Lot of traffic after installing bind 8.4.3 on sparc
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Thu Dec 4 05:17:19 UTC 2003
> Mark.Andrews at isc.org probably said:
> > Definitely without -4.
>
> I can't leave these servers running without -4 for very long - they
> can start dropping queries and since they serve our main machine room
> this is, uh, suboptimal.
>
> I restarted named without, queried for NS2.BARGINHOSTS.CO.UK, waited
> for the CPU usage to start climbing. In the time I could watch it, it
> never got to the levels it was at before (90+% CPU) but was still 2-3x
> it's normal level (21% CPU. Normal is about 7%).
>
> I got;
>
> $ORIGIN BARGINHOSTS.CO.UK.
> ;NS2 10796 IN SOA ns1.nic.UK. hostmaster.nominet.org.UK. (
> ; 2003120301 7200 300 2419200 172800 );CO.UK.;NXDOMAIN ;-$
> ;Cr=auth [195.66.240.130]
Ok it has learnt that the name does not exist.
> I noted, however, that I'm not getting the SERVFAIL I was seeing while
> snooping.
>
> This time I still saw a lot of AAAA requests for remote nameservers,
> often still the same set of names (but many different sets). One short
> sequence as an example;
>
> 81.354245 ns2.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
> 81.354367 happy.net.tufts.edu -> l.gtld-servers.net DNS Standard query AAAA
> dns2.eeeer.com
> 81.355002 happy.net.tufts.edu -> ns2.clearbrick.net DNS Standard query AAAA
> ns2.clearbrick.net
> 81.355152 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA
> ns1.clearbrick.net
> 81.356048 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
> 81.356676 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA
> ns1.clearbrick.net
> 81.357316 happy.net.tufts.edu -> l.gtld-servers.net DNS Standard query AAAA
> ns2.clearbrick.net
> 81.394701 ns2.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
> 81.395063 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
> 81.395941 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA
> ns2.clearbrick.net
> 81.396182 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
> 81.396991 happy.net.tufts.edu -> a.gtld-servers.net DNS Standard query AAAA
> ns1.clearbrick.net
> 81.397565 happy.net.tufts.edu -> ns2.clearbrick.net DNS Standard query AAAA
> ns1.clearbrick.net
>
> The cache had the following for that domain;
>
> $ORIGIN NET.
> clearbrick 171899 IN NS ns1.clearbrick.net. ;Cr=addtnl LAME
> =600 [192.48.79.30]
> 171899 IN NS ns2.clearbrick.net. ;Cr=addtnl LAME=600 [19
> 2.48.79.30]
>
> $ORIGIN clearbrick.NET.
> ns2 171899 IN A 64.253.207.6 ;NT=63 Cr=answer [192.48.79.30]
> ns1 171899 IN A 64.253.207.5 ;NT=91 Cr=answer [192.48.79.30]
>
> $ORIGIN 207.253.64.IN-ADDR.ARPA.
> 6 2952 IN CNAME 6.0/24.207.253.64.in-addr.arpa. ;Cr=auth [209.1
> .222.244]
> 0/24 2708 IN NS ns2.clearbrick.net. ;Cr=auth [64.253.207.5]
> 2708 IN NS ns1.clearbrick.net. ;Cr=auth [64.253.207.5]
> 228 2708 IN CNAME 228.0/24.207.253.64.in-addr.arpa. ;Cr=aut
> h [209.1.222.245]
> 5 2954 IN CNAME 5.0/24.207.253.64.in-addr.arpa. ;Cr=auth [209.1
> .222.244]
> 227 2708 IN CNAME 227.0/24.207.253.64.in-addr.arpa. ;Cr=aut
> h [209.1.222.244]
> 229 2699 IN CNAME 229.0/24.207.253.64.in-addr.arpa. ;Cr=aut
> h [209.1.222.247]
>
> > It may also be interesting to see the results with.
>
> I got;
>
> $ORIGIN BARGINHOSTS.CO.uk.
> ;NS2 10768 IN SOA ns1.nic.UK. hostmaster.nominet.org.UK. (
> ; 2003120301 7200 300 2419200 172800 );CO.UK.;NXDOMAIN ;-$
> ;Cr=auth [213.246.167.131]
>
> > I presume you are not forwarding queries.
>
> These caches forward queries for a few particular zones with 'type
> forward;' declarations, I'm not seeing an issues with those zones.
>
>
> It's looking to me that if IPV6 is enabled on this platform the AAAA
> lookups for nameservers keep happening nomatter what the response from
> a remote server.
>
> Thanks,
> P.
>
> --
> pir
Well the servers for clearbrick.net are lame. The A queries
are being answered by the net servers. Turn on -4 and I'll
think about what changes are needed.
Mark
; <<>> DiG 8.3 <<>> ns2.clearbrick.net +vc @64.253.207.6
; (1 server found)
;; res options: init usevc recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49286
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; ns2.clearbrick.net, type = A, class = IN
;; Total query time: 532 msec
;; FROM: drugs.dv.isc.org to SERVER: 64.253.207.6
;; WHEN: Thu Dec 4 16:06:21 2003
;; MSG SIZE sent: 36 rcvd: 36
; <<>> DiG 8.3 <<>> ns2.clearbrick.net @64.253.207.5
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41348
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; ns2.clearbrick.net, type = A, class = IN
;; Total query time: 279 msec
;; FROM: drugs.dv.isc.org to SERVER: 64.253.207.5
;; WHEN: Thu Dec 4 16:07:19 2003
;; MSG SIZE sent: 36 rcvd: 36
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list