RFC: workaround for unwanted dynamic updates

Doug Barton DougB at DougBarton.net
Fri Dec 14 00:41:39 UTC 2001


On Thu, 13 Dec 2001, Nate Campi wrote:

> On Thu, Dec 13, 2001 at 02:53:30PM -0800, Doug Barton wrote:
> >
> > 	Prior to my implementing this fix it was not uncommon to get hit
> > with 20 failed dynamic update requests per second. The overhead of
> > processing those requests was just shredding the server. At its best that
> > server was doing 40 queries per second, currently (without the dynamic
> > updates overhead) it's doing 3 times that many qps.
>
> Do you really get shredded by 40 queries per second, or even three times
> that?

	The overhead of a dynamic update request is a lot greater than the
overhead for a successful RR query. Also, there is a certain amount of
overhead related to holding the db for hundreds of thousands of zones.

> Check out http://www.campin.net/DNS/index.html for some stats
> from a couple nights ago on a couple of my servers. My little Sun Netra
> at the top handles over two thousand queries a second from mail servers
> (any, a and mx queries for outside domains), sometimes for long periods

> All this makes me wonder if you don't need better hardware. Maybe you
> run other software on the box that is loading it as well.

	I was running it on a netra T1 previously. :) Beefing up the
hardware helped the performance some, but getting rid of the dynamic
updates really took the cork out of the bottle.

> Check out the mname for lycos.com - and what it resolves to. Let someone
> send their dynamic updates to that, or even better try to attack it!

	Yeah, I thought of doing that, but I'm afraid of what would happen
to our customer's desktops if I did. It's actually _more_ important in my
case that we don't break anything for the customer, since that costs us
real money in terms of support calls.

Thanks for the response,

Doug



More information about the bind-users mailing list