Recursive bind becomes unresponsive with high load

Michael Brunnbauer brunni at
Thu Mar 31 16:29:22 UTC 2016

Hello Mike,

On Thu, Mar 31, 2016 at 04:05:39PM +0000, Mike Hoskins (michoski) wrote:
> If you are crawling lots of new names, the cache size won't have much
> impact.  Each new query will require recursing vs hitting the cache.  Try
> "rndc recursing" and look at what you have sitting around waiting for
> answers.  Hopefully that provides some clues.  This can be all sorts of
> things like unresponsive auth servers, network issues, firewalls munging
> EDNS, etc causing the recursive client backlog.

Can a "recursive client backlog" be a problem if recursing clients is ca. 1000
while recursive-clients is 6000? If yes, where is the backlog? I can see it
in the syslog when recursive-clients is reached - this does not happen here.

Here are the first 10 lines. The other 995 lines all look like this.

; Recursing Queries
; client id 13156 '' requesttime 1459440503
; client id 30082 '' requesttime 1459440503
; client id 58170 '' requesttime 1459440503
; client id 62912 '' requesttime 1459440504
; client id 17254 '' requesttime 1459440504
; client id 24940 '' requesttime 1459440504
; client id 25054 '' requesttime 1459440504

There are only 2 requests for .de domains in the queue so the failing requests
for cannot be explained by a rate limiting of the .de nameservers.
What are current rate limits for tld nameservers anyway? I wonder how fast
a single bind instance should hammer them.

Our database is cluttered with chinese linkfarms and the DNS queries for them
tend to fail early and often or take a long time. I may be able to address
this in some way so that those queries are reduced but I would also like to
have a DNS server that can handle high load and it seems my current setup is


Michael Brunnbauer

++  Michael Brunnbauer
++  netEstate GmbH
++  Geisenhausener Straße 11a
++  81379 München
++  Tel +49 89 32 19 77 80
++  Fax +49 89 32 19 77 89 
++  E-Mail brunni at
++  Sitz: München, HRB Nr.142452 (Handelsregister B München)
++  USt-IdNr. DE221033342
++  Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer
++  Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <>

More information about the bind-users mailing list