<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:black">Yeah, in that case you might see higher-than-normal TCP traffic
</span><span style="font-family:Wingdings;color:black">J</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black"> - Kevin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> bind-users-bounces@lists.isc.org [mailto:bind-users-bounces@lists.isc.org]
<b>On Behalf Of </b>Shawn Zhou<br>
<b>Sent:</b> Thursday, October 16, 2014 6:08 PM<br>
<b>To:</b> Barry Margolin; comp-protocols-dns-bind@isc.org<br>
<b>Subject:</b> Re: BIND listen backlog too small<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div id="yui_3_16_0_1_1413493499834_20958">
<p class="MsoNormal" style="background:white"><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div id="yui_3_16_0_1_1413493499834_20956">
<p class="MsoNormal" style="background:white"><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:black">This is for one of our masters which has about 20K zones and handles zone transfer traffic from few hundred of our slaves.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">On Thursday, October 16, 2014 2:27 PM, Barry Margolin <<a href="mailto:barmar@alum.mit.edu">barmar@alum.mit.edu</a>> wrote:</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica","sans-serif";color:black">In article <<a href="mailto:mailman.1083.1413494517.26362.bind-users@lists.isc.org">mailman.1083.1413494517.26362.bind-users@lists.isc.org</a>>,<br>
Shawn Zhou <<a href="mailto:shawnzhou00@yahoo.com">shawnzhou00@yahoo.com</a>> wrote:<br>
<br>
> Hello,<br>
> While I was investigating potential SYN flooding warning messages on my Linux <br>
> box for our DNS traffic,I was very surprised to see the backlog was set to <br>
> very small numbers for BIND tcp sockets.<br>
> strace showed backlog was '10' for listening socket for port 53 and '128' for <br>
> listening socket for port 953 (rdnc traffic).<br>
> I've restarted BIND after I updated somaxconn but BIND didn't pick up the <br>
> value.<br>
> Why doesn't BIND set the backlog to a huge number and let OSes reduce it to <br>
> whatever somaxconn is? Or just set backlog to whatever is is set for <br>
> somaxconn?<br>
<br>
Since TCP queries should be infrequent, why does it need a high backlog?<br>
<br>
It seems like it's already increasing it, IIRC the default is 5.<br>
<br>
-- <br>
Barry Margolin<br>
Arlington, MA<br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">
https://lists.isc.org/mailman/listinfo/bind-users </a>to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
<br>
<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>