance issue on the slaves. Sometimes the queries  
on one of our authority zones (on one A record) can take some seconds  
to be executed ! (in average it takes less than 8ms)... This  
performance issues are not linked to load issues on server. We are  
monitoring load (average load is 0,1 per minute), packets (average is  
150p/s), bandwith (average is 20kB/s), processus, ping time, ... The  
bind performance issues can occure when we have only 150 queries/s  
with a low load... we see nothing strange in the stats (like tcp or  
udp explosions, or very high number of packets)...

Are these issues "normal"? We are thinking about a solution with 2  
front servers providing only cache services (open to our clients  
only, for recursives) and with 2 slaves and 1 master dedicated to the  
authoritatives zones (nor recursive, hidden to our clients). Could  
this be a real solution for better performances?

Regards

David

##### some of our named.conf #####
# blacklist contains only 1 IP
# recursive is quite high... because
# sometimes 1000 recursives is not enough
##############################
options {
         directory       "/etc/namedb";
         pid-file        "/var/run/named/pid";
         dump-file       "/var/dump/named_dump.db";
         statistics-file "/var/stats/named.stats";
         version         "None of your business";
         // we accept transfers only to our slaves
         allow-transfer {
                 key dns3-dns2.; # Our slave
                 key dns3-dns1.; # Our slave
         };
         recursive-clients 2500;
         blackhole { blacklist; };
};

view "internal-in" in {
         match-clients { our_clients; };
         recursion yes;
         additional-from-auth yes;
         additional-from-cache yes;
         include "zones.conf";
};

view "external-in" in {
         match-clients { any; };
         recursion no;
         additional-from-auth no;
         additional-from-cache no;
         include "zones.conf";
};