BIND 90 seconds query timeout & recursive-clients limit

[Ladislav Vobr]

When all the nameservers for certain domain are unreachable, bind 
doesn't log or bogus such a servers, be it unreachable even for 
hours/days/weeks/years. Administrator has no idea how many such servers 
are being permanently retried from his server for 
hours/days/weeks/years. He can discovered it only by change or waiting 
for the customer complain, to trigger the troubleshooting.

worse of this, if the  of each query is 90 seconds, 11 such queries to 
unreachable domains per seconds are enough to fill the default 1000 
concurrent recursive query queue after these 90 seconds.

How you people run a recursive servers with 1,2,3 thousands of requests 
per seconds having some zones completely unreachable, which is fact of 
life today. What is your recursive clients limit? Having it 2000 will 
just let me receive 22 such a requests per seconds, that's really very 
small number in scenario with lot of traffic for example 150-300 queries 
to unreachable domains servers.

Shouldn't isc think about at least setting up the log file for such a 
long term unreachable servers, so administrator can easily bogus them if 
bind prefers not to do it and avoid this problem of very simple 
recursive queue fill-up. It is being considered even of less importance 
than being lame, but the impact on bind service is more worse than lame, 
which is being logged.

Ladislav