troubleshooting bind

Chuck Swiger cswiger at
Mon Apr 9 17:57:08 UTC 2012


On Apr 9, 2012, at 9:55 AM, Marseglia, Michael wrote:
[ ... ]
>   When configuring BIND for an internal corporate network with a thousand clients should any of the default values be tweaked?  I’ve searched for tuning guidance but I haven’t found any yet.
>   I’ve taken interest in the tcp-clients, max-ncache-ttl, max-cache-ttl, cleaning-interval and max-cache-size values.  These are all currently set to default.

These are good things to take a look at, yes, although also clients-per-query & max-clients-per-query.

>   I’m guessing in a more volatile network with DHCP and frequent provisioning/deprovisioning of hosts I would want to lower the max-ncache-ttl and max-cache-ttl values.  Is this correct?

That depends-- if the volatile domain is your domain, and BIND is authoritative for it, then it will be providing AAs directly from zone data, rather than caching responses obtained from some other nameserver.  For the most part, it's better for an active domain with frequently changing data to adjust the TTLs for the domain to appropriate values, and let named figure things out from there...but you can only tweak that for the domains you manage.

>   Regarding the tcp-clients option, where can I find the current connection count and how do I know if I’m coming close to this number?  In what type of environment would it be expected to hit the default threshold of 100?

You can see what active TCP sessions are open via something like:

  netstat -p tcp | grep 53

...and add "| wc -l" if you want to count them.

(You might also want to tweak that a bit to use "fgrep .53\ " to only match port 53...)

I don't think it's expected that many TCP sessions would be needed, since UDP + EDNS0 works fine for almost all cases, although as DNSSEC becomes more widely adopted it might be the case that more TCP sessions will be used.

>   Lastly, if max-cache-size is set to unlimited what happens if BIND consumes all the available memory?  Will the linux kernel terminate the process?  How can I find the value of the current cache size?

Most platforms set up a process datasize limit (commonly set to 1GB or so), after which malloc() and friends will fail to get more memory.  The kernel will only terminate processes if the entire system runs out of VM, including swap space, but the system will generally in an unusable state due to heavy paging/swapping before the kernel OOM killer gets invoked.


More information about the bind-users mailing list