max-cache-size query

Adam Tkac atkac at redhat.com
Tue Jun 1 13:25:17 UTC 2010


On Tue, Jun 01, 2010 at 03:52:56PM +0300, Techi wrote:
> On Tue 01 of Jun 2010 15:43:54 you wrote:
> > What version of BIND are you running?  If you're getting FD limits, I'd
> >  think it's an older version with a bug, and your problems might also be
> >  alleviated by upgrading.
> Version: bind-9.3.6-4.P1.el5_4.2
> 
> I cannot upgrade. Company's policy is to use only Centos packages.... :(
> Anyway, I believe that it  is not a "true" 9.3 since for example, I can set 
> the "allow-query-cache" statement of 9.5. Of course, only RH can say that and 
> I am not RH.

You are right, it is not a "true" 9.3.6-P1, it contains numerous
enhancements from later releases (like "allow-query-cache").

If you set too low max-cache-size and it is really busy recursion server
(from number of connections it seems it really is) then BIND will
often hit upper "cache watermark" and will start cache cleanup, which
is, at least in 9.3.X series, quite expensive operation. Additionally,
when cache is too small and cleaned too often, BIND will ask again and
again for the same records, which means huge number of connections.

If you hit again the crash you should probably open a report in
the CentOS tracker.

Regards, Adam

> > -----Original Message-----
> > From: bind-users-bounces+tsnyder=rim.com at lists.isc.org
> >  [mailto:bind-users-bounces+tsnyder=rim.com at lists.isc.org] On Behalf Of
> >  Techi Sent: Tuesday, June 01, 2010 8:36 AM
> > To: bind-users at lists.isc.org
> > Subject: max-cache-size query
> > 
> > Hallo,
> > Recently, I faced huge problems with my DNS servers (bind crashed with no
> > apparent reason). Some of the symptons were:
> > * Huge number of connections on our firewalls (>150000).
> > * A lot of errors in syslog about max file descriptors limits reached
> > (currently on system, the FD limit is 4096, the default of centos)
> > 
> > Anyway, after the proposal of a friend of mine, I removed the the
> >  max-cache- size limit (that was set to 256MB.
> > After a restart of bind, the FW guys reported a huge drop on connections
> > (<10000)!
> > Additionally, I have no crashes so far (in contract with 1-2 per week).
> > So, why:
> > a. bind generated so much traffic?
> > b. Is it possible to have bind crash because I could not handle the cache
> > clean-up and on the same time to serve requests?
> > 
> > Thank you
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> > 
> > ---------------------------------------------------------------------
> > This transmission (including any attachments) may contain confidential
> >  information, privileged material (including material protected by the
> >  solicitor-client or other applicable privileges), or constitute non-public
> >  information. Any use of this information by anyone other than the intended
> >  recipient is prohibited. If you have received this transmission in error,
> >  please immediately reply to the sender and delete this information from
> >  your system. Use, dissemination, distribution, or reproduction of this
> >  transmission by unintended recipients is not authorized and may be
> >  unlawful.
> > 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Adam Tkac, Red Hat, Inc.



More information about the bind-users mailing list