Yes as we known the BIND’s default configuration values work just fine and have only a few configurations that need some further tuning. In this section, we discuss to you to tune your name server by adjust recursive clients to suitable and enough on a busy cache DNS Server.
By default we don’t know which parameters that must tuned, and operate as production service for some period until its raised up errors.
With recursive-clients parameter the default value is 1000 in Bind9 and when it got error you found many lines of “no more recursive clients: quota reached” in syslog ( default syslog file /var/log/messages )
How to check recursive-clients current value ?
First check the current recursive-cleints value with rndc status command. The rndc utility is a command line tool that allows you to administer the named service, both locally and from a remote machine. Its usage is as follows:
|
1 2 3 |
rndc [option...] command [command-option] |
( Assuming the BIND version supports the rndc utility )
rndc status output explain
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
~]# rndc status version: 9.7.0-P2-RedHat-9.7.0-5.P2.el6 CPUs found: 1 worker threads: 1 number of zones: 16 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running |
recursive clients: 0/0/1000
formatting as recursive clients: C/S/H , explain about C/S/H as following :
C : My understand it’s the number of concurrent recursive-resolution requests (requests currently being performed), even if the same source address is associated with multiple requests.
S : I call this number a “soft limit” and its seem possible the max requests that BIND can serve requests without cancelling the oldest queries. This value is approach the next hard limit number (H – 3rd number).
H : I call this number a “hard limit“. Typically it should never hit this value, unless the queries are coming in faster than the cancellations can be performed. When the hard limit is reached, I think BIND just ignores any further queries.
tcp clients: 0/100
formatting as tcp clients: T/M, explain about T/M as following :
T : I think it means the clients TCP connection is currently established to the named process.
M : The maximum clients TCP connections that established to named process.
Tune the concurrent client settings
As we known above, BIND 9 limits the number of concurrent recursive clients and tcp-clients
The default is 1000 and 100 consequence. You can increase that number twice to, say 2000,4000 (tcp-clients: 200,400), with:
|
1 2 3 4 5 6 |
options { recursive-clients 2000; tcp-clients 200; }; |
Conclusion
If resolver has been in production for some time with approximately the same number of clients and this error appeared suddenly, you’d be well advised to raise the recursive-clients limit only for the length of time it takes to investigate the underlying cause of your backlog requests.
There is something causing some or all queries to take an extremely long time to complete, causing a backlog requests as following :
- Response time of the authoritative servers that answer the queries from our resolver
- Network bottlenecks, more latency times more backlog requests too
Recent BIND - recursive-clients tuning Search Terms:
- - bind recursion limit (1)
- - bind dns recursive compression (1)
- - bind recursive query limit (1)
