BIND BOTTLENECK: internall 90 seconds query timeout & recursive-clients limit

[Ladislav Vobr]

> This list is not for technical support from ISC.  The people who answer 
> in this list are mostly not associated with ISC at all, we're just 
> knowledgeable users.
> 
> ISC is not a commercial software vendor.  If you want to purchase 
> technical support, go to Nominum, Inc. <www.nominum.com>.

thanks barry, we are exploring the ways for commercial support for bind 
and/or CNS/ANS nominum products since company is pushing for it, I know 
this this is just user list, but I miss those daily posts by isc people, 
although sometimes we (users) made a hard time for them :-)

> I think this will actually only be a problem if *all* the servers for a 
> domain are down.  BIND keeps track of past response times for servers, 
> and chooses the one with the best previous response time when selecting 
> which NS record for a domain to use.

yes, it is problem only when *all* are unreachable, but when it happen 
it is going to be a major bottleneck, which is severely impacting the 
performance of bind, it becoming a phenomena of the net, if I may called 
it like this, with growing number of end users with 
viruses/trojans/backdoors/spammers.... this becoming very severe for 
large recursive services.

Once I was getting around 1500 requests per second only to 
infopak.gov.pk which was from virus which inflected large number of 
customers, for each requests my recursive servers starts following up 
with *all* these unreachable servers, since the infopak.gov.pk domain 
went completely down The performance of the bind was very disappointing, 
and what's worse not even a single line of the log... lame log is full 
of servers which are up and wrongly configured, but cases like this not 
even a single line....

it can bring bind completely down, it just depends how much such 
requests you can send...

Ladislav