Lot of traffic after installing bind 8.4.3 on sparc

Peter Radcliffe pir at pir.net
Thu Dec 4 04:28:03 UTC 2003


Mark.Andrews at isc.org probably said:
> 	Definitely without -4.

I can't leave these servers running without -4 for very long - they
can start dropping queries and since they serve our main machine room
this is, uh, suboptimal.

I restarted named without, queried for NS2.BARGINHOSTS.CO.UK, waited
for the CPU usage to start climbing. In the time I could watch it, it
never got to the levels it was at before (90+% CPU) but was still 2-3x
it's normal level (21% CPU. Normal is about 7%).

I got;

$ORIGIN BARGINHOSTS.CO.UK.
;NS2	10796	IN	SOA	ns1.nic.UK. hostmaster.nominet.org.UK. (
;		2003120301 7200 300 2419200 172800 );CO.UK.;NXDOMAIN	;-$	;Cr=auth [195.66.240.130]

I noted, however, that I'm not getting the SERVFAIL I was seeing while
snooping.

This time I still saw a lot of AAAA requests for remote nameservers,
often still the same set of names (but many different sets). One short
sequence as an example;

 81.354245 ns2.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
 81.354367 happy.net.tufts.edu -> l.gtld-servers.net DNS Standard query AAAA dns2.eeeer.com
 81.355002 happy.net.tufts.edu -> ns2.clearbrick.net DNS Standard query AAAA ns2.clearbrick.net
 81.355152 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA ns1.clearbrick.net
 81.356048 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
 81.356676 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA ns1.clearbrick.net
 81.357316 happy.net.tufts.edu -> l.gtld-servers.net DNS Standard query AAAA ns2.clearbrick.net
 81.394701 ns2.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
 81.395063 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
 81.395941 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA ns2.clearbrick.net
 81.396182 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query response
 81.396991 happy.net.tufts.edu -> a.gtld-servers.net DNS Standard query AAAA ns1.clearbrick.net
 81.397565 happy.net.tufts.edu -> ns2.clearbrick.net DNS Standard query AAAA ns1.clearbrick.net

The cache had the following for that domain;

$ORIGIN NET.
clearbrick	171899	IN	NS	ns1.clearbrick.net.	;Cr=addtnl LAME=600 [192.48.79.30]
	171899	IN	NS	ns2.clearbrick.net.	;Cr=addtnl LAME=600 [192.48.79.30]

$ORIGIN clearbrick.NET.
ns2	171899	IN	A	64.253.207.6	;NT=63 Cr=answer [192.48.79.30]
ns1	171899	IN	A	64.253.207.5	;NT=91 Cr=answer [192.48.79.30]

$ORIGIN 207.253.64.IN-ADDR.ARPA.
6	2952	IN	CNAME	6.0/24.207.253.64.in-addr.arpa.	;Cr=auth [209.1.222.244]
0/24	2708	IN	NS	ns2.clearbrick.net.	;Cr=auth [64.253.207.5]
	2708	IN	NS	ns1.clearbrick.net.	;Cr=auth [64.253.207.5]
228	2708	IN	CNAME	228.0/24.207.253.64.in-addr.arpa.	;Cr=auth [209.1.222.245]
5	2954	IN	CNAME	5.0/24.207.253.64.in-addr.arpa.	;Cr=auth [209.1.222.244]
227	2708	IN	CNAME	227.0/24.207.253.64.in-addr.arpa.	;Cr=auth [209.1.222.244]
229	2699	IN	CNAME	229.0/24.207.253.64.in-addr.arpa.	;Cr=auth [209.1.222.247]

> 	It may also be interesting to see the results with.

I got;

$ORIGIN BARGINHOSTS.CO.uk.
;NS2	10768	IN	SOA	ns1.nic.UK. hostmaster.nominet.org.UK. (
;		2003120301 7200 300 2419200 172800 );CO.UK.;NXDOMAIN	;-$	;Cr=auth [213.246.167.131]

> 	I presume you are not forwarding queries.

These caches forward queries for a few particular zones with 'type
forward;' declarations, I'm not seeing an issues with those zones.


It's looking to me that if IPV6 is enabled on this platform the AAAA
lookups for nameservers keep happening nomatter what the response from
a remote server.

Thanks,
P.

-- 
pir



More information about the bind-users mailing list