Limiting Concurrent Recursive Clients

5.19.1 Problem

You want to limit the number of concurrent recursive clients a name server handles.

5.19.2 Solution

Use the BIND 9 recursive-clients options substatement. For example:

options {
 directory "/var/named";
 recursive-clients 500;
};

The default limit is 1,000 recursive clients.

5.19.3 Discussion

With recursive-clients, you can limit the number of recursive queriers a name server will handle concurrently. A name server receives recursive queries both from resolvers and from name servers that use it as a forwarder. Since each recursive query consumes about 20K of memory, the total amount of memory needed to service 1,000 queriers -- the default limit -- is about 20MB. If a name server doesn't have that much real memory available, you may need to set its limit lower.

If a name server reaches this limit, it will refuse further recursive queries and you'll see messages like this one in its syslog output:

named[579]: client 192.168.0.11#1567: no more recursive clients: quota reached

Check whether the recursive clients the name server is serving are legitimate (e.g., not part of some distributed denial of service attack). If they are, and there's sufficient memory available on the host, raise the limit to accommodate them.

There's no corresponding substatement in BIND 8.

5.19.4 See Also

"Resource Limits" in Chapter 10 of DNS and BIND.

Getting Started

Zone Data

BIND Name Server Configuration

Electronic Mail

BIND Name Server Operations

Delegation and Registration

Security

Interoperability and Upgrading

Resolvers and Programming

Logging and Troubleshooting

IPv6



DNS & BIND Cookbook
DNS & BIND Cookbook
ISBN: 0596004109
EAN: 2147483647
Year: 2005
Pages: 220
Authors: Cricket Liu

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net