BIND 9.4.x and max-clients-per-query
Jan Arild Lindstrøm
jal at telenor.net
Mon Sep 22 06:24:02 UTC 2008
At 22:50 20/09/2008, JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= wrote:
>At Tue, 16 Sep 2008 08:14:43 +0100,
>Jan Arild Lindstrøm <jal at telenor.net> wrote:
>
>> is there really none that can explain why clients-per-query get so high even though
>> max-clients-per-query = 100.... ?
>
>First, please be more specific about operational environment: the
>exact BIND9 version, not just 9.4.x; build options of BIND9; OS and
>its version; perhaps also your named.conf.
Hardware: Sun Fire T2000, 16GB, 8 core, 1000Mhz, 32 threads
OS: Solaris 10 (Generic_137111-03)
BIND version: 9.4.3b2
SunStudio 12:
-fast -xtarget=ultraT1 -m64
./configure --prefix=/local --localstatedir=/var --with-openssl=/local/openssl --with-randomdev=/dev/urandom \
--enable-threads --with-libtool --enable-static=yes --disable-shared --sysconfdir=/etc/named
options {
tcp-clients 1000;
dnssec-enable no;
recursive-clients 50000;
directory "/etc/named";
recursion yes;
allow-query { our-nets; };
allow-recursion { our-nets; };
allow-query-cache { our-nets; };
pid-file "/var/run/named/named.pid";
check-names master ignore;
check-names slave ignore;
check-names response ignore;
sortlist {
{ localhost; // IF the local host
{ localnets; }; }; // Return local addresses
{ 10/8; // IF host on private net
{ 10/8; }; }; // return private addresses
{ localnets; };
};
};
Acl "our-nets" = about 100 networks, divided on 5 different acls. Planning to upgrade
to 9.5.x soon, to speed up acl processing.
>Second, limiting max-clients-per-query doesn't help reduce the number
>of recursive clients if the same query is sent from different IP
>addresses.
Auch! Is that really correct? Should it not then be called "max-queries-per-client" and
not "max-clients-per-query"?
Not to repeat, but:
clients-per-query, max-clients-per-query
These set the initial value (minimum) and maximum number of recursive simultanious clients for
any given query (<qname,qtype,qclass>) that the server will accept before dropping additional
clients. named will attempt to self tune this value and changes will be logged. The default values
are 10 and 100.
As I understand the text, it is supposed to be a limit on number of queries for any given query,
regardless of client/IP address. And not a limit on number of queries per client.
Am I totally wrong?
>Third, having 49662 recursive clients looks so extraordinary. I
>suspect that the real problem is somewhere else.
ns11(root) OLD 503# wc -l query.log*
13773918 query.log
13761647 query.log.0
13779648 query.log.1
13781716 query.log.10
--CUT--
Logs are rotated every hour.
That is, more than 13 million queries each hour. Mpstat/CPU load is avg. 0.4,
and core saturation about 20%.
>---
>JINMEI, Tatuya
>Internet Systems Consortium, Inc.
Thanks
Jan Arild Lidnstrom
More information about the bind-users
mailing list