Over 2 weeks ago begins flood. A lot of queries:
niqcs.www.84822258.com
vbhea.www.84822258.com
abpqeftuijklm.www.84822258.com
adcbefmzidmx.www.84822258.com
and many others.
Bind answers with "Server failure". On high load (4 qps) all normal
client can get Servfail on good query. Or query can ex
On 27.02.2014 09:59, Dmitry Rybin wrote:
Bind answers with "Server failure". On high load (4 qps) all normal
client can get Servfail on good query. Or query can execute more 2-3
second.
I have an a mistake, 4'000 QPS.
___
Ple
Hello!
I test patch, add to bind95/Makefile
.if (${ARCH} == "amd64")
ARCH= x86_64
.endif
work/bind-9.5.0-P2/config.log
uname -m = amd64
/usr/bin/uname -p = amd64
Target: amd64-undermydesk-freebsd
Configured with: FreeBSD/amd64 system compiler
ISC_ARCH_DIR='x86_32'
build='x86_64-portbld-
BIND 9.5.0-P2) + threading enabled
>
> thanks!
>
> --- On Wed, 12/10/08, Dmitry Rybin <[EMAIL PROTECTED]> wrote:
>
>> From: Dmitry Rybin <[EMAIL PROTECTED]>
>> Subject: Re: dnsperf and BIND memory consumption
>> To: "Vinny Abello" <[EM
JINMEI Tatuya / 神明達哉 wrote:
> At Tue, 09 Dec 2008 18:05:27 +0300,
> Dmitry Rybin <[EMAIL PROTECTED]> wrote:
>
>> I test patch, add to bind95/Makefile
>> .if (${ARCH} == "amd64")
>> ARCH= x86_64
>> .endif
>
> Future versions
t;
> my patch for the port is the same as yours...
>
> thanks!
> ===
> ..if ${ARCH} == "amd64"
> ARCH=x86_64
> ..endif
>
>
>
> --- On Thu, 12/11/08, Dmitry Rybin <[EMAIL PROTECTED]> wrote:
>
>> From: Dmitry Rybin <[EMAIL
t available.
) at server.c:3751
#17 0x0057052c in run (uap=Variable "uap" is not available.
) at task.c:862
#18 0x005868a7 in thread_start ()
#19 0x in ?? ()
Cannot access memory at address 0x7fbff000
At normal situation after startup memory usage over 7
sk=0x80839000,
event=Variable "event" is not available.
) at controlconf.c:456
#14 0x0057052c in run (uap=Variable "uap" is not available.
) at task.c:862
#15 0x005868a7 in thread_start ()
#16 0x in ?? ()
Cannot access memory at address 0x7ffffeff9000
JINMEI Tatuya / 神明達哉 wrote:
> At Thu, 11 Dec 2008 11:25:42 +0300,
> Dmitry Rybin wrote:
>
>> OK. I just make bind from src with ./configure --enable-threads & gcc
>> option -static.
>>
>> file /usr/local/sbin/named-test
>> /usr/local/sbin/named-test: E
Thank's to JINMEI Tatuya for support.
I have over 40 views, defined in named.conf, max-memory for cache -
32Mb. Named daemon allocate over 2 Gb per 24 hours of work.
Have you any ideas how to limit memory usage?
Dmitry Rybin wrote:
> max-cache-size 64M;
> # /usr/bin/limits -v 1200M
Thank's to JINMEI Tatuya for support.
I have over 40 views, defined in named.conf, max-memory for cache -
32Mb. Named daemon allocate over 2 Gb per 24 hours of work.
Have you any ideas how to limit memory usage?
Dmitry Rybin wrote:
> max-cache-size 64M;
> # /usr/bin/limits -v 1200M
JINMEI Tatuya / 神明達哉 wrote:
> At Mon, 15 Dec 2008 09:53:23 +0300,
> Dmitry Rybin wrote:
>
>> Thank's to JINMEI Tatuya for support.
>> I have over 40 views, defined in named.conf, max-memory for cache -
>> 32Mb. Named daemon allocate over 2 Gb per 24 hours of wor
JINMEI Tatuya / 神明達哉 wrote:
>>
>>> Have you any ideas how to limit memory usage?
>> Unfortunately not, unless you can consolidate the caching views to a
>> small number of views.
>
> If you can allow the multiple views to share a single cache, one
> possibility is to create a separate "localhost"
FreeBSD 7.1 i386, AMD64 - bind 9.5.1rc, 9.6.0rc works good.
On Fri, 2008-12-19 at 12:39 -0600, Jeremy C. Reed wrote:
> Hi,
>
> I am working on BIND documentation and want to make sure the lists of
> operating systems used successfully with BIND are accurate.
>
> If you are willing, please email
Linux Addict wrote:
> Folks, I have BIND 9 running. For some reason, the external resolution
> is not working. I can telnet to root servers on port 53. Recursion is
> on. What are the other requiremnts for the server to reesolve the
> external records. Please help!!
>
TCP? You must open in firew
Hello!
How to disable cache in bind-9.6? ttl=0 - bad idea.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Matus UHLAR - fantomas wrote:
> On 20.01.09 12:49, Dmitry Rybin wrote:
>> How to disable cache in bind-9.6? ttl=0 - bad idea.
>
> if you know that setting TTL to 0 is a bad idea, why do yuo think that
> disabling a cache in BIND is not a bad idea?
>
Because under hig
Alan Clegg wrote:
> Dmitry Rybin wrote:
>> Matus UHLAR - fantomas wrote:
>>> On 20.01.09 12:49, Dmitry Rybin wrote:
>>>> How to disable cache in bind-9.6? ttl=0 - bad idea.
>>> if you know that setting TTL to 0 is a bad idea, why do yuo think that
>>
Matus UHLAR - fantomas wrote:
>
> This is _NOT_ a problem of BIND. This is a problem of its admin who can't
> read the docs and set up max-cache-size, which does exactly what is needed
> in this case.
>
Hmm... And why bind allocate all system memory, if max-cache-size 16M?
And views... 50 views
Mark Andrews wrote:
>>>
>> Hmm... And why bind allocate all system memory, if max-cache-size 16M?
>> And views... 50 views. 16*50=800M. Only 800M, this is not 3..4GB of
>> system memory.
>
> +50 views of zone data + memory for 10 clients +
>
> You have a 32bit build which wi
В Пнд, 26/01/2009 в 16:16 -0800, JINMEI Tatuya / 神明達哉 пишет:
> http://www.jinmei.org/patch/bind9-lrucache.diff
> (should be cleanly applicable to 9.6).
> and let me know if it mitigates the problem?
>
Oh, great work. I'll try tomorrow.
> Other recommendations:
> - I previously suggested using a
Matus UHLAR - fantomas wrote:
>>> and let me know if it mitigates the problem?
>
> On 29.01.09 22:50, Dmitry Rybin wrote:
>> Oh, great work. I'll try tomorrow.
Named with JINMEI Tatuy patch:
max-cache-size 800M;
Morning Statistic
version: 9.6.0-P1
CPUs found: 8
w
JINMEI Tatuya / 神明達哉 wrote:
> At Wed, 04 Feb 2009 11:23:19 +0300,
> Dmitry Rybin wrote:
>
>> Named with JINMEI Tatuy patch:
>> max-cache-size 800M;
>
> It's way too much, if this applies to all of the 50 views.
>
With you
Matus UHLAR - fantomas wrote:
>
> On 04.02.09 11:23, Dmitry Rybin wrote:
>> It's impossible, :-( over 500'000 client use bind and we must use views
>> to split load on another services.
> > Named with JINMEI Tatuy patch:
> > max-cache-size 800M;
> I
This is not good idea to use statefull firewall on heavy loaded DNS
server. firewall becomes low place in the system.
As workaround you can use dns_flood_detector + simple script to insert
and remove IP's from firewall blocking table or chain.
27.10.2010 23:26, Sebastian Tymków пишет:
> In FreeBS
28.09.2010 10:46, JINMEI Tatuya / 神明達哉 пишет:
> These logs are not (directly) related to file descriptors. They mean
> epoll returned more socket events than the implementation normally
> expects (which is 64). This is not necessarily an error because the
> remaining events will be returned with
24.08.2011 08:04, sky shade пишет:
Hello
I like to know if bind 9.8 have a limit of view?
There is any number or I can create something like 1 million views
without problems?
There is any performance implication in use to many views?
I use about 120 views. It accure 1,8gb of RAM in Idle. You
The Best - use carp (VRRP) protocol for it or nginx proxy server.
Or you can use dynamic update for zone:
ping -c 5 your.host || nsupdate ...
Mohammed Ejaz wrote:
> Hi all,
>
>
>
> Can it be possible through the bind, www records should work as
> failover, I mean during the primary record un
JINMEI Tatuya / 神明達哉 wrote:
At Fri, 13 Mar 2009 17:31:37 -0400,
R Dicaire wrote:
Please try 9.6.1b1, which we expect to be released next week. It has a
new experimental feature just for that purpose:
Is this feature going to be back ported to 9.4 and 9.5 releases as well?
For 9.5, yes. Fo
JINMEI Tatuya / 神明達哉 wrote:
At Mon, 22 Jun 2009 13:30:42 +0400,
Dmitry Rybin wrote:
Please try 9.6.1b1, which we expect to be released next week. It has a
new experimental feature just for that purpose:
Is this feature going to be back ported to 9.4 and 9.5 releases as well?
For 9.5, yes
JINMEI Tatuya / 神明達哉 wrote:
At Wed, 24 Jun 2009 10:13:51 +0400,
Dmitry Rybin wrote:
new experimental feature just for that purpose:
Is this feature going to be back ported to 9.4 and 9.5 releases as well?
For 9.5, yes. For 9.4, not according to the current plan.
named[87071]: 22-Jun-2009
Hello.
powerdns-recursor - the best. :)) Over 20k req/sec - feel good.
As variant try to use small TTL like:
bind:
max-ncache-ttl 1;
max-cache-ttl 1;
powerdns-recursor
cache-ttl=1
default-ttl=1
Scott Haneda wrote:
Hello, this may not entirely be related to BIND/named, though I believe
it is.
Lev Vanyan wrote:
i've stumbled into a question whether it is possible to configure BIND
in a way that it responds to DNS SRV requests with the priority flag
changed depending on the IP address of the requesting party.
For example,
there are two SRV records for _foobar._tcp. One points to 10.0.1
ulimit -a ? Looks like as max open file descriptor limit exceeded.
On FreeBSD/Linux boxes I use MONIT (http://mmonit.com/monit/) то check
and restart bind.
BBB Kee wrote:
Hi,
We have a intel solaris 9 and bind9.5.1-P3 inside it. The named suddenly
stopped at this morning. Here is it left:
Hello!
Have anybody test option attach-cache? There is no documentation about
it. :(
I add attach-cache "world" (world - global view) and rndc reload failure:
Aug 13 16:59:49 kananga named-7[37361]: 13-Aug-2009 16:59:49.262
general: error: views view0 and view1 can't share the cache due to
JINMEI Tatuya / 神明達哉 wrote:
Have anybody test option attach-cache? There is no documentation about
it. :(
Have you read the ARM? It may not be sufficient (while I personally
believe it's quite extensive), but at least there *is* documentation.
OK, Please explain what configuration parame
Hello everybody!
I think, that be useful make this feature in bind:
Add option to disable internal recursion cache, and forward all
recursive queries to another daemon.
Daemon as unbound, pdns-recursor - much faster in recursion queries,
that bind. :(
Niall O'Reilly wrote:
I think, that be useful make this feature in bind:
Add option to disable internal recursion cache, and forward all
recursive queries to another daemon.
Daemon as unbound, pdns-recursor - much faster in recursion queries,
that bind. :(
I don't see the point.
I
Kevin Darcy wrote:
Daemon as unbound, pdns-recursor - much faster in recursion queries,
that bind. :(
___
So, you don't cache locally, you forward to another daemon that (in the
best case) answers from *its* cache.
How have you improved performance
Matus UHLAR - fantomas wrote:
Bind answer authoritative for all clients, and forward (if allowed)
recursive queries to recursive server.
why shouldn't it cache those responses?
Bind cache is slow. It allocate a lot of memory and make high CPU usage.
_
ulimit?
万善义 wrote:
> CentOS release 5.4 (Final) + BIND 9.6.1-P1
>
> Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
> 8G Memory
>
>
> Load 500,000 domains, the loading process, the following error:
>
> loading zone: creating database: out of memory
>
___
Hello!
I can't find in docs how disable answer (Refused), if recursion for IP
is not allowed?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
I found answer for my feature request - simple C proxer:
http://www.wolfermann.org/dnsproxy.html
It can forward queries to auth or recursion server. Based on client IPs.
FreeBSD port /usr/ports/dns/dnsproxy/
___
bind-users mailing list
bind-users@list
Barry Margolin wrote:
In article ,
Dmitry Rybin wrote:
Hello!
I can't find in docs how disable answer (Refused), if recursion for IP
is not allowed?
What do you expect it to do instead? Not respond at all?
Drop not allowed request.
___
Give me parabellum :)
This is not answer. I wont to disable Refused answers for not allowed
client in recursion.
Peter Andreev wrote:
Search in arm by keyword "blackhole" will save father of russian
democracy :-)
2009/12/3 Dmitry Rybin mailto:kirg...@corbina.net>>
Barr
Hi! RTFM :)
/etc/security/limits.conf
binduser softnofile 32384
binduser hardnofile 32384
change binduser - to you real BIND user.
john wrote:
Hi,
I'm seeing this quite frequently in syslog from bind:
Dec 7 11:00:00 ext named[26731]: isc_socket_create: fcntl/reserved:
Hello bind gurus!
I need to change only one record in zone (not deligated to my server,
can't transfer it too)
RECORD.DOMAIN.NET IN A 192.168.1.1
to
RECORD.DOMAIN.NET IN CNAME RECORD.DOMAIN.ORG
Only one record! Is this possible via bind?
___
bind-us
Matus UHLAR - fantomas wrote:
I need to change only one record in zone (not deligated to my server,
can't transfer it too)
RECORD.DOMAIN.NET IN A 192.168.1.1
to
RECORD.DOMAIN.NET IN CNAME RECORD.DOMAIN.ORG
Only one record! Is this possible via bind?
Not if ht domain is not yours.
You mus
05.04.2010 10:06, sasa sasa пишет:
> Hello everyone,
>
> Any one used any load balancer for DNSs? any recommendation? it's 2
> caching-only DNSs, and I'd like to make a load balance between them
> using software.
>
Simple - Linux, FreeBSD firewall as balancer :) (30k qps)
Can give you ex
I use text file format:
===
2a00:18c0:0001::2 dns1.domain.net.
2a00:18c0:0001::3 dns2.domain.net.
===
and ruby script to convert into reverse zone:
==
I've test next configuration, which improve recursion performance of
isc-bind frontend.
bind listen on only on external interface and forward all recursive
queries to 127.0.0.1
=== named.conf ===
listen-on { 1.1.1.1; };
forward only;
forwarders {
127.0.0.1;
};
===
51 matches
Mail list logo
