Performance Tuning RHEL 5 and Bind
Carsten Strotmann
cas at strotmann.de
Thu Oct 24 20:05:25 UTC 2013
Hi,
Kevin Darcy <kcd at chrysler.com> writes:
> Are these queries mostly for names in an Active Directory domain? The
> default for Active Directory is for *every* Domain Controller to
> register NS records at the apex of the AD domain. Pretty soon, for any
> reasonably-sized AD infrastructure, all of those NSes cause *all*
> queries for *any* name in the domain to trigger a TCP retry (because
> the Answer + Authority Sections overflow 512 bytes), if EDNS0 is not
> in effect. I sat down with our AD folks a few years ago and impressed
> upon them how important it is to be selective about which Domain
> Controllers are registered at the apex. They appreciated the negative
> consequences of being awash in TCP retries, and it's been managed for
> some time now (at least for our *main* AD domain; don't get me started
> on the business partner that still has 92 NS records at the apex of
> their AD domain. Sigh)
>
good point.
Increasing the EDNS0 UDP size might also be an option (default is 1280
for Windows DNS) ->
http://technet.microsoft.com/en-us/library/cc783893%28v=ws.10%29.aspx
It is possible to tell some less critical DC to not register themself in
DNS:
http://support.microsoft.com/kb/198767
and
http://technet.microsoft.com/en-us/library/cc782946%28v=ws.10%29.aspx
-- Carsten
More information about the bind-users
mailing list