max-cache-size query
Warren Kumari
warren at kumari.net
Tue Jun 1 21:45:42 UTC 2010
One obvious solution to keeping the firewall guys happy would just be
to make them not burn state entries for the nameserver at all....
Firewalls in front of nameservers cause an ungodly amount of issues
for no real benefit...
Just sayin'...
W
On Jun 1, 2010, at 8:35 AM, Techi wrote:
> Hallo,
> Recently, I faced huge problems with my DNS servers (bind crashed
> with no
> apparent reason). Some of the symptons were:
> * Huge number of connections on our firewalls (>150000).
> * A lot of errors in syslog about max file descriptors limits reached
> (currently on system, the FD limit is 4096, the default of centos)
>
> Anyway, after the proposal of a friend of mine, I removed the the
> max-cache-
> size limit (that was set to 256MB.
> After a restart of bind, the FW guys reported a huge drop on
> connections
> (<10000)!
> Additionally, I have no crashes so far (in contract with 1-2 per
> week).
> So, why:
> a. bind generated so much traffic?
> b. Is it possible to have bind crash because I could not handle the
> cache
> clean-up and on the same time to serve requests?
>
> Thank you
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
---
Schizophrenia beats being alone.
More information about the bind-users
mailing list