does bind caches no replies ?

Ladislav Vobr lvobr at ies.etisalat.ae
Sun Feb 16 02:50:20 UTC 2003 

Dear Simon,
thanks for your reply, I am really unhappy sometimes from this
behaviour, since it it causing a lot of disturbancies, when the traffic
to unreachable domain is high, and my nameservers itself serves as a
amplifier, since for each received requests it sends i guess three
retries to each NS record, thus multiplying the traffic. Some clients
(like viruses or some bad code)  will be always very bad they don't care
about the delay and keep asking straight away again.

I was hoping bind might remember what queries has sent out already and
will not repeat that till timeout or till the answer comes back,
something like serialize the queries and make them unique, and don't
resend the queiry again, if it is already in progress and, but I think
it requires a lot og changes and might be effecting other factors as
well as performance, and bind will have to keep its queries states.

IT is a problem for me, since there is no way how to stop this, only
maybe by preparing the worse case hardware setup, which I guess we will
not be able to justify financially, or I thought about somehow automate
the proccess of making the server bogus, but not sure how.

In my case I am running bind 8.3.4 on Sun  E280 with and usually we have
around 3-4 thousands request per second, but if 1000 from it is for such
a nonexisting domain, and it keeps retrying for each request 3-4 times,
this will result in very bad performance, and some requests starts
timing out :-(


Best Regards
Ladislav Vobr
Etisalat, UAE

Simon Waters wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ladislav Vobr wrote:
> >
> > I did some
> > research but could not discovered how often bind is retrying
> or what are
> > the time-outs.
>
> With BIND 9 I remember visiting the source code to try and
> understand some of these stranger behaviours.
>
> If a name server is unresponsive (within timeout settings), BIND
> 9 associates a large time penalty. Since it tries the server
> with the fastest response first this server is thus last to
> query for a domain.
>
> However if all servers for a domain are unresponsive, all
> servers get the penalty, and thus they are queried much as usual.
>
> It is a no win situation as the usual cause is that your network
> connection is bust (so all remote name servers are
> unresponsive), so if we then said lets wait 10 minutes before we
> try again, we'd be overwhelmed with "why does it take 10 minutes
> for my name server to work after my modem/ISDN/leased line is
> interrupted?" questions.
>
> I think you have to hope that the authors of the clients will
> build in exponential back off or similar safeguards, like most
> mail servers, or scale your DNS for a worst case scenario.
>
> Don't be shy in suggesting such sites try an offsite DNS server,
> or longer TTL. If you're an ISP you could offer to be a
> secondary if it makes your life easier, or tell one of your
> salesmen that they need your help ;-)
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+TiuKGFXfHI9FVgYRArIYAKCaI0/5L1mwyRYdi+NDrX+uvoPhWQCgoUF1
> UkZ+zhZ2Y6kCqDly7oVlaBI=
> =nuIE
> -----END PGP SIGNATURE-----


-- Binary/unsupported file stripped by Ecartis --
-- Type: text/x-vcard
-- File: lvobr.vcf
-- Desc: Card for Ladislav Vobr

More information about the bind-users mailing list