no more recursive clients: quota reached
Oliver Henriot
Oliver.Henriot at imag.fr
Wed Mar 24 14:41:28 UTC 2010
Dear list users,
I'd like to understand a point about quotas on recursive clients quotas
and reading books, manuals and this list's archives hasn't made it
entirely clear to me.
I have the classical error logs :
17-Mar-2010 12:14:44.026 client: warning: client 129.88.30.5#57960: no
more recursive clients: quota reached
I have a lot of these... (two thousand unique clients blocked over the
last two weeks on my main resolver)
Is this quota global for all clients? I.e. one rogue client sending
massive amounts of recursive requests would blow the quota for everyone.
Or is it per client? It seems unlikely to me but I'm not clear on that
point.
Is increasing the quota limit the only solution?
It seems odd to me to hit the default bind limit on my servers when they
are not open recursive servers and only clients on my networks (a few
thousand clients for three recursive resolvers) can interrogate them.
The problem is particularly crucial because one of the clients is a
router behind which many of my clients are nated and each time the quota
is reached on the servers they use all the clients behind the router
address are blocked and get network timeouts.
I'm going to increase the quota, but if you can tell me if this the
right thing to do or if I should be looking for something else that
would be great.
Best regards,
Oliver Henriot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4132 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100324/33fe516b/attachment.bin>
More information about the bind-users
mailing list