DNS timeouts seems to not be forwarding
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Sun Feb 9 10:38:34 UTC 2003
Gary <gsebel at hotmail.com> wrote:
>> Sounds like an OS problem.
> solaris 8. it is only server running older version of bind so was
> looking into bind. any suggestions at things to look at that i may
> have missed.
>> Running 2 named might not be the most "safe" solution, neither does running
>> an outdated named. I'll suggest you install the internal server on a new machine
>> located inside.
> why not safe,
Anything more compliacted then nessecary is asking for unwanted effects. In your
case an (probably) OS-related quirk is a total showstopper.
Had you split these functions on one external auth-only nameserver,
one internal "caching" and a third firewall, chances are that only
parts of your dns is affected bu any single problem. You put all your
eggs in one basket.
standard setup of split dns with internal interface for
> one named and external interface for other. would love to upgrade to
> new version as i am running 9.2.1 on all other servers and they dont
> have any issues. i should get ok to upgrade this server within the
> month but figured i'd try to figure out why and what is happening.
> My only thought is a DOS attack on the server is happening from an
> inside machine. however i have not identified via any of my logging
> anything yet. But you are right i need to get rid of the version which
> could be the problem and is only differnce b/w this problem server and
> other servers.
you might look after you other servers too, if they use a simular approach.
( moving to bind-9 will at least give the opportunity to run a single nameserver
useing views to present different service-levels )
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list