At Sun, 23 Nov 2014 21:00:15 -0800 (PST), blrmaani wrote: > > Our nameservers take upto 10KQPS (mostly NOERROR type most of the time). > > Twice or thrice a week, I have seen upto 10% of the queries are > SERVFAIL and we have started exceeding the default value of 2000 for > recursive-clients settings in BIND 9.9.x. > > Is there a recommended value for recursive-clients option assuming > huge number of SERVFAIL queries once in a 2/3 days? > > I'm not convinced to increase it to some arbitrary huge number > 20,000 or 200,000. > > I am looking for answer like - if your peak SERVFAIL queries are > 2000/second, then your recursive-clients value should be N.
I wouldn't expect that such an answer could make sense. Exhaustion of the active recursive-clients list and the generation of responses marked SERVFAIL are most likely different symptoms of the same problem. I think you'll need to identify this problem and then determine what action to take. Your resolver seems to be dealing with queries which are unanswerable and which are arriving in a quantity sufficient to fill the recursive-clients list. This may be due to rogue clients, misconfigured authoritative servers, network problems, or some combination of these. Your logs will help identify which. I hope this helps. Niall O'Reilly _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users