Cacheing Server question

Jim Reid jim at rfc1035.com
Fri Dec 24 19:00:43 UTC 1999 

>>>>> "Mike" == Mike Smith <mike at ftl.com> writes:

    Mike>  Got a questions/problem with a cacheing only nameserver. I
    Mike> am getting tons of these errors in the logs. Should I be
    Mike> piping these to never-never land ?

    Mike> Dec 24 07:58:52 rdns01 named[16938]: sysquery: sendto([192.33.4.12].53): Connection refused 
    Mike> Dec 24 07:58:54 rdns01 named[16938]: ns_forw: sendto([206.48.145.19].53): Connection refused

   .... lots of other "Connection refused" messages snipped ....

These errors mean that your name server is sending queries to port 53
- ie another name server - and getting connection refused errors
returned. This is strange. My man pages for sendto() say this system
call doesn't return ECONNREFUSED errors. Check the local documentation
for this system call or library routine to find out why it is failing
and returns this error code.

ECONNREFUSED errors are not relevant to UDP: there's no "connection"
to set up or reject. Usually this error occurs when the remote system
doesn't have a TCP listener on the desired port number. But TCP is not
used for most DNS lookups: and anyway sendto() sends a datagram.

FYI, I have successfully queried at random some of the IP addresses
you quoted. They all seem to be running name servers OK. Could it be
that your name server lives behind a firewall or router which is
refusing to pass the DNS traffic? Maybe the firewall is rejecting
these packets and returns an ICMP error code of ICMP_UNREACH_PORT -
"bad port" - and your server's TCP/IP stack is translating that into
an ECONNREFUSED error?

Remember that by default BIND8 uses a random non-privileged port for
sending queries. In BIND4, it always used a source port of 53 and some
firewalls may have been set up for those logacy name servers. If this
is the case, you can either reconfigure the firewall or use a
query-source clause to make the name server use port 53 for its
queries. There's even a comment about this in the named.conf file you
included.

    Mike> Any suggestions on tweaking the config for better
    Mike> performance would be great.

There's not much you can do to make a caching-only server go faster
apart from make sure that the system has enough bandwidth, RAM and CPU
cycles to handle the load. 

    Mike> Named seems to grow without bounds....
    Mike> Should named die when it gets to say 124M???

It'll die if/when the OS won't let it have more memory. Most name
server's memory usage stabilises after running for a few days. They
end up with a "working set" of resource records that are most commonly
looked up by the resolvers who query the server. The trick is making
sure that the this is less than the OS's resource limits on the VM
subsystem and the amount of free RAM. The name server process should
always be resident in RAM: you don't want DNS lookups causing page
faults.

More information about the bind-users mailing list