[question] new bind option "max-recursion-depth"

[Evan Hunt]

On Wed, Dec 17, 2014 at 01:30:35PM +0900, Techs_Maru wrote:
> However,
> if the value of the default "7" would be the value that was created
> based on the world data ?
> ( Also for the default value of "max-recursion-queries 50;" )

I haven't personally seen any real world queries go more than 4
levels deep, but I wouldn't be surprised if there are a were domains
out there that do.  7 seemed like a safe upper limit.

The default max-recursion-queries value of 50, we got by testing with a
sample of real-world resolver traffic.  It turns out it isn't quite right,
though.  A limit of 50 works fine with a populated cache (which is
how we were testing it), but if the server is just starting up and the
nameservers for .com and .org and .net and so on aren't in cache yet,
then it *can* take more than 50 queries to resolve a name.  (This turns
out to be especially true on 9.10, due to changes in EDNS processing
that affect how much NS glue we get from servers in the early stages of
populating the cache.)  We'll be making some adjustments in upcoming
maintenance releases to allow for this.

> I want to know the recommended settings for everyone to values.

I'd leave the defaults alone on BIND 9.9.  On 9.10, I might consider
increasing max-recursion-queries to 100, but be prepared to back the
change out when updating to the next release.  Or leave the defaults
alone but be prepared for the possibility of some SERVFAIL responses in
the first few minutes after server startup.

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.