Lot of traffic after installing bind 8.4.3 on sparc

Peter Radcliffe pir at pir.net
Thu Dec 4 02:50:07 UTC 2003


Mark_Andrews at isc.org probably said:
> 	So if you tell us what you were actually running we may be able
> 	to tell you if the changes in behaviour are expected or not.

I migrated from 8.4.1 to 8.4.3 this week on 6 of my caching only
nameservers, all Solaris 8 sparc.

After the upgrade they all started showing higher than normal CPU
usage and network usage (the busier caches were maxing out on CPU and
starting to drop requests). The maximum network traffic for one of the
busier caches is normally around 300-400kbit/sec, last night one hit
over 1Mbit/sec. These machines are not specced to handle this traffic.

> 	If you don't want named to use IPv6 for lookups then specify
> 	'-4' on the command line.

Turning off IPV6 with this command line option (we're only IPV4 here)
seems to have dropped them all back to normal CPU and network usage.

snooping the traffic without the -4 option given shows huge amounts of
apparently legitimate UDP DNS traffic, but all the same set of
queries, sourced by the cache. Most of them are AAAA queries for
NS2.BARGINHOSTS.CO.UK, sometimes 20 or 30 queries in a row (and
thousands in a period of a few seconds) and then later a set of
server failure responses. This would explain the CPU usage and network
traffic.

P.

-- 
pir



More information about the bind-users mailing list