max-cache-size query
Techi
techi at tellas.gr
Wed Jun 2 08:31:43 UTC 2010
On Wed 02 of Jun 2010 00:45:42 you wrote:
> One obvious solution to keeping the firewall guys happy would just be
> to make them not burn state entries for the nameserver at all....
> Firewalls in front of nameservers cause an ungodly amount of issues
> for no real benefit...
I will transfer that to our vendors, but, my question is still not answered.
Why on earth such huge defference in the number of connections on the firewall
with the max-cache-size on and off? I still don't get it.
P.
>
> Just sayin'...
>
> W
>
> On Jun 1, 2010, at 8:35 AM, Techi wrote:
> > Hallo,
> > Recently, I faced huge problems with my DNS servers (bind crashed
> > with no
> > apparent reason). Some of the symptons were:
> > * Huge number of connections on our firewalls (>150000).
> > * A lot of errors in syslog about max file descriptors limits reached
> > (currently on system, the FD limit is 4096, the default of centos)
> >
> > Anyway, after the proposal of a friend of mine, I removed the the
> > max-cache-
> > size limit (that was set to 256MB.
> > After a restart of bind, the FW guys reported a huge drop on
> > connections
> > (<10000)!
> > Additionally, I have no crashes so far (in contract with 1-2 per
> > week).
> > So, why:
> > a. bind generated so much traffic?
> > b. Is it possible to have bind crash because I could not handle the
> > cache
> > clean-up and on the same time to serve requests?
> >
> > Thank you
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> ---
> Schizophrenia beats being alone.
>
More information about the bind-users
mailing list