dns make the network slow
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Feb 20 21:40:01 UTC 2002
>
> gliu wrote:
> >
> > so I think it tries to resolve the name from the ip
>
> I think so to, so add the reverse entries to your DNS, it is
> easier than trying to defang Openssh, qmail, ftpd, etc
>
> You'll need a 168.192.in-addr.arpa zone by the looks of it.
>
> Most apps just do the reverse lookup, so if you don't know some
> entries just write a script to create dummy entries for all your
> network addresses, and then over write the one's you do know.
>
You don't need to populate the zone with fake entries.
A NXDOMAIN response is enough speed thing up.
What is happening is that the servers for 168.192.in-addr.arpa
(and the other RFC 1918 zones) are grossly overloaded (~23k
queries / sec) and you arn't getting a answer back. The client
eventually times out. The servers above perform a sacrificial
roll by drawing the query load away from the in-addr.arpa
servers.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list