recursive-clients : recommended value for a high traffic recursive nameserver
Niall O'Reilly
niall.oreilly at ucd.ie
Mon Nov 24 11:37:34 UTC 2014
At Sun, 23 Nov 2014 21:00:15 -0800 (PST),
blrmaani wrote:
>
> Our nameservers take upto 10KQPS (mostly NOERROR type most of the time).
>
> Twice or thrice a week, I have seen upto 10% of the queries are
> SERVFAIL and we have started exceeding the default value of 2000 for
> recursive-clients settings in BIND 9.9.x.
>
> Is there a recommended value for recursive-clients option assuming
> huge number of SERVFAIL queries once in a 2/3 days?
>
> I'm not convinced to increase it to some arbitrary huge number
> 20,000 or 200,000.
>
> I am looking for answer like - if your peak SERVFAIL queries are
> 2000/second, then your recursive-clients value should be N.
I wouldn't expect that such an answer could make sense.
Exhaustion of the active recursive-clients list and the generation
of responses marked SERVFAIL are most likely different symptoms of
the same problem. I think you'll need to identify this problem and
then determine what action to take.
Your resolver seems to be dealing with queries which are
unanswerable and which are arriving in a quantity sufficient to fill
the recursive-clients list. This may be due to rogue clients,
misconfigured authoritative servers, network problems, or some
combination of these. Your logs will help identify which.
I hope this helps.
Niall O'Reilly
More information about the bind-users
mailing list