subject:"Re\: Max slaves limit\?"

Re: Max slaves limit?

2017-12-19 Thread Bob McDonald

Mea culpa of the Windows process. I should have indicated that as well.
Also I was remiss on not mentioning the MINIMAL-RESPONSES option in the
discussion. It sounds like there are some newer options available under
bind 9.11 and up (Thanks Mr. Andrews!)

That's why I read this list. It's a great source of information. Thanks
again.

Best,

Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Max slaves limit?

2017-12-18 Thread Grant Taylor via bind-users


On 12/18/2017 12:24 PM, Bob McDonald wrote:
I've seen cases where folks have added all of the Domain Controller 
addresses for an AD forest to the NS list for a domain.


I believe that DCs do this by themselves if they are using MS-DNS.  (I 
think the netlogon service does a dynamic DNS update and creates the 
records when it starts.)




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Max slaves limit?

2017-12-18 Thread Tony Finch

Bob McDonald  wrote:

> I've seen cases where folks have added all of the Domain Controller
> addresses for an AD forest to the NS list for a domain. This results in
> huge TCP response packets for ALL requests to that domain.

You can safely reduce the size of answers using the `minimal-responses
no-auth` or `no-auth-recursive` options available in 9.11 and later.
The default in 9.12 changes from `no` to `no-auth-recursive`.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
South Biscay: Northerly 5 or 6, veering northeasterly 4 or 5. Moderate or
rough, becoming slight or moderate. Rain at first. Good, occasionally poor at
first.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Max slaves limit?

2017-12-18 Thread Bob McDonald

Barry has a good point. I've seen cases where folks have added all of the
Domain Controller addresses for an AD forest to the NS list for a domain.
This results in huge TCP response packets for ALL requests to that domain.
Folks don't seem to get the concept of stealth slaves and the associated
NOTIFY options to keep things current. (As an alternative to shortening the
REFRESH time for a domain)

Best,

Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Max slaves limit?

2017-12-18 Thread Barry Margolin

In article ,
 "Barry S. Finkel"  wrote:

> On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy 
> wrote:
> > Hello folks,
> > 
> > I'm trying to find more information on the practical limitations of adding
> > more slaves.
> > Can someone tell me, how many number of slaves does BIND technically
> > support? Is there a maximum limit per master server?
> > 
> > Thank you
> > Vijay
> 
> A minor point - if there are too many slaves, then the NS list might
> not fit into a UDP packet, causing TCP to be used.  I do not know
> how many NS records would be needed to exceed the UDP packet size;
> it would depend upon the length of the nodenames of the DNS servers.

That assumes all the slaves are named individually in NS records. You 
could be using anycast IPs so the same name refers to numerous different 
servers.

FYI the root zone has 13 NS records. The NS records themselves fit, but 
not all the associated A and  records that go into the Additional 
section.

And if you're using DNSSEC, most responses don't fit in the traditional 
500 byte UDP packet, and EDNS0 buffer size is usually used rather than 
switching to TCP.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Max slaves limit?

2017-12-18 Thread Ben Croswell

That is a valid consideration but being a slave doesn't always mean being
in the NS records.

On Dec 18, 2017 9:47 AM, "Barry S. Finkel"  wrote:

> On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy 
> wrote:
>
>> Hello folks,
>>
>> I'm trying to find more information on the practical limitations of adding
>> more slaves.
>> Can someone tell me, how many number of slaves does BIND technically
>> support? Is there a maximum limit per master server?
>>
>> Thank you
>> Vijay
>>
>
> A minor point - if there are too many slaves, then the NS list might
> not fit into a UDP packet, causing TCP to be used.  I do not know
> how many NS records would be needed to exceed the UDP packet size;
> it would depend upon the length of the nodenames of the DNS servers.
>
> --Barry Finkel
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Max slaves limit?

2017-12-18 Thread Barry S. Finkel


On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy 
wrote:

Hello folks,

I'm trying to find more information on the practical limitations of adding
more slaves.
Can someone tell me, how many number of slaves does BIND technically
support? Is there a maximum limit per master server?

Thank you
Vijay


A minor point - if there are too many slaves, then the NS list might
not fit into a UDP packet, causing TCP to be used.  I do not know
how many NS records would be needed to exceed the UDP packet size;
it would depend upon the length of the nodenames of the DNS servers.

--Barry Finkel
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Max slaves limit?

2017-12-18 Thread Tony Finch

Barry Margolin  wrote:
> vijay bommareddy  wrote:
> >
> > Can someone tell me, how many number of slaves does BIND technically
> > support? Is there a maximum limit per master server?
>
> Why would there be any limit? The master doesn't need to keep track of
> slaves, it just responds to queries from them.
>
> The zone transfer queries they make have a little more overhead than
> "normal" queries, but they don't happen very often (only when the zone
> changes). To avoid all slaves hammering the master at the same time,
> NOTIFY messages are staggered after a change is loaded.

Right.

If you think your server is having problems, look for xfer-out and
'sending notifies' in your logs. The options you can configure to control
xfer traffic include:

* `notify-rate`, `startup-notify-rate` (to limit how fast your server
solicits xfers)

* `transfers-out`, `transfers-per-ns` (to limit the number of TCP
clients that can be tied up with zone transfers)

* `tcp-clients` (overall budget, covering xfers, updates, and large
responses)

* `max-transfer-time-out`, `max-transfer-idle-out`, `tcp-initial-timeout`
(to limit problems with broken secondaries)

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Viking, North Utsire, South Utsire: Northwesterly, backing southerly, 5 or 6.
Moderate or rough. Occasional rain. Good, occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Max slaves limit?

2017-12-17 Thread Barry Margolin

In article ,
 vijay bommareddy  wrote:

> Hello folks,
> 
> I'm trying to find more information on the practical limitations of adding
> more slaves.
> Can someone tell me, how many number of slaves does BIND technically
> support? Is there a maximum limit per master server?

Why would there be any limit? The master doesn't need to keep track of 
slaves, it just responds to queries from them.

The zone transfer queries they make have a little more overhead than 
"normal" queries, but they don't happen very often (only when the zone 
changes). To avoid all slaves hammering the master at the same time, 
NOTIFY messages are staggered after a change is loaded.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Max slaves limit?

Re: Max slaves limit?

Re: Max slaves limit?

Re: Max slaves limit?

Re: Max slaves limit?

Re: Max slaves limit?

Re: Max slaves limit?

Re: Max slaves limit?

Re: Max slaves limit?

9 matches

Site Navigation

Mail list logo

Footer information