no more recursive clients

Taking care of your Linux box.
JazzyB
Lance Naik
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

no more recursive clients

Postby JazzyB » Tue Jan 20, 2009 3:49 pm

Dear All

I am having problem with my squid box named service. Following is error message.

"Named [924]: client ip#1046: no more recursive clients: quota reached"

Kindly help me to resolve issue.

thanks


:lol:

mejam
Havaldaar
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
Location: Lahore
Contact:

Postby mejam » Tue Jan 20, 2009 4:24 pm

By default, BIND allows 1000 concurrent recursive clients. If you exceed this limit, you will see syslog messages similar to the one that u have posted

To increase the number of concurrent recursive clients, use the recursive-clients option in the global server configuration options.

Example:

options {
...
recursive-clients 10000;

};

Increase this value to 2000 or some higher value....
Regards
Abdulrehman

JazzyB
Lance Naik
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

tell me file

Postby JazzyB » Tue Jan 20, 2009 4:29 pm

Dear Abdulrehman

Kindly tell me file in which i will change value. If i change value to 3000 what are possible disadvantages of that.

mejam
Havaldaar
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
Location: Lahore
Contact:

Postby mejam » Tue Jan 20, 2009 4:37 pm

named.conf is known as global configuration file....most of the times it is located as /etc/named.conf.check it in there.see by default the option is 1000 and its more than enough...check ur DNS if all the connections are valid or not...otherwise incrasing the value will not create troubbles for u.
Regards

Abdulrehman

JazzyB
Lance Naik
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

named.conf file

Postby JazzyB » Tue Jan 20, 2009 4:44 pm

Dear

Following is named file there is no line in which i reset the value. Kindly suggest me.


// generated by named-bootconf.pl

options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

include "/etc/rndc.key";
~

mejam
Havaldaar
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
Location: Lahore
Contact:

Postby mejam » Tue Jan 20, 2009 4:48 pm

is this zone file working for you...??
which distro are u using...?
how did u install bind...from source or from repository....?
which version of BIND are u using...?
Regards

Abdulrehman

JazzyB
Lance Naik
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

Bind Version is: "BIND 9.2.1"

Postby JazzyB » Tue Jan 20, 2009 5:06 pm

Dear Abdul rehman

I am using redhat 9 and this is file exist in /etc.named.conf. Well this OS is installed and in use for more than 2 years i don't know much more about that for where that person installed bind.

Bind Version is: "BIND 9.2.1"

I can reinstall that in production machine and can implement it in real scenerio.

mejam
Havaldaar
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
Location: Lahore
Contact:

Postby mejam » Tue Jan 20, 2009 5:23 pm

i have edited ur named.conf...create a back-up of ur current file and then replace it with my conf file and clear all previous logs...then start named...and then try to resolve ur local nameserver

============================================
// generated by named-bootconf.pl

options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;

allow-recursion {YOUR Network IP/subnet;};
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

include "/etc/rndc.key";

=============================================
Regards

Abdulrehman

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Tue Jan 20, 2009 9:19 pm

under normal circumstances, there is no way you'd hit that 1,000 limit.

I am using redhat 9
do you want people to break into your server?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?

mejam
Havaldaar
Posts: 127
Joined: Sat Oct 18, 2008 12:30 pm
Location: Lahore
Contact:

Postby mejam » Tue Jan 20, 2009 9:31 pm

u r rite lambda
Regards

Abdulrehman

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Fri Jan 23, 2009 2:14 am

why you still living in ancient ages. use something new!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Postby LinuxFreaK » Fri Jan 23, 2009 1:26 pm

Dear x2oxen,
Salam,

x2oxen wrote:why you still living in ancient ages. use something new!


You should give him some examples.

Best Regards.
Farrukh Ahmed


Return to “Administration”

Who is online

Users browsing this forum: No registered users and 1 guest