[question] new bind option "max-recursion-depth"

[Evan Hunt]

On Wed, Dec 17, 2014 at 03:32:30AM -0500, Barry Margolin wrote:
> Didn't someone post a problem they were having a few days ago because of 
> a chain of Akamai CNAMEs that exceeded the limit?

Recursion depth is about how many layers deep you have to go to
resolve an NS address.  CNAME chains have different limits on them.

I should have followed up on that other thread, actually.  The problem with
9.10 was mostly due to a change we made to improve latency when dealing
with bad connections and broken servers: when talking to a server for the
first time, 9.10 starts out using smaller packet sizes and works its way up
if they're successful, whereas 9.9 and earlier would start with large
packet sizes and work its way down if they failed.

The result is that 9.10 gets answers more quickly in the average case,
but in the short-lived pessimal case where the cache is completely empty,
there are drawbacks.  Responses to our queries start out small, so they
don't have as much space to hold name server addresses, so we have to send
follow-up queries to get that information; this counts toward the query
limits.  So, early queries against an empty cache are at an unfair
disadvantage with respect to the max-recursion-queries counter.

9.10.2 has a fix that should make things better.  The code's already been
pushed to the git repository at source.isc.org, in case anyone wants to try
it now.  I expect to release a beta version either next week or after the
holidays.

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.