Bind 9.30 recursive quota error?
Kevin Darcy
kcd at daimlerchrysler.com
Thu Oct 21 18:16:24 UTC 2004
snort wrote:
>I just upgraded my dns servers to 9.3.0 in the last week or so. Seems to be working ok but I'm noticing a strange new error in my system logs that I'm not sure if I should be worried about or not.
>
> client 10.0.12.149 no more recursive clients: quota reached: 2 Time(s)
> client 10.0.12.150 no more recursive clients: quota reached: 2 Time(s)
> client 10.0.12.169 no more recursive clients: quota reached: 1 Time(s)
> client 10.0.17.12 no more recursive clients: quota reached: 5 Time(s)
> client 10.0.17.40 no more recursive clients: quota reached: 4 Time(s)
> client 10.0.17.41 no more recursive clients: quota reached: 2 Time(s)
>
BIND 9 introduces the concept of quotas on the number of simultaneous
recursive requests a nameserver instance will handle. The default is
1000, but can be overridden with the "recursive-clients" global option.
Does it seem likely that you have enough clients that you would have
more than 1000 outstanding recursive queries, under normal network
conditions? If not, then maybe you have some intermittent network
connectivity problems that are causing the recursive requests to take
longer in the queue than they should. On the other hand, maybe you are
just hitting this quota because sometimes your clients "burst" with a
bunch of queries at once. If you're seeing these messages *a*lot*, then
maybe you should raise your quota, but be aware that this will have a
performance impact on your server. It might be better to examine the
query traffic and try to minimize it at the source. Searchlists, for
instance, are notorious for causing large numbers of bogus queries from
clients.
- Kevin
More information about the bind-users
mailing list