Lot of traffic after installing bind 8.4.3 on sparc

Mark_Andrews at isc.org Mark_Andrews at isc.org
Thu Dec 4 05:17:19 UTC 2003


> Mark.Andrews at isc.org probably said:
> > 	Definitely without -4.
> 
> I can't leave these servers running without -4 for very long - they
> can start dropping queries and since they serve our main machine room
> this is, uh, suboptimal.
> 
> I restarted named without, queried for NS2.BARGINHOSTS.CO.UK, waited
> for the CPU usage to start climbing. In the time I could watch it, it
> never got to the levels it was at before (90+% CPU) but was still 2-3x
> it's normal level (21% CPU. Normal is about 7%).
> 
> I got;
> 
> $ORIGIN BARGINHOSTS.CO.UK.
> ;NS2	10796	IN	SOA	ns1.nic.UK. hostmaster.nominet.org.UK. (
> ;		2003120301 7200 300 2419200 172800 );CO.UK.;NXDOMAIN	;-$
> 	;Cr=auth [195.66.240.130]

	Ok it has learnt that the name does not exist.
 
> I noted, however, that I'm not getting the SERVFAIL I was seeing while
> snooping.
> 
> This time I still saw a lot of AAAA requests for remote nameservers,
> often still the same set of names (but many different sets). One short
> sequence as an example;
> 
>  81.354245 ns2.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
>  81.354367 happy.net.tufts.edu -> l.gtld-servers.net DNS Standard query AAAA 
> dns2.eeeer.com
>  81.355002 happy.net.tufts.edu -> ns2.clearbrick.net DNS Standard query AAAA 
> ns2.clearbrick.net
>  81.355152 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA 
> ns1.clearbrick.net
>  81.356048 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
>  81.356676 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA 
> ns1.clearbrick.net
>  81.357316 happy.net.tufts.edu -> l.gtld-servers.net DNS Standard query AAAA 
> ns2.clearbrick.net
>  81.394701 ns2.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
>  81.395063 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
>  81.395941 happy.net.tufts.edu -> ns1.clearbrick.net DNS Standard query AAAA 
> ns2.clearbrick.net
>  81.396182 ns1.clearbrick.net -> happy.net.tufts.edu DNS Standard query respo
> nse
>  81.396991 happy.net.tufts.edu -> a.gtld-servers.net DNS Standard query AAAA 
> ns1.clearbrick.net
>  81.397565 happy.net.tufts.edu -> ns2.clearbrick.net DNS Standard query AAAA 
> ns1.clearbrick.net
> 
> The cache had the following for that domain;
> 
> $ORIGIN NET.
> clearbrick	171899	IN	NS	ns1.clearbrick.net.	;Cr=addtnl LAME
> =600 [192.48.79.30]
> 	171899	IN	NS	ns2.clearbrick.net.	;Cr=addtnl LAME=600 [19
> 2.48.79.30]
> 
> $ORIGIN clearbrick.NET.
> ns2	171899	IN	A	64.253.207.6	;NT=63 Cr=answer [192.48.79.30]
> ns1	171899	IN	A	64.253.207.5	;NT=91 Cr=answer [192.48.79.30]
> 
> $ORIGIN 207.253.64.IN-ADDR.ARPA.
> 6	2952	IN	CNAME	6.0/24.207.253.64.in-addr.arpa.	;Cr=auth [209.1
> .222.244]
> 0/24	2708	IN	NS	ns2.clearbrick.net.	;Cr=auth [64.253.207.5]
> 	2708	IN	NS	ns1.clearbrick.net.	;Cr=auth [64.253.207.5]
> 228	2708	IN	CNAME	228.0/24.207.253.64.in-addr.arpa.	;Cr=aut
> h [209.1.222.245]
> 5	2954	IN	CNAME	5.0/24.207.253.64.in-addr.arpa.	;Cr=auth [209.1
> .222.244]
> 227	2708	IN	CNAME	227.0/24.207.253.64.in-addr.arpa.	;Cr=aut
> h [209.1.222.244]
> 229	2699	IN	CNAME	229.0/24.207.253.64.in-addr.arpa.	;Cr=aut
> h [209.1.222.247]
> 
> > 	It may also be interesting to see the results with.
> 
> I got;
> 
> $ORIGIN BARGINHOSTS.CO.uk.
> ;NS2	10768	IN	SOA	ns1.nic.UK. hostmaster.nominet.org.UK. (
> ;		2003120301 7200 300 2419200 172800 );CO.UK.;NXDOMAIN	;-$
> 	;Cr=auth [213.246.167.131]
> 
> > 	I presume you are not forwarding queries.
> 
> These caches forward queries for a few particular zones with 'type
> forward;' declarations, I'm not seeing an issues with those zones.
> 
> 
> It's looking to me that if IPV6 is enabled on this platform the AAAA
> lookups for nameservers keep happening nomatter what the response from
> a remote server.
> 
> Thanks,
> P.
> 
> -- 
> pir

	Well the servers for clearbrick.net are lame.  The A queries
	are being answered by the net servers.  Turn on -4 and I'll
	think about what changes are needed.

	Mark

; <<>> DiG 8.3 <<>> ns2.clearbrick.net +vc @64.253.207.6 
; (1 server found)
;; res options: init usevc recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49286
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;	ns2.clearbrick.net, type = A, class = IN

;; Total query time: 532 msec
;; FROM: drugs.dv.isc.org to SERVER: 64.253.207.6
;; WHEN: Thu Dec  4 16:06:21 2003
;; MSG SIZE  sent: 36  rcvd: 36


; <<>> DiG 8.3 <<>> ns2.clearbrick.net @64.253.207.5 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41348
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;	ns2.clearbrick.net, type = A, class = IN

;; Total query time: 279 msec
;; FROM: drugs.dv.isc.org to SERVER: 64.253.207.5
;; WHEN: Thu Dec  4 16:07:19 2003
;; MSG SIZE  sent: 36  rcvd: 36

--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list