request storms from Windows?

Ian Watts ian at radix.net
Thu Aug 30 03:09:08 UTC 2001


On the off chance that someone has observed this...

I have seen the load on a particular nameserver of mine spike every once
in a while, i.e. 'named' goes from ~2% CPU usage to 10-50% usage.  When I
catch this in the act and turn on query logging I find that an in-house
Windows server, an Active Directory server I think, is hitting the
nameserver with up to 1200 *IDENTICAL* queries per second, this in
addition to the nameserver's normal load.  This behaviour causes
legitimate queries to time out and is otherwise just a Bad Thing.  How is
this possible?

I've tried searching via Google for clues, but don't really know what to
look for and haven't uncovered any obvious answers.  I've asked the
administrators of the offending boxen to check their logs, provide input,
etc., but I'm not holding my breath.  Where do I look for remedies?  I'm
about ready to deny these boxes access to my nameservers, but would like
to avoid an inter-departmental turf war.

Any suggestions would be appreciated.

My servers: 	BIND 8.2.4, Solaris 8
Theirs: 	Windows 2000 Active Directory (I think)


-- Ian



More information about the bind-users mailing list