Bind + pf
ytzhak at bsdmail.com
Thu Mar 31 13:52:24 UTC 2005
We have a primary and a secondary nameservers.
The primary is on a windows 2003 (not because me), the secondary is a BIND =
9.3 on a FreeBSD 5.3 STABLE.
The primary nameserver does'nt work very well (windows...) and somtimes has=
a huge response time to queries (about 3 or 4 seconds).
The secondary nameserver has a good time to queries (to outside as well) bu=
t sometimes, without apparently reason, stops. Also I notice, after tcpdump=
ing, that primary nameserver sends a lot of UDP packets which causes a high=
CPU usage by the bind process (about 50, 70%).
The packets are DNS queries, but the traffic is *very* high. As if the prim=
ary nameserver does'nt reponses any query.
The firewall(pf, on a OpenBSD) permits all traffic from the any port from t=
he nameservers to port 53 to any host in the outside. Also permit from any =
port in the outside to port 53 to nameservers. There is only this 2 rules a=
bout nameserver and the outside world. I think that is enough.
The secondary nameserver was placed in other link with a valid IP address o=
nly being a resolver and runs fine.
1 - does windows dns a interaction problem with bind ?
2 - do i forgot some addictional rule about the name servers in pf.conf ?
3 - is this very traffic bettwen primary and secondary nameserver normal ?
thanks in advance
Get your free email from http://mymail.bsdmail.com
Powered by Outblaze
More information about the bind-users