Bind max socket/query per IP

Ict Security ict.security.job at gmail.com
Wed May 22 11:28:56 UTC 2019 

Dear Mark,

excellent reply, thank you.
I found the problem: for legacy compatibility reason, i still need to
use the old Bind-DLZ Driver, with Postgresql.
I have remove the Driver, used for SQL-filtering reasons, Bind work
like a charm.
I can remove DLZ for "emergencies periods", but i still need to re-add it again.

Is there a way to improve that DLZ driver?
Maybe putting SQL Database on another machine, different from the resolver?

Or, using the new DLZ driver, is it still possible to use similar
queries like old DLZ?

Thank you so much for everything you did for me, very best regards!
FC

Il giorno mer 22 mag 2019 alle ore 00:41 Mark Andrews <marka at isc.org>
ha scritto:
>
> You really need to read up on queuing theory.  The fairest way to queue is to
> have a single queue and to process off the end of that.  Unfortunately interfaces
> don’t form a single queue, they form multiple queues.  This sort of behaviour
> is expected with multiple queues.  The main address is the long queue and the
> alias is the short queue.  Different clients get different response rates (unfair)
> but the overall rate is the same.  This is the reason banks often have a single
> queue that feeds multiple tellers.  That way every client gets fair treatment
> w.r.t. the amount of time they wait.
>
> Additionally there been bugs where the current client has not been replaced to
> read the next request when named has had to fetch/forward packets which just
> stalls the queue processing for those queues.  If you are not up to date you
> may be running a version with those bugs and have a query pattern that triggers
> them. There are no known instances of this class of bug in the current code.
>
>
>
> > On 22 May 2019, at 6:31 am, Ict Security <ict.security.job at gmail.com> wrote:
> >
> > Hi guys,
> >
> > I am experiencing a very strange problem.
> >
> > Under heavy load, Bind becomes extremely load above a certain number of Qps but, if i query an alias IP address (where normally queries don't arrive), Bind answers immediately.
> >
> > I was wondering if there is a kind of limitation on a single IP address due to socket or something elss.
> >
> > I have increased and tuned kernel parameters, but problem still persist.
> >
> > Thank you, cheers!
> > FC
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
>

More information about the bind-users mailing list