Recommendations for ISP caching nameserver?

Rich Parkin RParkin at
Mon Jun 13 14:21:27 UTC 2005

I run DNS for an ISP and recently I've been having trouble with one of my =
nameservers running out of recursive clients and forcing me to restart =
BIND often.

Basically I need my servers to be able to handle just about anything =
that's thrown at them and need recommendations to make the server more =

The server in question is a single CPU Netra T-1 with 1 GB of memory =
running Solaris 9 and Bind 9.2.2 (from sunfreeware).  It is a recursive, =
caching nameserver with no authoritative zones and there are no major =
services running other than Bind.  Up until last week, I was running the =
server with a limit of 3000 recursive clients with no trouble.  As of this =
morning, I've bumped it up to 10,000.  (Last week I identified an abuser =
and got it corrected, but I'm back at square one again today.)  My other =
servers aren't having any problems, although they are all configured =
pretty much the same.

This is what my options look like currently (minus any commented-out =

options {
 recursive-clients 10000;
 directory "/var/named" ;
 pid-file "/var/named/";
 dump-file "/var/named/named_dump.db";

I would like to use the allow-recursion and allow-query statements to =
limit access, but there's a strong probability that we have customers =
using our DNS servers that aren't actually on our network (please don't =
ask...) and I don't want to break them if I can help it.  What else can I =
do?  How high can I set the recursive-clients without causing a problem?

Richard Parkin
Network Engineering
LDMI Telecommunications

More information about the bind-users mailing list