BIND 9.4.x and max-clients-per-query

Jan Arild Lindstrøm jal at telenor.net
Mon Sep 22 06:24:02 UTC 2008 

At 22:50 20/09/2008, JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= wrote:
>At Tue, 16 Sep 2008 08:14:43 +0100,
>Jan Arild Lindstrøm <jal at telenor.net> wrote:
>
>> is there really none that can explain why clients-per-query get so high even though
>> max-clients-per-query = 100.... ? 
>
>First, please be more specific about operational environment: the
>exact BIND9 version, not just 9.4.x; build options of BIND9; OS and
>its version; perhaps also your named.conf.

Hardware: Sun Fire T2000, 16GB, 8 core, 1000Mhz, 32 threads
OS: Solaris 10 (Generic_137111-03)
BIND version: 9.4.3b2

SunStudio 12:
        -fast -xtarget=ultraT1 -m64
        ./configure --prefix=/local --localstatedir=/var --with-openssl=/local/openssl --with-randomdev=/dev/urandom \
         --enable-threads --with-libtool --enable-static=yes --disable-shared --sysconfdir=/etc/named 

options {
        tcp-clients 1000;
        dnssec-enable no;
        recursive-clients 50000;
        directory "/etc/named";
        recursion yes;
        allow-query { our-nets; };
        allow-recursion { our-nets; };
        allow-query-cache { our-nets; };
        pid-file "/var/run/named/named.pid";
        check-names master ignore;
        check-names slave ignore;
        check-names response ignore;
        sortlist {
                { localhost;         // IF the local host
                  { localnets; }; }; // Return local addresses
                { 10/8;              // IF host on private net
                  { 10/8; }; };      // return private addresses
                { localnets; };
        };
};

Acl "our-nets" = about 100 networks, divided on 5 different acls. Planning to upgrade 
to 9.5.x soon, to speed up acl processing.

>Second, limiting max-clients-per-query doesn't help reduce the number
>of recursive clients if the same query is sent from different IP
>addresses.

Auch! Is that really correct?  Should it not then be called "max-queries-per-client" and
not "max-clients-per-query"?  

Not to repeat, but:
        clients-per-query, max-clients-per-query 
            These set the initial value (minimum) and maximum number of recursive simultanious clients for 
            any given query (<qname,qtype,qclass>) that the server will accept before dropping additional 
            clients. named will attempt to self tune this value and changes will be logged. The default values 
            are 10 and 100.

As I understand the text, it is supposed to be a limit on number of queries for any given query,
regardless of client/IP address.  And not a limit on number of queries per client.

Am I totally wrong?

>Third, having 49662 recursive clients looks so extraordinary.  I
>suspect that the real problem is somewhere else.

ns11(root) OLD 503# wc -l query.log*
13773918 query.log
13761647 query.log.0
13779648 query.log.1
13781716 query.log.10
--CUT--

Logs are rotated every hour.

That is, more than 13 million queries each hour. Mpstat/CPU load is avg. 0.4, 
and core saturation about 20%.

>---
>JINMEI, Tatuya
>Internet Systems Consortium, Inc.


Thanks
Jan Arild Lidnstrom

More information about the bind-users mailing list