Lot of traffic after installing bind 8.4.3 on sparc
Peter Radcliffe
pir at pir.net
Thu Dec 4 04:28:03 UTC 2003
Mark.Andrews at isc.org probably said:
> Definitely without -4.
I can't leave these servers running without -4 for very long - they
can start dropping queries and since they serve our main machine room
this is, uh, suboptimal.
I restarted named without, queried for NS2.BARGINHOSTS.CO.UK, waited
for the CPU usage to start climbing. In the time I could watch it, it
never got to the levels it was at before (90+% CPU) but was still 2-3x
it's normal level (21% CPU. Normal is about 7%).
I got;
$ORIGIN BARGINHOSTS.CO.UK.
;NS2 10796 IN SOA ns1.nic.UK. hostmaster.nominet.org.UK. (
; 2003120301 7200 300 2419200 172800 );CO.UK.;NXDOMAIN ;-$ ;Cr=auth [195.66.240.130]
I noted, however, that I'm not getting the SERVFAIL I was seeing while
snooping.
This time I still saw a lot of AAAA requests for remote nameservers,
often still the same set of names (but many different sets). One short
sequence as an example;
81.354245 ns2.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
81.354367 happy.net.tufts.edu -> l.gtld-servers.net DNS Standard query AAAA dns2.eeeer.com
81.355002 happy.net.tufts.edu -> ns2.clearbrick.net DNS Standard query AAAA ns2.clearbrick.net
81.355152 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA ns1.clearbrick.net
81.356048 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
81.356676 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA ns1.clearbrick.net
81.357316 happy.net.tufts.edu -> l.gtld-servers.net DNS Standard query AAAA ns2.clearbrick.net
81.394701 ns2.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
81.395063 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
81.395941 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA ns2.clearbrick.net
81.396182 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
81.396991 happy.net.tufts.edu -> a.gtld-servers.net DNS Standard query AAAA ns1.clearbrick.net
81.397565 happy.net.tufts.edu -> ns2.clearbrick.net DNS Standard query AAAA ns1.clearbrick.net
The cache had the following for that domain;
$ORIGIN NET.
clearbrick 171899 IN NS ns1.clearbrick.net. ;Cr=addtnl LAME=600 [192.48.79.30]
171899 IN NS ns2.clearbrick.net. ;Cr=addtnl LAME=600 [192.48.79.30]
$ORIGIN clearbrick.NET.
ns2 171899 IN A 64.253.207.6 ;NT=63 Cr=answer [192.48.79.30]
ns1 171899 IN A 64.253.207.5 ;NT=91 Cr=answer [192.48.79.30]
$ORIGIN 207.253.64.IN-ADDR.ARPA.
6 2952 IN CNAME 6.0/24.207.253.64.in-addr.arpa. ;Cr=auth [209.1.222.244]
0/24 2708 IN NS ns2.clearbrick.net. ;Cr=auth [64.253.207.5]
2708 IN NS ns1.clearbrick.net. ;Cr=auth [64.253.207.5]
228 2708 IN CNAME 228.0/24.207.253.64.in-addr.arpa. ;Cr=auth [209.1.222.245]
5 2954 IN CNAME 5.0/24.207.253.64.in-addr.arpa. ;Cr=auth [209.1.222.244]
227 2708 IN CNAME 227.0/24.207.253.64.in-addr.arpa. ;Cr=auth [209.1.222.244]
229 2699 IN CNAME 229.0/24.207.253.64.in-addr.arpa. ;Cr=auth [209.1.222.247]
> It may also be interesting to see the results with.
I got;
$ORIGIN BARGINHOSTS.CO.uk.
;NS2 10768 IN SOA ns1.nic.UK. hostmaster.nominet.org.UK. (
; 2003120301 7200 300 2419200 172800 );CO.UK.;NXDOMAIN ;-$ ;Cr=auth [213.246.167.131]
> I presume you are not forwarding queries.
These caches forward queries for a few particular zones with 'type
forward;' declarations, I'm not seeing an issues with those zones.
It's looking to me that if IPV6 is enabled on this platform the AAAA
lookups for nameservers keep happening nomatter what the response from
a remote server.
Thanks,
P.
--
pir
More information about the bind-users
mailing list