Tuning for lots of SERVFAIL responses
John Miller
johnmill at brandeis.edu
Thu Feb 18 17:19:32 UTC 2016
A couple of weeks ago, we experienced an outage on our external
Internet links. Ideally, this shouldn't affect queries for internal
resources - we expect those queries to continue to be answered.
That being said, we saw a bunch of messages in our logs such as:
client 192.168.1.2#56075: no more recursive clients (1000/0/1000): quota reached
It's my understanding that by default, BIND limits the number of
concurrent recursive queries to 1000, so obviously during these
situations, we need to raise our client limit (recursive-clients) to
deal with this.
What I'm curious about is how BIND behaves when it can't finish
iterative queries: when someone queries for yahoo.com, and the root
(or .com, yahoo.com) nameservers aren't reachable, does BIND then
issue a SERVFAIL response (assuming yes)?
How long will BIND wait before returning SERVFAIL?
At what point does BIND assume a domain is down altogether? What's
the behavior then?
In other words, how do we keep ourselves from being overwhelmed with
unanswerable queries during a network outage?
John
More information about the bind-users
mailing list