Recommendations for ISP caching nameserver?
Rich Parkin
RParkin at ldmi.com
Mon Jun 13 14:21:27 UTC 2005
I run DNS for an ISP and recently I've been having trouble with one of my =
nameservers running out of recursive clients and forcing me to restart =
BIND often.
Basically I need my servers to be able to handle just about anything =
that's thrown at them and need recommendations to make the server more =
robust.
The server in question is a single CPU Netra T-1 with 1 GB of memory =
running Solaris 9 and Bind 9.2.2 (from sunfreeware). It is a recursive, =
caching nameserver with no authoritative zones and there are no major =
services running other than Bind. Up until last week, I was running the =
server with a limit of 3000 recursive clients with no trouble. As of this =
morning, I've bumped it up to 10,000. (Last week I identified an abuser =
and got it corrected, but I'm back at square one again today.) My other =
servers aren't having any problems, although they are all configured =
pretty much the same.
This is what my options look like currently (minus any commented-out =
lines):
options {
recursive-clients 10000;
directory "/var/named" ;
pid-file "/var/named/named.pid";
dump-file "/var/named/named_dump.db";
};
I would like to use the allow-recursion and allow-query statements to =
limit access, but there's a strong probability that we have customers =
using our DNS servers that aren't actually on our network (please don't =
ask...) and I don't want to break them if I can help it. What else can I =
do? How high can I set the recursive-clients without causing a problem?
Richard Parkin
CCNA
Network Engineering
LDMI Telecommunications
More information about the bind-users
mailing list