Limiting Concurrent Recursive Clients
5.19.1 Problem
You want to limit the number of concurrent recursive clients a name server handles.
5.19.2 Solution
Use the BIND 9 recursive-clients options substatement. For example:
options { directory "/var/named"; recursive-clients 500; };
The default limit is 1,000 recursive clients.
5.19.3 Discussion
With recursive-clients, you can limit the number of recursive queriers a name server will handle concurrently. A name server receives recursive queries both from resolvers and from name servers that use it as a forwarder. Since each recursive query consumes about 20K of memory, the total amount of memory needed to service 1,000 queriers -- the default limit -- is about 20MB. If a name server doesn't have that much real memory available, you may need to set its limit lower.
If a name server reaches this limit, it will refuse further recursive queries and you'll see messages like this one in its syslog output:
named[579]: client 192.168.0.11#1567: no more recursive clients: quota reached
Check whether the recursive clients the name server is serving are legitimate (e.g., not part of some distributed denial of service attack). If they are, and there's sufficient memory available on the host, raise the limit to accommodate them.
There's no corresponding substatement in BIND 8.
5.19.4 See Also
"Resource Limits" in Chapter 10 of DNS and BIND.