UNIX System Administration Handbook - Evi Nemeth [252]
transfer-format one-answer | many-answers; [see text]
This option affects the way that DNS data records (described starting on page 436) are replicated from master servers to their slaves. The actual transmission of data records used to take place one record at a time, which is a recipe for sloth and inefficiency. An option to combine many records into one packet (many-answers) was added in BIND 8.1; it is the default in BIND 9. Use this option only if all the servers with which you share zone data are running at least 8.1, since BIND 4 servers do not understand it. If you have a mixed environment, you can specify a transfer format in individual server statements to override the global option. Your mix of servers will dictate whether you choose many-answers globally and override it for specific servers, or vice versa.
transfers-in number; [10]
transfers-out number; [10 (V9 only)]
transfers-per-ns number; [2]
transfer-source IP-address; [system-dependent]
serial-queries number; [4 (V8 only)]
A large site—one that serves a very large zone (such as com, which currently is over two gigabytes), or one that serves thousands of zones—may need to tune some of these zone transfer options.
The transfers-in and transfers-out options limit the number of inbound or outbound zone transfers that can happen concurrently. The transfers-per-ns option sets the maximum number of inbound zone transfers that can be running concurrently from the same remote server. Large sites may need to increase transfers-in or transfers-out; be careful that you don’t run out of file descriptors for the named process. transfers-per-ns should probably not be changed; it controls how many resources the master server is willing to devote to us. It should only be increased if all remote master servers are willing to handle more than two simultaneous zone transfers. Changing it on a per-server basis with the transfers clause of the server statement is a better way to fine-tune the convergence of slave zones.
The transfer-source option lets you specify the IP address of the interface you want to use for incoming transfers. It must match the address specified in the master’s allow-transfer statement.
In BIND 8 you can limit the number of simultaneous inquiries for the serial number of a zone with the serial-queries option. Each such inquiry keeps state on the local server; if thousands of queries are being received, this limit can help the server maintain its sanity. The default value is four, which is way too low for a big site; raise it to several hundred or even a thousand. In BIND 9 this parameter is currently ignored; it will be replaced by a query rate in the future.
As with any parameter that you change drastically, you should watch things carefully after changing one of these throttle values to be sure the machine is not thrashing. The log files are your friends.
files number; [unlimited]
The files option sets the maximum number of files the server is allowed to have open concurrently. The default value, unlimited, is not possible on some operating systems; in such cases, you can use the files directive to inform named of the operating system limit. If you don’t specify files explicitly and the operating system does not allow an unlimited number of open files, named uses the sysconf library routine to determine the limit and the setrlimit system call to try to increase it.
listen-on port ip_port address_match_list; [53 all]
query-source address ip_addr port ip_port; [random]
The listen-on option specifies the network interfaces and ports on which named listens for queries. The query-source option specifies the interface and port that named uses to query other name servers. The values of these options default to the standard named behavior: listening on port 53 on all interfaces and using a random, high-numbered UDP port and any interface for queries.
The listen-on option lets you run multiple name