High recursive client counts

Jason Brandt jbrandt at fsmail.bradley.edu
Tue Mar 25 18:20:21 UTC 2014 

Cathy,
  Thank you for your comments.  I will continue to investigate, it helps to
have avenues to look down though.

As far as build version, we are aware that we aren't at current stable
release.  However we've tried to stick to the distro release as much as
possible, to help streamline patching.  But if this continues to be an
issue, it's something we will definitely consider.

The thing that's strange to me, is that we can mostly alleviate the
symptoms, by using a forwarder.  Currently I'm using an internal Windows
2003 server in the same subnet, on the same switch, to forward through,
however I was previously using 8.8.8.8, and it was behaving well too.  It
seems to happen worst when simply using the root hints.

Rndc recursing doesn't seem to be much help.  The queries are all over,
including google, adobe, amazon, microsoft, etc, as a combination of
A/AAAA/PTR/TXT records, from a variety of different clients on different
subnets and in different firewall zones.   At a glance, I don't see any
correlation.

Again, I'll keep investigating, and appreciate all the input!

Jason


On Tue, Mar 25, 2014 at 12:34 PM, Cathy Almond <cathya at isc.org> wrote:

> Packet tracing and/or looking at rndc recursing is good - then you'll
> see which client queries are waiting for answers from authoritative
> servers.
>
> Depending on what you've upgraded from, this might be a problem with
> whether or not your infrastructure can handle EDNS0 and large packet
> sizes.  Newer version of BIND set the DO bit by default on the iterative
> queries, so perhaps some servers are sending back larger response than
> you were receiving before.  It's worth checking that your network
> infrastructure can handle both EDNS0 and large UDP packet sizes (and DNS
> queries via TCP of course too).  See
> https://www.dns-oarc.net/oarc/services/replysizetest
>
> I should also comment that the distro BIND 9.8 that you're using isn't
> the current ISC version, so you're missing-out on recent fixes - you
> might be better off with a self-build of 9.8.7-W1 or 9.8.5-W1:
> http://www.isc.org/downloads/
>
> These also might be helpful:
>
> https://kb.isc.org/article/AA-00771/46/Which-version-of-BIND-do-I-want-to-download-and-install.html
>
> https://kb.isc.org/article/AA-00768/46/Getting-started-with-BIND-how-to-build-and-run-named-with-a-basic-recursive-configuration.html
>
> HTH
>
> Cathy
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



-- 
Jason K. Brandt
Systems Administrator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140325/6168edba/attachment-0001.html>

More information about the bind-users mailing list