Bind 9.30 recursive quota error?

Kevin Darcy kcd at daimlerchrysler.com
Thu Oct 21 18:16:24 UTC 2004


snort wrote:

>I just upgraded my dns servers to 9.3.0 in the last week or so. Seems to be working ok but I'm noticing a strange new error in my system logs that I'm not sure if I should be worried about or not. 
>
>   client 10.0.12.149 no more recursive clients: quota reached: 2 Time(s)
>   client 10.0.12.150 no more recursive clients: quota reached: 2 Time(s)
>   client 10.0.12.169 no more recursive clients: quota reached: 1 Time(s)
>   client 10.0.17.12 no more recursive clients: quota reached: 5 Time(s)
>   client 10.0.17.40 no more recursive clients: quota reached: 4 Time(s)
>   client 10.0.17.41 no more recursive clients: quota reached: 2 Time(s)
>
BIND 9 introduces the concept of quotas on the number of simultaneous 
recursive requests a nameserver instance will handle. The default is 
1000, but can be overridden with the "recursive-clients" global option. 
Does it seem likely that you have enough clients that you would have 
more than 1000 outstanding recursive queries, under normal network 
conditions? If not, then maybe you have some intermittent network 
connectivity problems that are causing the recursive requests to take 
longer in the queue than they should. On the other hand, maybe you are 
just hitting this quota because sometimes your clients "burst" with a 
bunch of queries at once. If you're seeing these messages *a*lot*, then 
maybe you should raise your quota, but be aware that this will have a 
performance impact on your server. It might be better to examine the 
query traffic and try to minimize it at the source. Searchlists, for 
instance, are notorious for causing large numbers of bogus queries from 
clients.

                                                                         
                                    - Kevin




More information about the bind-users mailing list