See the BIND ARM for the option recursive-clients
As in:
options {
recursive-clients 4000;
};
I don't recall what the default is (maybe 1000), but our environment required
an increase to 4000.
You may also want to look at these options: tcp-clients X; clients-per-query
N; max-clients-per-query P;
The defaults may vary on BIND version. Furthermore, settings may vary for the
environment the DNS server is in.
Assuming the BIND version supports the rndc utility, one can see a snap shot in
time on the current settings and activity.
For example:
# rndc status
version: 9.6.0-P1 (version.bind/txt/ch disabled)
CPUs found: 2
worker threads: 2
number of zones: 14
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 71/3900/4000
tcp clients: 0/200
server is up and running
HTH -- Chris
----- Original Message ----
From: Oliver Henriot <oliver.henr...@imag.fr>
To: bind-users@lists.isc.org
Sent: Wed, March 24, 2010 10:41:28 AM
Subject: no more recursive clients: quota reached
Dear list users,
I'd like to understand a point about quotas on recursive clients quotas and
reading books, manuals and this list's archives hasn't made it entirely clear
to me.
I have the classical error logs :
17-Mar-2010 12:14:44.026 client: warning: client 129.88.30.5#57960: no more
recursive clients: quota reached
I have a lot of these... (two thousand unique clients blocked over the last two
weeks on my main resolver)
Is this quota global for all clients? I.e. one rogue client sending massive
amounts of recursive requests would blow the quota for everyone. Or is it per
client? It seems unlikely to me but I'm not clear on that point.
Is increasing the quota limit the only solution?
It seems odd to me to hit the default bind limit on my servers when they are
not open recursive servers and only clients on my networks (a few thousand
clients for three recursive resolvers) can interrogate them.
The problem is particularly crucial because one of the clients is a router
behind which many of my clients are nated and each time the quota is reached on
the servers they use all the clients behind the router address are blocked and
get network timeouts.
I'm going to increase the quota, but if you can tell me if this the right thing
to do or if I should be looking for something else that would be great.
Best regards,
Oliver Henriot
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
