Limiting Concurrent Zone Transfers

5.17.1 Problem

You want to limit the number of concurrent zone transfers a name server will allow.

5.17.2 Solution

On a BIND 9 master name server, use the transfers-out options substatement. For example:

options { directory "/var/named"; transfers-out 4; };

This limits the number of zone transfers the master will serve concurrently. The default limit is 10. Unfortunately, BIND 8 name servers don't support transfers-out.

On a slave name server, use the transfers-in options substatement. For example:

options { directory "/var/named"; transfers-in 4; };

This limits the number of concurrent zone transfers the slave will request from its master name servers. The default is also 10.

5.17.3 Discussion

There's another options substatement available for limiting the number of concurrent zone transfers a slave name server will request from any one master: transfers-per-ns. The default value for transfers-per-ns is two, and you can override the limit for particular name servers using the transfers substatement of the server statement. For example:

server 10.0.0.1 { transfers 10; };

If you limit the number of concurrent zone transfers too aggressively, it may take the slave name server longer to converge with its master. For example, if the slave can only start 2 concurrent zone transfers from its master but needs to transfer 10 zones, it'll start 2, wait until 1 completes, start another, and so on, until all 10 have transferred. That will probably take more time than just starting all 10 at once.

Conversely, allowing too many concurrent zone transfers soaks up a lot of resources on both master and slave name servers.

5.17.4 See Also

Section 5.18, for limiting the number of TCP clients of any kind a name server will serve; and "Zone Transfers" in Chapter 10 of DNS and BIND.

Категории