Follow-up: request storms from Windows
Barry Finkel
b19141 at achilles.ctd.anl.gov
Fri Nov 16 17:51:03 UTC 2001
Ian Watts <ian at radix.net> wrote:
>A while ago I mentioned that I was occasionally seeing large numbers of
>identical queries coming from local Win2K Active Directory servers. Just
>yesterday one of them was generating 2,500 identical queries per second.
>
>There appears to be a pattern: whenever this happens, it is a request for
>a name that is a CNAME for one of the nameservers for that zone. Possible
>AD bug? Other?
>
>I have not duplicated this behaviour myself, but 3 out of 3 rather
>particular records is a pattern in my book.
>
>Examples:
>ns1.poweruser.com
>artemis.acs.bethel.edu
>wks01.clickcom.com
>
>Although there must be a newsgroup for Active Directory issues, this may
>in fact be something completely different and it impacts us BIND users
>negatively. Anyone have any input on this problem?
What is your DNS configuration? I am assuming that an W2k AD machine
was sending multiple DNS lookup requests to your BIND server. You
say that the names being queried are CNAMEs for nameservers. I wonder
if there are DNS zones that have these CNAMEs in NS records. I know
that NS records cannot point to CNAMEs, but if this were to occur and
W2k were attempting to contact the real nameserver, would it get into
a loop? I would suggest contacting Microsoft support. I do not have
enough information to attempt to reproduce the problem here.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-9689
Building 221, Room B236 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4844 IBMMAIL: I1004994
More information about the bind-users
mailing list