minor tangent: source of queries

Ian Watts ian at radix.net
Sat Apr 7 22:28:59 UTC 2001 

I'll look into their setup of NES, as long as they are willing to humor
me.  The part I found curious was that the webserver would send a query
for the same address over and over again approximately every milisecond,
sending a total of 45 identical queries in a span of 40 ms.

I'm at home right now and can't provide a log snippet, but I would have
thought that it would just send one query for a given address and wait for
a response.  Maybe it's querying for the one address for each element of a
page that gets loaded.  I think I'll do a little testing and see what I
can turn up.


-- Ian


On Fri, 6 Apr 2001, Kevin Darcy wrote:

> 
> NES has the ability to cache DNS entries (up to 32,768 entries), as well as
> to multi-thread lookups. I have no idea why your web admins would turn on
> DNS resolution (which is off by default) and *not* turn on local caching in
> the webserver. The on-line documentation makes it very clear that this will
> hurt the webserver's performance. In fact, having the "DNS" option turned on
> in NES is of limited usefulness anyway -- it's only used for putting
> hostnames instead of IP addresses into the logfiles, and for restricting
> access by hostname (but that's not very secure of course).
> 
> Or, maybe it's a very busy webserver and exceeded its cache size? If that's
> so, then they should probably be running a local caching nameserver on the
> box (and *not* nscd!).
> 
> 
> - Kevin
> 
> Ian Watts wrote:
> 
> > While inspecting the traffic on my busiest nameserver, I discovered that
> > one busy webserver in the same facility was regularly hitting the
> > nameserver with up to 45 identical queries in a span of 40 ms.  This box
> > accounts for about 25-55% of all queries to the nameserver.
> >
> > So my question is whether or not people may have already identified likely
> > software problems/issues that could account for this.  In my case, it's a
> > web server running (gasp!) Netscape Enterprise Server 3.62. I don't
> > control that box and I can't access it, but I'd like to be able to tell
> > the people who DO control it how they can significantly reduce nameserver
> > activity as well as network traffic in general.
> >
> > These query blasts are always for PTR records.  The web server is an E250
> > running some version of Solaris.  The nameserver averages about 200-450
> > queries per second.
> >
> > Anyone have any suggestions?  Is this perfectly normal?
> >
> > TIA,
> >
> > -- Ian Watts
> 
> 
> 
>

More information about the bind-users mailing list