max-cache-size query

Warren Kumari warren at kumari.net
Tue Jun 1 21:45:42 UTC 2010


One obvious solution to keeping  the firewall guys happy would just be  
to make them not burn state entries for the nameserver at all....  
Firewalls in front of nameservers cause an ungodly amount of issues  
for no real benefit...


Just sayin'...

W


On Jun 1, 2010, at 8:35 AM, Techi wrote:

> Hallo,
> Recently, I faced huge problems with my DNS servers (bind crashed  
> with no
> apparent reason). Some of the symptons were:
> * Huge number of connections on our firewalls (>150000).
> * A lot of errors in syslog about max file descriptors limits reached
> (currently on system, the FD limit is 4096, the default of centos)
>
> Anyway, after the proposal of a friend of mine, I removed the the  
> max-cache-
> size limit (that was set to 256MB.
> After a restart of bind, the FW guys reported a huge drop on  
> connections
> (<10000)!
> Additionally, I have no crashes so far (in contract with 1-2 per  
> week).
> So, why:
> a. bind generated so much traffic?
> b. Is it possible to have bind crash because I could not handle the  
> cache
> clean-up and on the same time to serve requests?
>
> Thank you
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

---
Schizophrenia beats being alone.





More information about the bind-users mailing list